public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
//
List <String> lstUriAction = request.Headers.To.ToString().Split('/').ToList();
String Action = lstUriAction.Last().ToUpper();
String Module = lstUriAction[lstUriAction.Count() - 2].ToUpper();
if (WebOperationContext.Current.IncomingRequest.Method == "OPTIONS")
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.OK;
return(null);
}
else
{
// Check to see if there is an Authorization in the header, otherwise throw a 401
if (WebOperationContext.Current.IncomingRequest.Headers["Authorization"] == null)
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
else // Decode the header, check password
{
string encodedUnamePwd = "";
if (Module == "USUARIO" && Action == "LOGON")
{
encodedUnamePwd = GetEncodedCredentialsFromHeader();
if (!string.IsNullOrEmpty(encodedUnamePwd))
{
// Decode the credentials
byte[] decodedBytes = null;
try
{
decodedBytes = Convert.FromBase64String(encodedUnamePwd);
}
catch (FormatException)
{
return(false);
}
string credentials = ASCIIEncoding.ASCII.GetString(decodedBytes);
// Validate User and Password
string[] authParts = credentials.Split(':');
Usuario objUsuario = new Usuario();
UsuarioEntity objUsr = Usuario.GetusuarioByUserAndPass(authParts[0], authParts[1]);
if (objUsr == null)
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
}
else
{
encodedUnamePwd = GetTokenFromHeader();
if (!string.IsNullOrEmpty(encodedUnamePwd))
{
List <SessionEntity> objSessionEntity = Session.GetAll();
if (!objSessionEntity.Any(x => x.Token == encodedUnamePwd))
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
else
{
SessionEntity objSession = objSessionEntity.Where(x => x.Token == encodedUnamePwd).FirstOrDefault();
UsuarioEntity objUsr = Usuario.GetOne(objSession.IdUsuario);
if (!(lstInvaliAction.Where(x => (Action.StartsWith(x) || lstInvaliAction.Contains(Action))).Any()))
{
List <SecutityEntity> lstSecutityEntity = Secutity.GetPagedList(1, 99999, Globals.SerializeTool.Serialize <SecutityEntity>(new SecutityEntity()
{
Module = Module
})).ToList();
if (lstSecutityEntity.Any(x => x.Action == Action))
{
SecutityEntity objSecutity = lstSecutityEntity.Where(x => x.Action == Action).FirstOrDefault();
if (objSecutity != null)
{
List <PermisoEntity> lstPermisos = Permiso.GetXml(Globals.SerializeTool.Serialize <PermisoEntity>(new PermisoEntity()
{
IdRol = objUsr.IdRol
})).ToList();
PermisoEntity objPermisos = lstPermisos.Where(x => x.Module.ModulePath.ToUpper() == Module.ToUpper()).ToList().FirstOrDefault();
if (objPermisos != null)
{
switch (objSecutity.Permision)
{
case "S":
{
return(null);
}
case "A":
{
if (objPermisos.OptAdd == true)
{
return(null);
}
else
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
case "D":
{
if (objPermisos.OptDelete == true)
{
return(null);
}
else
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
case "U":
{
if (objPermisos.OptUpdate == true)
{
return(null);
}
else
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
default:
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
}
else
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
}
else
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException <string>("Acceso no autorizado, favor de validar autenticación", HttpStatusCode.Unauthorized);
}
}
}
}
}
}
}
return(null);
}
public SoftvList <PermisoEntity> GetXmlPermiso(String xml)
{
return(Permiso.GetXml(xml));
}
