WebApi exposes HttpRequestMessage, not HttpRequestMessageBase.
public class OAuthTokenAuthenticationOperationHandler : OrderedFilterAttribute { public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { actionContext.Request // problem
I'm having a hard time understanding the problem. Is there some API you'd
like to pass your HttpRequestMessage to but the API only takes
HttpRequestMessageBase ? If so, which API is it?
> WebApi exposes HttpRequestMessage, not HttpRequestMessageBase.
> public class OAuthTokenAuthenticationOperationHandler :
> OrderedFilterAttribute
> {
> public override void
> OnActionExecuting(System.Web.Http.Controllers.HttpActionContext
> actionContext)
> {
> actionContext.Request // problem
> }
> }
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/dotnetopenid/-/7pbFsPI1c1AJ.
> To post to this group, send email to dotnetopenid@googlegroups.com<javascript:_e({}, 'cvml', 'dotnetopenid@googlegroups.com');>
> .
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com <javascript:_e({}, 'cvml',
> 'dotnetopenid%2Bunsubscribe@googlegroups.com');>.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
-- --
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
Brad - I've got some code I can share with you tomorrow. I can't remember
exactly what I did but I think I created a HttpRequestMessageBase and set
the values from the HttpRequestMessage.
On Thursday, July 26, 2012, Andrew Arnott wrote:
> I'm having a hard time understanding the problem. Is there some API you'd
> like to pass your HttpRequestMessage to but the API only takes
> HttpRequestMessageBase ? If so, which API is it?
>> WebApi exposes HttpRequestMessage, not HttpRequestMessageBase.
>> public class OAuthTokenAuthenticationOperationHandler :
>> OrderedFilterAttribute
>> {
>> public override void
>> OnActionExecuting(System.Web.Http.Controllers.HttpActionContext
>> actionContext)
>> {
>> actionContext.Request // problem
>> }
>> }
>> --
>> You received this message because you are subscribed to the Google Groups
>> "DotNetOpenAuth" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/dotnetopenid/-/7pbFsPI1c1AJ.
>> To post to this group, send email to dotnetopenid@googlegroups.com.
>> To unsubscribe from this group, send email to
>> dotnetopenid+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/dotnetopenid?hl=en.
> --
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To post to this group, send email to dotnetopenid@googlegroups.com<javascript:_e({}, 'cvml', 'dotnetopenid@googlegroups.com');>
> .
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com <javascript:_e({}, 'cvml',
> 'dotnetopenid%2Bunsubscribe@googlegroups.com');>.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
The problem is that the ResourceServer class, which is used for validating
the request, takes in an HttpRequestMessageBase.
WebApi, through filters (which is where you would put authentication for
requests) exposes only an HttpRequest object, not an HttpRequestMessage or
an HttpRequestMessageBase
I'm talking about code, from the resource server example in oauth2, the
class is the AuthenticationManager class or something like that. It's the
only class with the word manager in it :P
I'll keep an eye out for your post tomorrow ryan, but that sort of sounds
dangerous >_<. I hate relying on manually constructing request classes like
that.
Andrew: The main problem is that the method for validating the request does
not take in an HttpRequest. It only accepts HttpRequestMessageBase and
HttpRequestMessageProperty
On Thu, Jul 26, 2012 at 9:58 PM, Ryan Rousseau <ryan.rouss...@gmail.com>wrote:
> Brad - I've got some code I can share with you tomorrow. I can't remember
> exactly what I did but I think I created a HttpRequestMessageBase and set
> the values from the HttpRequestMessage.
> On Thursday, July 26, 2012, Andrew Arnott wrote:
>> I'm having a hard time understanding the problem. Is there some API
>> you'd like to pass your HttpRequestMessage to but the API only takes
>> HttpRequestMessageBase ? If so, which API is it?
>>> WebApi exposes HttpRequestMessage, not HttpRequestMessageBase.
