/// <summary>
/// Method that is called before client calls are sent and after service responses are returned.
/// </summary>
/// <param name="operationName">The name of the operation.</param>
/// <param name="inputs">The objects passed to the method by the client.</param>
/// <returns>The correlation state that is returned as the correlationState parameter in AfterCall - null if the correlation state is not used.</returns>
public object BeforeCall(string operationName, object[] inputs)
{
// Get the value of the AuthorizationToken HTTP header
IncomingWebRequestContext requestContext = WebOperationContext.Current.IncomingRequest;
string authorizationToken = requestContext.Headers["AuthorizationToken"];
// Check if an authorization token has been supplied
if (!String.IsNullOrWhiteSpace(authorizationToken))
{
// Start the authorization process
AuthorizationHandler authorizationHandler = new AuthorizationHandler();
authorizationHandler.Authorize(this.allowedUserTypes);
// Check if the user is authenticated and authorized to execute the method
if (!authorizationHandler.IsAuthenticated)
throw new WebFaultException(HttpStatusCode.Unauthorized);
else if (!authorizationHandler.IsAuthorized)
throw new WebFaultException(HttpStatusCode.Forbidden);
}
else
{
throw new WebFaultException(HttpStatusCode.Unauthorized);
}
// We do not intend to use a correlation state, so we just return null
return null;
}
/// <summary>
/// Constructor that sets the allowed UserTypes for execution of the method.
/// </summary>
/// <param name="allowedUserTypes">The allowed UserTypes for execution of the method.</param>
public AuthorizationRequired(params UserType[] allowedUserTypes)
{
this.allowedUserTypes = allowedUserTypes;
this.authorizationHandler = new AuthorizationHandler();
}
/// <summary>
/// Default constructor.
/// </summary>
public AuthorizationOptional()
{
this.authorizationHandler = new AuthorizationHandler();
}
