/// <summary>
/// Determines whether access for this particular request is authenticated.
/// </summary>
/// <param name="actionContext">The context</param>
/// <returns>true if access is authorized; otherwise false</returns>
protected virtual bool IsAuthenticated(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
var user = actionContext.ControllerContext.RequestContext.Principal;
return(user.IsNotNull() &&
user.Identity.IsNotNull() &&
user.Identity.IsAuthenticated);
}
/// <summary>
/// Generates the key that should be used to cache/retrieve the content
/// for the given action context and action name
/// </summary>
/// <param name="actionContext">The action context</param>
/// <param name="actionName">The action name</param>
/// <returns>The key for the given action context and action name</returns>
public virtual string Generate(
HttpActionContext actionContext,
string actionName)
{
actionContext.NotNull(nameof(actionContext));
actionName.NotNullOrEmpty(nameof(actionName));
return(Generate(
actionContext.ControllerContext.ControllerDescriptor.ControllerType,
actionName,
actionContext));
}
/// <summary>
/// Generates the key that should be use to cache/retrieve the content
/// for the given controllerType and action name
/// </summary>
/// <param name="controllerType">The controller type (must be ApiController)</param>
/// <param name="actionName">The action name</param>
/// <param name="context">The action context</param>
/// <returns>The key for the given controller type and action name</returns>
/// <exception cref="ArgumentException">If controller type is not an ApiController</exception>
public virtual string Generate(
Type controllerType,
string actionName,
HttpActionContext context)
{
controllerType.NotNull(nameof(controllerType));
controllerType.Is <ApiController>();
actionName.NotNullOrEmpty(nameof(actionName));
context.NotNull(nameof(context));
return("{0}-{1}".AsFormat(controllerType.FullName, actionName));
}
/// <summary>
/// Determines whether access for this particular request is authorized.
/// Authorization is denied when the user is not in the authorized role (if defined)
/// or does not have the authorized claim (if defined)
/// </summary>
/// <param name="actionContext">The context</param>
/// <returns>true if access is authorized; otherwise false</returns>
protected virtual bool IsAuthorized(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
var user = actionContext.ControllerContext.RequestContext.Principal;
if (NotAuthorizedRole(user) || NotAuthorizedClaim(user as ClaimsPrincipal))
{
return(false);
}
return(true);
}
/// <summary>
/// Called when an action is being authorized.
/// Authorization is denied if
/// - the request is not associated with any user
/// - the user is not authenticated,
/// - the user is authenticated but it is not in the authorized role (if defined)
/// or the user does not have the authorized claim (if defined)
/// </summary>
/// <param name="actionContext">The context</param>
public override void OnAuthorization(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
if (SkipAuthorization(actionContext))
{
return;
}
if (!IsAuthenticated(actionContext))
{
HandleUnauthenticatedRequest(actionContext);
}
else if (!IsAuthorized(actionContext))
{
HandleUnauthorizedRequest(actionContext);
}
}
/// <summary>
/// Action to occur before the actual action method is invoked
/// </summary>
/// <param name="actionContext">The action context</param>
public override void OnActionExecuting(
HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
if (!IsCachingAllowed(actionContext))
{
return;
}
var content = GetCachedContent(actionContext);
if (content.IsNullOrEmpty())
{
return;
}
CreateResponse(actionContext, content);
ApplyCacheHeaders(actionContext.Response);
}
/// <summary>
/// Processes requests that fail authorization.
/// This default implementation creates a new response with the Forbidden status code.
/// </summary>
/// <param name="actionContext">The context</param>
protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
/// <summary>
/// Generates the key that should be used to cache/retrieve the content
/// for the given action context using a combination of controller and action names
/// </summary>
/// <param name="actionContext">The action context</param>
/// <returns>The key for the given action context</returns>
public virtual string Generate(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
return(Generate(actionContext, actionContext.ActionDescriptor.ActionName));
}