public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model) { try { if (Request.ContentType.Contains("application/json")) { return(await AuthorizeJsonRequest(model)); } else { return(await AuthorizeXmlRequest(model)); } } catch (Exception ex) { _logger.LogError(ex, "// DecisionController // Decision // Unexpected Exception"); XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result); if (Request.ContentType.Contains("application/json")) { XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse); return(Ok(jsonResult)); } else { return(CreateResponse(xacmlContextResponse)); } } }
public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model) { try { if (Request.ContentType.Contains("application/json")) { return(await AuthorizeJsonRequest(model)); // lgtm [cs/user-controlled-bypass] } else { return(await AuthorizeXmlRequest(model)); // lgtm [cs/user-controlled-bypass] } } catch { XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result); if (Request.ContentType.Contains("application/json")) { XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse); return(Ok(jsonResult)); } else { return(CreateResponse(xacmlContextResponse)); } } }
private async Task <ActionResult> AuthorizeJsonRequest(XacmlRequestApiModel model) { XacmlJsonRequestRoot jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot)); XacmlJsonResponse jsonResponse = await Authorize(jsonRequest.Request); return(Ok(jsonResponse)); }
private async Task <ActionResult> AuthorizeXmlRequest(XacmlRequestApiModel model) { XacmlContextRequest request; using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent))) { request = XacmlParser.ReadContextRequest(reader); } XacmlContextResponse xacmlContextResponse = await Authorize(request); return(CreateResponse(xacmlContextResponse)); }
public ActionResult Post([FromBody] XacmlRequestApiModel model) { XacmlContextRequest request = null; XacmlContextResponse xacmlContextResponse = null; try { request = ParseApiBody(model); } catch (Exception) { XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; xacmlContextResponse = new XacmlContextResponse(result); } if (request != null) { PolicyDecisionPoint pdp = new PolicyDecisionPoint(_contextHandler, _prp); xacmlContextResponse = pdp.Authorize(request); } string accept = HttpContext.Request.Headers["Accept"]; if (!string.IsNullOrEmpty(accept) && accept.Equals("application/json")) { XacmlJsonResponse jsonReponse = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse); return(Ok(jsonReponse)); } StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { XacmlSerializer.WriteContextResponse(writer, xacmlContextResponse); } string xml = builder.ToString(); return(Content(xml)); }
private XacmlContextRequest ParseApiBody(XacmlRequestApiModel model) { XacmlContextRequest request = null; if (Request.ContentType.Contains("application/json")) { XacmlJsonRequestRoot jsonRequest; jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot)); request = XacmlJsonXmlConverter.ConvertRequest(jsonRequest.Request); } else if (Request.ContentType.Contains("application/xml")) { using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent))) { request = XacmlParser.ReadContextRequest(reader); } } return(request); }
public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model) { try { if (Request.ContentType.Contains("application/json")) { return(await AuthorizeJsonRequest(model)); } else { return(await AuthorizeXmlRequest(model)); } } catch (Exception ex) { XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result); return(CreateResponse(xacmlContextResponse)); } }