protected override Task <HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { // If passed as a url segment: // http://localhost:4682/api/Test?ApiKey=55bee49d-bba6-4eb5-b011-d7e56b5d3262 // var queryString = request.RequestUri.ParseQueryString(); //var apiKey = queryString["apiKey"]; // If passed as a header var apiKey = request.Headers.GetValues("apiKey").FirstOrDefault(); var context = new WebApiSecurityDbContext(); var user = context.APIUsers.SingleOrDefault(u => u.APIUserKey.ToString().Equals(apiKey.ToString())); if (user != null) { var username = user.APIUserName; var principal = new ClaimsPrincipal(new GenericIdentity(username, "APIKey")); HttpContext.Current.User = principal; return(base.SendAsync(request, cancellationToken)); } else { var forbidden = new HttpResponseMessage(HttpStatusCode.Forbidden); var task = new TaskCompletionSource <HttpResponseMessage>(); task.SetResult(forbidden); return(task.Task); } }
public override void OnAuthorization(HttpActionContext actionContext) { var actionRole = Roles[0].ToString(); var userName = HttpContext.Current.User.Identity.Name; var context = new WebApiSecurityDbContext(); var user = context.APIUsers.SingleOrDefault(u => u.APIUserName.ToString().Equals(userName)); if (user == null || !user.APIUserRole.Equals(actionRole)) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); } }