public override void OnAuthorization(HttpActionContext actionContext)
{
var keyData = GetAuthParamsFromRequest(actionContext.Request);
if (keyData == null)
{
AuthParamsNotFound(actionContext);
return;
}
// Constructing svc as local var. If we make it a class instance var it will be cached in
// this attribute and become a singleton, which means the dbcontext connection and its
// cache will live on too. In real code you might do some service location IOC stuff here.
var apiKeySvc = new ApiKeyService(new ApplicationDbContext());
var apiKey = apiKeySvc.GetById(keyData.ApiKey, keyData.OwnerId);
if (apiKey == null)
{
ApiKeyNotFoundOrNotAuthorized(actionContext);
return;
}
if (apiKey.HasAnyPermission(_permissions) == false)
{
ApiKeyNotFoundOrNotAuthorized(actionContext);
return;
}
base.OnAuthorization(actionContext);
}