protected override bool AuthorizeCore(HttpContextBase httpContext)
{
IFoundation iFoundation = CoreFoundation.Current;
Account account = null;
bool isPreAuthorized = base.AuthorizeCore(httpContext);
// already verified
if (httpContext.Items.Contains(CURRENT_ACCOUNT_HTTP_CONTEXT_KEY))
{
return(true);
}
if (isPreAuthorized)
{
StencilFormsAuthorizer authorizer = iFoundation.Resolve <StencilFormsAuthorizer>();
account = authorizer.Authorize(httpContext.User.Identity.Name);
}
if (account == null)
{
// try with headers or QS
NameValueCollection query = httpContext.Request.QueryString;
string key = query[API_PARAM_KEY];
string signature = query[API_PARAM_SIG];
// from headers
string value = httpContext.Request.Headers[API_PARAM_KEY];
if (!string.IsNullOrEmpty(value))
{
key = value;
}
value = httpContext.Request.Headers[API_PARAM_SIG];
if (!string.IsNullOrEmpty(value))
{
signature = value;
}
StencilHashedTimeSignatureAuthorizer authorizer = iFoundation.Resolve <StencilHashedTimeSignatureAuthorizer>();
account = authorizer.Authorize(key, signature);
}
if (account != null)
{
httpContext.Items[CURRENT_ACCOUNT_HTTP_CONTEXT_KEY] = account;
try
{
ApiIdentity apiIdentity = new ApiIdentity(account.account_id, string.Format("{0} {1}", account.first_name, account.last_name));
var context = HttpContext.Current;
if (context != null)
{
context.User = new GenericPrincipal(apiIdentity, new string[0]);
}
}
catch (Exception ex)
{
iFoundation.LogError(ex, "HttpContext.Current.Account");
}
return(true);
}
return(false);
}
public bool AuthorizedRequest(HttpActionContext actionContext)
{
IFoundation iFoundation = CoreFoundation.Current; //weak usage of CoreFoundation.Current
Account account = null;
bool isPreAuthorized = base.IsAuthorized(actionContext);
// already verified [same request?]
if (actionContext.Request.Properties.ContainsKey(CURRENT_ACCOUNT_HTTP_CONTEXT_KEY))
{
return(true);
}
if (isPreAuthorized)
{
StencilFormsAuthorizer authorizer = iFoundation.Resolve <StencilFormsAuthorizer>();
account = authorizer.Authorize(actionContext.RequestContext.Principal.Identity.Name);
}
if (account == null)
{
NameValueCollection query = HttpUtility.ParseQueryString(actionContext.Request.RequestUri.ToString());
// from query string
string key = query[API_PARAM_KEY];
string signature = query[API_PARAM_SIG];
// from headers
if (actionContext.Request.Headers.Contains(API_PARAM_KEY))
{
string value = actionContext.Request.Headers.GetValues(API_PARAM_KEY).FirstOrDefault();
if (!string.IsNullOrEmpty(value))
{
key = value;
}
}
if (actionContext.Request.Headers.Contains(API_PARAM_SIG))
{
string value = actionContext.Request.Headers.GetValues(API_PARAM_SIG).FirstOrDefault();
if (!string.IsNullOrEmpty(value))
{
signature = value;
}
}
StencilHashedTimeSignatureAuthorizer authorizer = iFoundation.Resolve <StencilHashedTimeSignatureAuthorizer>();
account = authorizer.Authorize(key, signature);
}
if (account != null)
{
actionContext.Request.Properties[CURRENT_ACCOUNT_HTTP_CONTEXT_KEY] = account;
try
{
ApiIdentity apiIdentity = new ApiIdentity(account.account_id, string.Format("{0} {1}", account.first_name, account.last_name));
var context = HttpContext.Current;
if (context != null)
{
context.User = new GenericPrincipal(apiIdentity, new string[0]);
}
}
catch (Exception ex)
{
iFoundation.LogError(ex, "HttpContext.Current.User");
}
string platform = string.Empty;
try
{
if (actionContext.Request.Headers.Contains(PARAM_PLATFORM))
{
string value = actionContext.Request.Headers.GetValues(PARAM_PLATFORM).FirstOrDefault();
if (!string.IsNullOrEmpty(value))
{
platform += value;
}
}
if (actionContext.Request.Headers.Contains(PARAM_VERSION))
{
string value = actionContext.Request.Headers.GetValues(PARAM_VERSION).FirstOrDefault();
if (!string.IsNullOrEmpty(value))
{
platform += " - v" + value;
}
}
}
catch (Exception ex)
{
iFoundation.LogError(ex, "HttpContext.Current.User");
}
AccountLoggedInWorker.EnqueueRequest(iFoundation, new LoggedInRequest()
{
account_id = account.account_id,
platform = platform,
login_utc = DateTime.UtcNow
});
return(true);
}
return(false);
}