Exemple #1
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            base.OnAuthorization(actionContext);

            arrRoles = _Roles.Split(',');

            JwtDecodeModel model = (JwtDecodeModel)Thread.CurrentPrincipal;

            bool estaEnRol = false;

            foreach (String r in arrRoles)
            {
                if (model.IsInRole(r.Trim()))
                {
                    estaEnRol = true;
                    break;
                }
            }

            if (!estaEnRol)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized,
                                                                              ResponseUtil.CreaRespuestaError(401, "No tiene permisos para esta acción", "Error de autorización"));
            }
        }
Exemple #2
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            base.OnAuthorization(actionContext);

            HttpResponseMessage response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden,
                                                                                ResponseUtil.CreaRespuestaError(403, "Por favor identificarse", "Error de autenticación"));

            if (actionContext.Request.Headers.Authorization != null)
            {
                string Bearer = actionContext.Request.Headers.Authorization.ToString();

                if (Bearer.StartsWith("Bearer "))
                {
                    string[] arrAuth = Bearer.Split(' ');

                    if (arrAuth.Count() > 1)
                    {
                        string token = arrAuth[1];

                        JwtDecodeModel model = JwtUtil.ValidaToken(token);

                        if (model != null)
                        {
                            Thread.CurrentPrincipal  = model;
                            HttpContext.Current.User = model;
                        }
                        else
                        {
                            actionContext.Response = response;
                        }
                    }
                    else
                    {
                        actionContext.Response = response;
                    }
                }
                else
                {
                    actionContext.Response = response;
                }
            }
            else
            {
                actionContext.Response = response;
            }
        }
Exemple #3
0
        public override void OnException(HttpActionExecutedContext actionExecutedContext)
        {
            base.OnException(actionExecutedContext);

            HttpResponseMessage response;

            if (actionExecutedContext.Exception is CustomResponseException)
            {
                CustomResponseException exception = (CustomResponseException)actionExecutedContext.Exception;
                response = actionExecutedContext.Request.CreateResponse <GenericResponse <String> >(
                    (HttpStatusCode)exception.HttpCode,
                    ResponseUtil.CreaRespuestaError(exception.HttpCode, exception.Message)
                    );
            }
            else
            {
                response = actionExecutedContext.Request.CreateResponse <GenericResponse <String> >(
                    HttpStatusCode.InternalServerError,
                    ResponseUtil.CreaRespuestaError(500, actionExecutedContext.Exception.Message)
                    );
            }

            actionExecutedContext.Response = response;
        }