>>> public class OAuthTokenAuthenticationOperationHandler :
>>> OrderedFilterAttribute
>>> {
>>> public override void
>>> OnActionExecuting(System.Web.Http.Controllers.HttpActionContext
>>> actionContext)
>>> {
>>> actionContext.Request // problem
>>> }
>>> }
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "DotNetOpenAuth" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/dotnetopenid/-/7pbFsPI1c1AJ.
>>> To post to this group, send email to dotnetopenid@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> dotnetopenid+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/dotnetopenid?hl=en.
>> --
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to the
>> death your right to say it." - S. G. Tallentyre
>> --
>> You received this message because you are subscribed to the Google Groups
>> "DotNetOpenAuth" group.
>> To post to this group, send email to dotnetopenid@googlegroups.com.
>> To unsubscribe from this group, send email to
>> dotnetopenid+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/dotnetopenid?hl=en.
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
// TODO FIXME dnoa doesn't support HttpRequestMessage - manually
creating HttpRequestMessageProperty until they do
var request = new HttpRequestMessageProperty();
request.Headers[HttpRequestHeader.Authorization] =
actionContext.Request.Headers.Authorization.ToString();
var requestUri = actionContext.Request.RequestUri;
It's not ideal, but I don't think it's too bad until support for
HttpRequestMessage is added.
On Fri, Jul 27, 2012 at 12:40 AM, Brad Laney <brad.j.la...@gmail.com> wrote:
> The problem is that the ResourceServer class, which is used for validating
> the request, takes in an HttpRequestMessageBase.
> WebApi, through filters (which is where you would put authentication for
> requests) exposes only an HttpRequest object, not an HttpRequestMessage or
> an HttpRequestMessageBase
> I'm talking about code, from the resource server example in oauth2, the
> class is the AuthenticationManager class or something like that. It's the
> only class with the word manager in it :P
> I'll keep an eye out for your post tomorrow ryan, but that sort of sounds
> dangerous >_<. I hate relying on manually constructing request classes like
> that.
> Andrew: The main problem is that the method for validating the request
> does not take in an HttpRequest. It only accepts HttpRequestMessageBase and
> HttpRequestMessageProperty
> On Thu, Jul 26, 2012 at 9:58 PM, Ryan Rousseau <ryan.rouss...@gmail.com>wrote:
>> Brad - I've got some code I can share with you tomorrow. I can't remember
>> exactly what I did but I think I created a HttpRequestMessageBase and set
>> the values from the HttpRequestMessage.
>> On Thursday, July 26, 2012, Andrew Arnott wrote:
>>> I'm having a hard time understanding the problem. Is there some API
>>> you'd like to pass your HttpRequestMessage to but the API only takes
>>> HttpRequestMessageBase ? If so, which API is it?
>>>> WebApi exposes HttpRequestMessage, not HttpRequestMessageBase.
>>>> public class OAuthTokenAuthenticationOperationHandler :
>>>> OrderedFilterAttribute
>>>> {
>>>> public override void
>>>> OnActionExecuting(System.Web.Http.Controllers.HttpActionContext
>>>> actionContext)
>>>> {
>>>> actionContext.Request // problem
>>>> }
>>>> }
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "DotNetOpenAuth" group.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msg/dotnetopenid/-/7pbFsPI1c1AJ.
>>>> To post to this group, send email to dotnetopenid@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> dotnetopenid+unsubscribe@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/dotnetopenid?hl=en.
>>> --
>>> --
>>> Andrew Arnott
>>> "I [may] not agree with what you have to say, but I'll defend to the
>>> death your right to say it." - S. G. Tallentyre
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "DotNetOpenAuth" group.
>>> To post to this group, send email to dotnetopenid@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> dotnetopenid+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/dotnetopenid?hl=en.
>> --
>> You received this message because you are subscribed to the Google Groups
>> "DotNetOpenAuth" group.
