Exemple #1
0
        /// <summary>
        /// May allow or disallow access to the controller.  This is called before the client-specified action method is called.
        /// </summary>
        /// <param name="result">If authorization fails, this should be set to an appropriate result such as an HTTP 403 Forbidden response. If null, authorization will be assumed to have succeeded.</param>
        public override void OnAuthorization(ref ActionResult result)
        {
            base.OnAuthorization(ref result);
            if (result != null)
            {
                return;
            }
            ApiRequestBase args = ApiRequestBase.ParseRequest <ApiRequestBase>(this);

            session = args.GetSession();
            if (session == null)
            {
                result = StatusCode("403 Forbidden");
            }
            else if (!session.IsAuthValid)
            {
                result = StatusCode("418 Insufficient Privilege");
            }
        }