public override void OnAuthorization(HttpActionContext actionContext)
{
var accessKey = FetchFromHeader(actionContext);
if (accessKey == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
return;
}
var apiKey = ApiKeyService.FindByAccessKey(accessKey);
if (apiKey == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
return;
}
if (!apiKey.isActive)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
return;
}
if (AdminRestricted && !apiKey.isAdmin)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
return;
}
var identity = new ClaimsIdentity(new List <Claim> {
new Claim(ClaimTypes.Sid, "" + apiKey.Id),
new Claim(ClaimTypes.UserData, apiKey.isAdmin ? "Admin" : "User")
});
IPrincipal user = new ClaimsPrincipal(identity);
actionContext.RequestContext.Principal = user;
base.OnAuthorization(actionContext);
}
