public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext != null)
{
// By pass Authorization when AllowAnonymous Attribute found
if (actionContext.ActionDescriptor.GetCustomAttributes <System.Web.Http.AllowAnonymousAttribute>().Any() || actionContext.ActionDescriptor.GetCustomAttributes <System.Web.Mvc.AllowAnonymousAttribute>().Any())
{
return;
}
if (!AuthorizeRequest(actionContext))
{
// consider writing to action response instead of throwing http exception
// throw new WebApiException(ErrorList.EmptyToken, HttpStatusCode.BadRequest);
var error = new ErrorObject(ErrorList.InvalidToken);
actionContext.Response = actionContext.Response ?? new HttpResponseMessage();
actionContext.Response.StatusCode = HttpStatusCode.BadRequest;
actionContext.Response.Content = error.ToContent();
//SkySiteLogManager.WriteLog(string.Format("Authorization failed: \r\n{0}", error.ToJson()), Severity.Error);
}
}
}