>> To post to this group, send email to dotnetopenid@googlegroups.com.
>> To unsubscribe from this group, send email to
>> dotnetopenid+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/dotnetopenid?hl=en.
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
I'm doing something of the same (by the way, I have OAuth2 resource server working seamingly perfectly with web api, I'll share the code when it's a bit less coupled to the tests I'm currently running). I used the sources found https://github.com/DavidChristiansen/DotNetOpenAuth.WebAPI.40 here. He uses an even dirtier trick though. He just wraps HttpContext.Current.Request in a HttpRequestBaseWrapper (or whatever it's called), but it works, and for now get's the job done.
That is VERY confusing. Because the example does not use the authorization header, it uses NAME.
var operationMessage = OperationContext.Current.RequestContext.RequestMessage.Properties[HttpReque stMessageProperty.Name] as HttpRequestMessageProperty;
Is that because WCF changes it to name? I guess I'll try the code and hope that it works in all situations.
It would be real nice to hear that support for more objects in the immediate future!
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
Okay so I put that into use. But I had to change it from a delegating handler because I need to access the scopes from the AuthorizeAttribute on the actions. My scopes are access types. "public", "admin", etc.
I'm not sure where the idea that DNOA doesn't support this is coming from.
It sounds like the only limitations I'm really hearing are in the samples
themselves, which shouldn't be construed as lack of support for other
scenarios in the library itself.
Brad said:
> The problem is that the ResourceServer class, which is used for
> validating the request, takes in an HttpRequestMessageBase.
Actually, ResourceServer has two overloads: one takes HttpRequestBase and
the other takes HttpRequestMessageProperty. Everything is representable as
an HttpRequestBase, so this should cover every scenario.
> WebApi, through filters (which is where you would put authentication for
> requests) exposes only an HttpRequest object, not an HttpRequestMessage or
> an HttpRequestMessageBase
There are several APIs in ASP.NET that deal in HttpRequest types, and this
is *very* easy to turn into an HttpRequestBase instance: just wrap it with
a HttpRequestWrapper, as the constructor for HttpRequestWrapper takes an
HttpRequest. That's the class's express purpose.
> I'm talking about code, from the resource server example in oauth2, the
> class is the AuthenticationManager class or something like that. It's the
> only class with the word manager in it :P
It sounds like you're referring to the sample's OAuthAuthorizationManager
class. And yes, that's written for WCF -- not WebAPI. I'm not yet
familiar with WebAPI so another approach sounds appropriate and could be
considered fully supported. See further below.
Andrew: The main problem is that the method for validating the request does
> not take in an HttpRequest. It only accepts HttpRequestMessageBase and
> HttpRequestMessageProperty
I suspect you meant *HttpRequestBase *and HttpRequestMessageProperty. And
as I said above, HttpRequest is trivially convertable to HttpRequestBase.
Alek said:
> I'm doing something of the same (by the way, I have OAuth2 resource server
> working seamingly perfectly with web api, I'll share the code when it's a
> bit less coupled to the tests I'm currently running). I used the sources
> found https://github.com/DavidChristiansen/DotNetOpenAuth.WebAPI.40 here.
> He uses an even dirtier trick though. He just wraps
> HttpContext.Current.Request in a HttpRequestBaseWrapper (or whatever it's
> called), but it works, and for now get's the job done.
I haven't studied David's sample yet, but as I state above,
HttpRequestWrapper is *not* a dirty trick. It's the official
Microsoft-supplied way of converting HttpRequest into an HttpRequestBase.
I hope this helps.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Sat, Jul 28, 2012 at 2:49 AM, Aleksander Heintz <alxa...@alxandr.me>wrote:
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
I think you've misunderstood something (or I have). The problem is that there is introduced a new Request-class in Web API named System.Net.Http.HttpRequestMessage<http://msdn.microsoft.com/en-us/library/system.net.http.httprequestme...>. It has (next to) nothing in common with the regular HttpRequest. For instance, as far as I can tell, HttpRequestMessage does *not* parse form-data, and almost all of the methods exposed on the object is async only.
