/// <summary>Authenticates the request.</summary>
/// <param name="actionContext">The action context.</param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
try
{
// Get the DI container for the request scope
IDependencyScope DI = actionContext.Request.GetDependencyScope();
ISecurity securityService = DI.GetService(typeof(ISecurity)) as ISecurity;
//read the ticket
AuthenticationInfo authInfo = actionContext.GetAuthenticationInfoFromCookie(securityService);
if (!AllowAnonymous && !securityService.IsAllowedForContent(authInfo))
{
LogManager.GetCurrentClassLogger().LogAleph1(LogLevel.Warn, $"{authInfo?.Email ?? "UNKNOWN"} tried to access {actionContext.Request.RequestUri}");
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "");
return;
}
//Regenerating a ticket with the same data - to reset the ticket life span
actionContext.Request.AddAuthenticationInfo(securityService, authInfo);
}
catch (Exception ex)
{
if (!AllowAnonymous)
{
LogManager.GetCurrentClassLogger().LogAleph1(LogLevel.Warn, actionContext.Request.RequestUri.ToString(), ex);
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "");
}
}
}