private static void ProcessAuthorizationAttributes(CommandAuthorizationContext context) { var authorizationAttributes = context.CommandType.GetCustomAttributes(typeof(AuthorizeCommandAttribute), true).Cast<AuthorizeCommandAttribute>(); foreach (var authorizationAttribute in authorizationAttributes) { authorizationAttribute.Authorize(context); if (!context.IsAuthorized) { return; } } }
private static void ProcessAuthorizationAttributes(CommandAuthorizationContext context) { var authorizationAttributes = context.CommandType.GetCustomAttributes(typeof(AuthorizeCommandAttribute), true).Cast <AuthorizeCommandAttribute>(); foreach (var authorizationAttribute in authorizationAttributes) { authorizationAttribute.Authorize(context); if (!context.IsAuthorized) { return; } } }
protected override bool IsAuthorized(CommandAuthorizationContext authorizationContext, IEnumerable<AuthorizeCommandAttribute> authorizationAttributes, bool isExplicitAnonymousCommand) { if (!isExplicitAnonymousCommand) { if (!authorizationContext.IsAuthenticated) { authorizationContext.Reject(); } else { ProcessAuthorizationAttributes(authorizationContext, authorizationAttributes); } } return authorizationContext.IsAuthorized; }
public override async Task Invoke(IOwinContext context) { var identity = (ClaimsIdentity)context.Authentication.User.Identity; if (identity.IsAuthenticated) { var commandType = context.GetCommand().GetType(); var authorizationContext = new CommandAuthorizationContext(identity, commandType); ProcessAuthorizationAttributes(authorizationContext); if (authorizationContext.IsAuthorized) { await Next.Invoke(context); } else { context.Response.StatusCode = 401; } } else { context.Response.StatusCode = 401; } }