/// <summary>
/// Checks authorization for the given operation context based on default policy evaluation.
/// </summary>
/// <param name="operationContext">The <see cref="T:System.ServiceModel.OperationContext"/> for the current authorization request.</param>
/// <returns>
/// true if access is granted; otherwise, false. The default is true.
/// </returns>
protected override bool CheckAccessCore( OperationContext operationContext )
{
string key = string.Empty;
// Always allow the Help interface
var properties = operationContext.RequestContext.RequestMessage.Properties;
if ( properties["HttpOperationName"].ToString() == "HelpPageInvoke" )
return true;
// If the user is currently logged in
var currentUser = System.Web.Security.Membership.GetUser();
if ( currentUser != null )
return true;
// Get the matched uriTemplate
UriTemplateMatch template = properties["UriTemplateMatchResults"] as UriTemplateMatch;
if (template != null && !string.IsNullOrEmpty(template.BoundVariables["apiKey"]))
{
// Get the apiKey value from the uriTemplate
key = template.BoundVariables["apiKey"];
// Read the user
Rock.Services.Cms.UserService userService = new Rock.Services.Cms.UserService();
Rock.Models.Cms.User user = userService.Queryable().
Where( u => u.ApiKey == key && u.IsApproved == true && u.IsLockedOut == false ).
FirstOrDefault();
// Verify that the key is valid
if ( user != null )
return true;
}
return false;
}
/// <summary>
/// Checks authorization for the given operation context based on default policy evaluation.
/// </summary>
/// <param name="operationContext">The <see cref="T:System.ServiceModel.OperationContext"/> for the current authorization request.</param>
/// <returns>
/// true if access is granted; otherwise, false. The default is true.
/// </returns>
protected override bool CheckAccessCore(OperationContext operationContext)
{
string key = string.Empty;
// Always allow the Help interface
var properties = operationContext.RequestContext.RequestMessage.Properties;
if (properties["HttpOperationName"].ToString() == "HelpPageInvoke")
{
return(true);
}
// If the user is currently logged in
var currentUser = System.Web.Security.Membership.GetUser();
if (currentUser != null)
{
return(true);
}
// Get the matched uriTemplate
UriTemplateMatch template = properties["UriTemplateMatchResults"] as UriTemplateMatch;
if (template != null && !string.IsNullOrEmpty(template.BoundVariables["apiKey"]))
{
// Get the apiKey value from the uriTemplate
key = template.BoundVariables["apiKey"];
// Read the user
Rock.Services.Cms.UserService userService = new Rock.Services.Cms.UserService();
Rock.Models.Cms.User user = userService.Queryable().
Where(u => u.ApiKey == key && u.IsApproved == true && u.IsLockedOut == false).
FirstOrDefault();
// Verify that the key is valid
if (user != null)
{
return(true);
}
}
return(false);
}
