/// <summary>
///
/// </summary>
/// <param name="actionContext"></param>
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Role", "Invalid User Role"));
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.ModelState.IsValid == false)
{
List <string> errorCollestion = new List <string>();
var states = actionContext.ModelState.ToList();
foreach (var item in states)
{
var errores = item.Value.Errors;
foreach (var error in errores)
{
errorCollestion.Add(error.ErrorMessage);
}
}
string message = String.Join("|", errorCollestion.ToArray());
actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>(message));
}
}
private void AuthorizeRequest(HttpActionContext actionContext, AuthenticationTicket tokenTicket)
{
string token = string.Empty;
AuthenticationTicket ticket;
token = (actionContext.Request.Headers.Any(x => x.Key == "Authorization")) ? actionContext.Request.Headers.Where(x => x.Key == "Authorization").FirstOrDefault().Value.SingleOrDefault().Replace("Bearer ", "") : "";
if (token == string.Empty)
{
actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Header", "Invalid Header/Token not present"));
return;
}
//your OAuth startup class may be called something else...
ticket = tokenTicket;
//Startup.OAuthServerOptions.AccessTokenFormat.Unprotect(token);
if (ticket == null)
{
actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Token", "Invalid token value"));
return;
}
else if (ticket.Identity.Claims.Where(c => c.Type.StartsWith("expires_at")).FirstOrDefault() != null)
{
DateTime expiresAt = DateTime.Parse(ticket.Identity.Claims.Where(c => c.Type.StartsWith("expires_at")).FirstOrDefault().Value);
if (DateTime.Now > expiresAt)
{
actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Token", "Invalid token value"));
return;
}
}
else if (ticket.Identity.Claims.Where(c => c.Type.StartsWith("User-Agent")).FirstOrDefault() != null)
{
var tokenUserAgent = ticket.Identity.Claims.Where(c => c.Type.StartsWith("User-Agent")).FirstOrDefault().Value;
if (actionContext.Request.Headers.UserAgent.Count > 0 && ticket != null)
{
var headers = actionContext.Request.Headers.GetValues("User-Agent");
var userAgent = string.Join(" ", headers);
if (tokenUserAgent != userAgent)
{
actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Agent", "Invalid agent value"));
return;
}
}
}
if (actionContext.Request.Properties.Where(a => a.Key == "deviceIdentity").Count() == 0)
{
var userIdentityNo = ticket.Identity.Claims.Where(c => c.Type.StartsWith("deviceId")).Count() > 0 ? ticket.Identity.Claims.Where(c => c.Type.StartsWith("deviceId")).FirstOrDefault().Value : "System";
actionContext.Request.Properties.Add(new KeyValuePair <string, object>("deviceIdentity", userIdentityNo));
}
}
