Ejemplo n.º 1
0
        /// <summary>
        /// Initializes the current context and sets various members to the values supplied in parameters
        /// Also checks whether the app token is valid and whether the current user is authorized to access the called web method
        /// </summary>
        /// <param name="appToken">Application token supplied by the client</param>
        /// <param name="userToken">User token supplied by the client</param>
        /// <param name="userName">Current user name</param>
        /// <param name="failInNoApp">Whether to throw an exception if no approved application is found to match the token</param>
        ///
        public static void Initialize(string appToken, string userToken)
        {
            if (Current != null)
            {
                return;
            }
            using (ApplicationDataContext dataContext = new ApplicationDataContext())
            {
                Current                  = new BrokerContext();
                Current.ActivityId       = Guid.NewGuid();
                Current.ApplicationToken = appToken;
                Current.UserToken        = userToken;
                Current.UserName         = Security.CurrentUser;

                Application currentApplication = dataContext.Applications.SingleOrDefault(app => app.Token == appToken && app.IsApproved == true);
                if (currentApplication != null)
                {
                    Current.ApplicationId   = currentApplication.ApplicationId;
                    Current.ApplicationName = currentApplication.Name;
                }
                else
                {
                    throw new InvalidTokenException(appToken, userToken);
                }

                // Now find if current user is authorized to access the current method
                if (System.Web.HttpContext.Current != null)
                {
                    var ctx = System.Web.HttpContext.Current;
                    // Search up the stack to find the Method's message name
                    System.Reflection.MethodBase method = null;
                    for (int i = 1; true; i++)
                    {
                        StackFrame stackFrame = new StackFrame(i);
                        method = stackFrame.GetMethod();
                        if (method == null || method.IsDefined(typeof(WebMethodAttribute), false) && method.DeclaringType.IsSubclassOf(typeof(System.Web.Services.WebService)))
                        {
                            break;
                        }
                    }
                    if (method != null)
                    {
                        // Now get the method's message name
                        WebMethodAttribute webMethodAttribute = (from attr in method.GetCustomAttributes(typeof(WebMethodAttribute), false) select attr).First() as WebMethodAttribute;
                        Current.WebMethodMessageName = string.IsNullOrEmpty(webMethodAttribute.MessageName) ? method.Name : webMethodAttribute.MessageName;
                        bool isAuthorized = System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(
                            string.Format("{0}/{1}", System.Web.HttpContext.Current.Request.Path, Current.WebMethodMessageName),
                            System.Web.HttpContext.Current.User,
                            "GET"
                            );
                        if (!isAuthorized)
                        {
                            Console.Write("not authoriced exception" + Current.WebMethodMessageName);
                            throw new System.Security.Authentication.AuthenticationException();
                        }
                    }
                }
            }
        }