} // constructor
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) {
base.OnActionExecuting(actionContext);
if (!m_oSecurity.IsActionEnabled(actionContext.Request.GetUserName(), m_nAction)) {
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Forbidden,
"You are not authorized to perform this action."
);
} // if
} // OnActionExecuting
public static HttpResponseMessage CreateResponse(int nApiVersion, HttpRequestMessage oRequest, HttpStatusCode nCode, string sFormat, params object[] args)
{
string sMsg = string.IsNullOrWhiteSpace(sFormat) ? nCode.ToString() : string.Format(sFormat, args);
var oResponse = new HttpResponseMessage(nCode)
{
ReasonPhrase = sMsg,
};
HandleActionExecutedAttribute.FillResponse(nApiVersion, oResponse, oRequest);
ms_oLog.Debug("An HTTP response message has been created with code {0}.", oResponse.StatusCode);
return(oResponse);
} // CreateResponse
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
string sPattern = string.Format(
"Validating app key header for '{0} {1}' from '{2}'",
actionContext.Request.Method,
actionContext.Request.RequestUri,
actionContext.Request.GetRemoteIp()
);
ms_oLog.Debug("{0} started.", sPattern);
HttpRequestMessage oRequest = actionContext.Request;
if (!oRequest.Headers.Contains(Const.Headers.AppKey))
{
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Unauthorized,
"No app key specified."
);
ms_oLog.Debug("{0} failed: no app key header found.", sPattern);
return;
} // if
string sAppKey = oRequest.Headers.GetValues(Const.Headers.AppKey).First();
var oSec = new SecurityStub();
if (!oSec.IsAppKeyValid(sAppKey))
{
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Forbidden,
"Invalid app key specified ({0}).",
sAppKey
);
ms_oLog.Debug("{0} failed: invalid app key header found: '{1}'.", sPattern, sAppKey);
return;
} // if
ms_oLog.Debug("{0} succeeded.", sPattern);
} // OnActionExecuting
} // constructor
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
HttpRequestMessage oRequest = actionContext.Request;
if (!oRequest.Headers.Contains(Const.Headers.SessionToken))
{
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Forbidden,
"No session token specified."
);
return;
} // if
string sToken = oRequest.Headers.GetValues(Const.Headers.SessionToken).First();
ActiveUserInfo oUserInfo = m_oSecurity.ValidateSessionToken(sToken, actionContext.Request.GetRemoteIp());
actionContext.Request.SetUserName(null);
switch (oUserInfo.TokenValidity)
{
case TokenValidity.Valid:
actionContext.Request.SetUserName(oUserInfo.UserName);
return;
case TokenValidity.Expired:
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Forbidden,
"Your session has expired, please login again."
);
return;
case TokenValidity.Invalid:
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Unauthorized,
"Invalid session token specified ({0}).",
sToken
);
return;
} // switch
} // OnActionExecuting
