public void OnAuthorization(AuthorizationFilterContext filterContext) { if (filterContext.HttpContext?.Request?.Body == null) { filterContext.HttpContext.Response.StatusCode = StatusCodes.Status400BadRequest; filterContext.Result = new JsonResult( new { Message = Displays.BadRequest(context: new ContextImplement( sessionStatus: false, sessionData: false, item: false)) }); return; } filterContext.HttpContext.Request.EnableBuffering(); var reader = new StreamReader( stream: filterContext.HttpContext.Request?.Body, encoding: Encoding.UTF8); var requestData = reader.ReadToEnd(); filterContext.HttpContext.Request.Body.Position = 0; var context = new ContextImplement( sessionStatus: false, sessionData: false, item: false, setPermissions: false, apiRequestBody: requestData); if (!context.ContractSettings.AllowedIpAddress(context.UserHostAddress)) { filterContext.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden; filterContext.Result = new JsonResult( new { Message = Displays.InvalidIpAddress(context: context) }); return; } if (Parameters.Security.TokenCheck && filterContext.HttpContext.User?.Identity?.IsAuthenticated == true) { var api = requestData?.Deserialize <Api>(); if (api?.Token != context.Token()) { filterContext.HttpContext.Response.StatusCode = StatusCodes.Status400BadRequest; filterContext.Result = new JsonResult( new { Message = Displays.BadRequest(context: context) }); } } }
public void OnAuthorization(AuthorizationFilterContext filterContext) { var context = new ContextImplement( sessionStatus: false, sessionData: false, item: false, setPermissions: false); if (context.Controller != "errors" && Parameters.SyntaxErrors?.Any() == true) { filterContext.Result = new RedirectResult( Locations.ParameterSyntaxError(context: context)); } if (context.Authenticated && !context.ContractSettings.AllowedIpAddress(context.UserHostAddress)) { Authentications.SignOut(context: context); filterContext.Result = new RedirectResult( Locations.InvalidIpAddress(context: context)); return; } if (context.Authenticated && context.ContractSettings.OverDeadline(context: context)) { Authentications.SignOut(context: context); filterContext.Result = new RedirectResult( Locations.Login(context: context) + "?expired=1"); return; } if (context.Authenticated && Parameters.Security.TokenCheck && filterContext.HttpContext.Request.HasFormContentType && filterContext.HttpContext.Request.Form.Count > 0 && filterContext.HttpContext.Request.Form["Token"] != context.Token()) { filterContext.HttpContext.Response.StatusCode = 400; if (filterContext.HttpContext.Request.Headers["X-Requested-With"] == "XMLHttpRequest") { filterContext.Result = new JsonResult( new { Message = Displays.InvalidRequest(context: context) }); } else { filterContext.Result = new ContentResult() { Content = Displays.InvalidRequest(context: context) }; } return; } if (!context.LoginId.IsNullOrEmpty()) { if (!context.Authenticated) { if (Authentications.Windows(context: context)) { filterContext.Result = new EmptyResult(); return; } else { Authentications.SignOut(context: context); filterContext.Result = new RedirectResult( Locations.Login(context: context)); return; } } } SiteInfo.Reflesh(context: context); }