public void OnAuthorization(AuthorizationFilterContext context)
{
string msg = "Unauthorized User credentials is not a valid";
var _logger = (ILoggerManager)context.HttpContext.RequestServices.GetService(typeof(ILoggerManager));
var _baseAuth = (IBaseAuth)context.HttpContext.RequestServices.GetService(typeof(IBaseAuth));
var accessToken = context.HttpContext.Request.Headers["Authorization"];
var userPrincpal = _baseAuth.AuthenticateJwtToken(accessToken).Result;
if (userPrincpal == null)
{
var _httpContextAccessor = new HttpContextAccessor();
_httpContextAccessor.HttpContext = context.HttpContext;
_logger.LogWarn(msg);
_logger.LogWarn("Remote IP Client: " + _httpContextAccessor.GetRequestIP());
_logger.LogWarn("client useragent: " + _httpContextAccessor.UserAgent());
_logger.LogWarn("client language: " + _httpContextAccessor.ClientLanguage());
_httpContextAccessor.Unknown();//log custom header in a log file log unauthorized request of each Header of Each Request
_logger.LogError(msg);
context.Result = new UnauthorizedResult();
return;
}
var userRigths = _baseAuth.AuthorizeUserClaim(userPrincpal, _claim.ToList());
if (!userRigths)
{
context.Result = new NoContentResult();
return;
}
//var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
//if (!hasClaim)
//{
// context.Result = new ForbidResult();
//}
}