Oh, and as a side-node; I do *not* think HttpRequestWrapper is a dirty trick; I think using the ThreadStatic property HttpContext.Current is. Also, using ThreadStatic properties in an async method makes my hair tingle, and not in a good way...
> I think you've misunderstood something (or I have). The problem is that
> there is introduced a new Request-class in Web API named
> System.Net.Http.HttpRequestMessage<http://msdn.microsoft.com/en-us/library/system.net.http.httprequestme...>.
> It has (next to) nothing in common with the regular HttpRequest. For
> instance, as far as I can tell, HttpRequestMessage does *not* parse
> form-data, and almost all of the methods exposed on the object is async
> only.
> Oh, and as a side-node; I do *not* think HttpRequestWrapper is a dirty
> trick; I think using the ThreadStatic property HttpContext.Current is.
> Also, using ThreadStatic properties in an async method makes my hair
> tingle, and not in a good way...
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
Thanks Aleksander, I'll use that class. Still a bit scary though. But yeah, that's what I was failing to mention is the HttpRequestMessage class and all the classes in WebApi are completely unrelated to the normal Web or MVC classes.
Actually.. what version of webapi release are you using? I am using RC1 and most of the properties you have here don't work. Are they extension methods that you have that I am missing?
Yeah, most of them are extension-methods, but I included the using-statements, so that shouldn't be a problem. Also, it should be fairly easy to rewrite this to not use the async/await-keywords. Just replace any await keywords with continuation-statements like shown below:
// with await var something = await this.someMethod(); var somethingElse = await something.someOtherMethod(); return somethingElse.value;
// without await return this.someMethod() .ContinueWith(t => t.Result.someOtherMethod()).Unwrap() // takes a Task<Task<TResult>> and returns a Task<TResult> .ContinueWith(t => t.Result.value);
If it hasn't been done, I'll probably do it myself when I have time, though right now I'm reading for exams that are due in a couple of weeks... Leaves little time for play-stuff like programming for fun, need to focus on the math <.<
> Yeah, most of them are extension-methods, but I included the
> using-statements, so that shouldn't be a problem. Also, it should be fairly
> easy to rewrite this to not use the async/await-keywords. Just replace any
> await keywords with continuation-statements like shown below:
> // with await
> var something = await this.someMethod();
> var somethingElse = await something.someOtherMethod();
> return somethingElse.value;
> // without await
> return this.someMethod()
> .ContinueWith(t => t.Result.someOtherMethod()).Unwrap() // takes a
> Task<Task<TResult>> and returns a Task<TResult>
> .ContinueWith(t => t.Result.value);
> If it hasn't been done, I'll probably do it myself when I have time,
> though right now I'm reading for exams that are due in a couple of weeks...
> Leaves little time for play-stuff like programming for fun, need to focus
> on the math <.<
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
You made sure you hade all the namespaces? Anyways; I'm using a nightly, but I found those extension-methods on SO, from someone using RC, so I was sure they should be there... But I'm also using C# 4.5, and that might be the "problem".
On Tuesday, July 31, 2012, Aleksander Heintz wrote:
> You made sure you hade all the namespaces?
> Anyways; I'm using a nightly, but I found those extension-methods on SO,
> from someone using RC, so I was sure they should be there...
> But I'm also using C# 4.5, and that might be the "problem".
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/dotnetopenid/-/Nzqildq4yzcJ.
> To post to this group, send email to dotnetopenid@googlegroups.com<javascript:_e({}, 'cvml', 'dotnetopenid@googlegroups.com');>
> .
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com <javascript:_e({}, 'cvml',
> 'dotnetopenid%2Bunsubscribe@googlegroups.com');>.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
-- --
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
