/// <summary>
/// Determines whether the current <see cref="System.Security.Principal.IPrincipal"/> is authorized to access the requested resources.
/// </summary>
/// <param name="httpContext">The HTTP context.</param>
/// <returns>Returns true if the current user is authorized to access the request resources.</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = false;
var accessToken = httpContext.Request.Cookies["access_token"]?.Value;
if (!string.IsNullOrEmpty(accessToken) && !string.IsNullOrWhiteSpace(accessToken))
{
try
{
isAuthorized = !JwtUtil.IsExpired(accessToken);
foreach (var policy in policies)
{
// demand the permission
new PolicyPermission(PermissionState.Unrestricted, policy, httpContext.User).Demand();
}
}
catch (Exception e)
{
isAuthorized = false;
Trace.TraceError($"Unable to decode token: {e}");
}
}
return(base.AuthorizeCore(httpContext) && isAuthorized);
}