protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.RequestUri.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
{
return(base.SendAsync(request, cancellationToken));
}
return(Task.FromResult(HttpMessages.CreateRespone(request, HttpStatusCode.Forbidden, ResponseType.RequestHttps)));
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
const string tokenName = "X-Token";
IPrincipal principal;
if (request.Headers.Contains(tokenName))
{
var encryptedToken = request.Headers.GetValues(tokenName).First();
try
{
var token = Token.Decrypt(encryptedToken);
var user = IdentityProvider.IsValidUserId(token.UserId);
var requestIpMatchesTokenIp = token.Ip.Equals(HttpContext.Current.Request.UserHostAddress);
if (user == null || !requestIpMatchesTokenIp)
{
var reply = HttpMessages.CreateRespone(request, HttpStatusCode.Unauthorized, ResponseType.TokenClientBad);
return(Task.FromResult(reply));
}
principal = new CustomPrincipal(user.UserName, user.UserId);
}
catch
{
var reply = HttpMessages.CreateRespone(request, HttpStatusCode.Unauthorized, ResponseType.TokenInvalid);
return(Task.FromResult(reply));
}
}
else
{
var reply = HttpMessages.CreateRespone(request, HttpStatusCode.Unauthorized, ResponseType.TokenMissing);
return(Task.FromResult(reply));
}
// Set the current user
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
return(base.SendAsync(request, cancellationToken));
}
