diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs index c1f03a074c..a4555790dc 100644 --- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs +++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs @@ -59,23 +59,29 @@ namespace Microsoft.AspNet.Security.OAuthBearer return null; } - string authorization = Request.Headers.Get("Authorization"); + // If application retrieved token from somewhere else, use that. + token = messageReceivedNotification.Token; - // If no authorization header found, nothing to process further - if (String.IsNullOrEmpty(authorization)) - { - return null; - } - - if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) - { - token = authorization.Substring("Bearer ".Length).Trim(); - } - - // If no token found, no further work possible if (string.IsNullOrEmpty(token)) { - return null; + string authorization = Request.Headers.Get("Authorization"); + + // If no authorization header found, nothing to process further + if (string.IsNullOrEmpty(authorization)) + { + return null; + } + + if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) + { + token = authorization.Substring("Bearer ".Length).Trim(); + } + + // If no token found, no further work possible + if (string.IsNullOrEmpty(token)) + { + return null; + } } // notify user token was received diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs index 1b1f599881..f583746c3c 100644 --- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs +++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs @@ -12,5 +12,10 @@ namespace Microsoft.AspNet.Security.Notifications } public TMessage ProtocolMessage { get; set; } + + /// + /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location. + /// + public string Token { get; set; } } } \ No newline at end of file diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs index 2139f56306..26f202e08e 100644 --- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs +++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs @@ -137,6 +137,23 @@ namespace Microsoft.AspNet.Security.OAuthBearer return Task.FromResult(null); } + [Fact] + public async Task RetrievingTokenFromAlternateLocation() + { + var server = CreateServer(options => { + options.Notifications.MessageReceived = MessageReceived; + options.Notifications.SecurityTokenReceived = SecurityTokenReceived; + }); + var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token"); + response.Response.StatusCode.ShouldBe(HttpStatusCode.OK); + } + + private static Task MessageReceived(MessageReceivedNotification notification) + { + notification.Token = "CustomToken"; + return Task.FromResult(null); + } + class BlobTokenValidator : ISecurityTokenValidator {