Beispiel #1
0
        public async override Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
        {
            if (string.IsNullOrEmpty(actionContext.Request.Headers.Authorization?.Scheme) ||
                string.IsNullOrEmpty(actionContext.Request.Headers.Authorization.Parameter) ||
                !actionContext.Request.Headers.Authorization.Scheme.Equals("Bearer") ||
                !await SecurityCache.IsValid(actionContext.Request.Headers.Authorization.Parameter))
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                return;
            }

            SecurityProfile securityProfile = SecurityCache.Get(actionContext.Request.Headers.Authorization.Parameter);

            if (securityProfile == null || !RequiredPermissions.All(permission => securityProfile.Permissions.Contains(permission)))
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
            }

            actionContext.Request.Properties.Add("SecurityProfile", securityProfile);
        }
Beispiel #2
0
        public async Task <ActionResult> Token(string access_token)
        {
            SecurityProfile profile = await SecurityCache.Get(access_token, true);

            return(Json(profile, JsonRequestBehavior.AllowGet));
        }