protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
IEnumerable<string> userNameHeaderValues = null;
if (request.Headers.TryGetValues(KawalDesaHeaders.X_KD_USERID, out userNameHeaderValues))
{
if (!IsValidEmissRequest(request))
{
var response = request.CreateErrorResponse(HttpStatusCode.BadRequest, "Not a Valid Request");
return Task.FromResult<HttpResponseMessage>(response);
}
IEnumerable<String> expireHeaderValues = null;
if (request.Headers.TryGetValues(KawalDesaHeaders.X_KD_EXPIRES, out expireHeaderValues))
{
if (IsExpiredRequest(expireHeaderValues.FirstOrDefault()))
{
var response = request.CreateErrorResponse(HttpStatusCode.BadRequest, "Your Request Has Expired");
return Task.FromResult<HttpResponseMessage>(response);
}
}
var userName = userNameHeaderValues.First();
var userManager = new UserManager<User>(new CUserStore<User>(new DB()));
var user = userManager.FindByName(userName);
if (user != null)
{
string signature = CryptographyHelper.Sign(request, user.SecretKey);
if (signature.Equals(request.Headers.GetValues(KawalDesaHeaders.X_KD_SIGNATURE).FirstOrDefault()))
{
var identity = new KawalDesaIdentity(user, "Emiss");
var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray());
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
}
else if (HttpContext.Current.Session != null && !String.IsNullOrEmpty((string)HttpContext.Current.Session[KawalDesaController.USERID_KEY]))
{
var session = HttpContext.Current.Session;
var userManager = new UserManager<User>(new CUserStore<User>(new DB()));
var user = userManager.FindById((string)session[KawalDesaController.USERID_KEY]);
if (user != null)
{
var identity = new KawalDesaIdentity(user, "Session");
var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray());
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
return base.SendAsync(request, cancellationToken);
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
using (var db = new DB())
{
IEnumerable<string> authorizationHeaderValues = null;
if (request.Headers.TryGetValues("Authorization", out authorizationHeaderValues))
{
try
{
var auth = authorizationHeaderValues.First().Split(null)[1];
var token = JsonWebToken.Decode(auth, ConfigurationManager.AppSettings["Auth.SecretKey"]);
var userManager = new UserManager<User>(new CUserStore<User>(db));
var user = userManager.FindById(token.UserId);
if (user != null)
{
var identity = new KawalDesaIdentity(user, "exAuth");
var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray());
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
catch (Exception e)
{
LogManager.GetLogger(typeof(AuthorizationHandler)).Error("Auth error", e);
}
}
else if (HttpContext.Current.Session != null && !String.IsNullOrEmpty((string)HttpContext.Current.Session[KawalDesaController.USERID_KEY]))
{
var session = HttpContext.Current.Session;
var userManager = new UserManager<User>(new CUserStore<User>(db));
var user = userManager.FindById((string)session[KawalDesaController.USERID_KEY]);
if (user != null)
{
var identity = new KawalDesaIdentity(user, "Session");
var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray());
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
return base.SendAsync(request, cancellationToken);
}
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
using (var db = new DB())
{
IEnumerable <string> authorizationHeaderValues = null;
if (request.Headers.TryGetValues("Authorization", out authorizationHeaderValues))
{
try
{
var auth = authorizationHeaderValues.First().Split(null)[1];
var token = JsonWebToken.Decode(auth, ConfigurationManager.AppSettings["Auth.SecretKey"]);
var userManager = new UserManager <User>(new CUserStore <User>(db));
var user = userManager.FindById(token.UserId);
if (user != null)
{
var identity = new KawalDesaIdentity(user, "exAuth");
var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray());
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
catch (Exception e)
{
LogManager.GetLogger(typeof(AuthorizationHandler)).Error("Auth error", e);
}
}
else if (HttpContext.Current.Session != null && !String.IsNullOrEmpty((string)HttpContext.Current.Session[KawalDesaController.USERID_KEY]))
{
var session = HttpContext.Current.Session;
var userManager = new UserManager <User>(new CUserStore <User>(db));
var user = userManager.FindById((string)session[KawalDesaController.USERID_KEY]);
if (user != null)
{
var identity = new KawalDesaIdentity(user, "Session");
var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray());
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
return(base.SendAsync(request, cancellationToken));
}
}
