protected override Task <HttpResponseMessage> SendAsync(
HttpRequestMessage request,
CancellationToken cancellationToken)
{
// If passed as a url segment:
// http://localhost:4682/api/Test?ApiKey=55bee49d-bba6-4eb5-b011-d7e56b5d3262
// var queryString = request.RequestUri.ParseQueryString();
//var apiKey = queryString["apiKey"];
// If passed as a header
var apiKey = request.Headers.GetValues("apiKey").FirstOrDefault();
var context = new WebApiSecurityDbContext();
var user = context.APIUsers.SingleOrDefault(u => u.APIUserKey.ToString().Equals(apiKey.ToString()));
if (user != null)
{
var username = user.APIUserName;
var principal = new ClaimsPrincipal(new GenericIdentity(username, "APIKey"));
HttpContext.Current.User = principal;
return(base.SendAsync(request, cancellationToken));
}
else
{
var forbidden = new HttpResponseMessage(HttpStatusCode.Forbidden);
var task = new TaskCompletionSource <HttpResponseMessage>();
task.SetResult(forbidden);
return(task.Task);
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var actionRole = Roles[0].ToString();
var userName = HttpContext.Current.User.Identity.Name;
var context = new WebApiSecurityDbContext();
var user = context.APIUsers.SingleOrDefault(u => u.APIUserName.ToString().Equals(userName));
if (user == null || !user.APIUserRole.Equals(actionRole))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
}
