protected Token MakeNewAuthorizationToken(AuthorizationInput authInput)
{
// try to make Authorization with AuthProvider and create new Token
if (this.AuthProvider == null)
throw new CustomException("AuthenticationProvider is not resolved within Authrorize Attribute!");
if (authInput.Scheme.Equals(BasicAuthLabel, CommonService.StringComparison))
{
// Basic Authentification by Login:Password in base64
var credentials = this.ParseBasicCredentials(authInput.Value);
if (credentials != null && credentials.Length == 2)
return this.AuthProvider.Authenticate(credentials[0], credentials[1]);
}
else if (authInput.Scheme.Equals(TokenAuthLabel, CommonService.StringComparison))
{
// Token Authentification by Token
return this.AuthProvider.Authenticate(authInput.Value);
}
return null;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
try
{
if (ShouldSkipAuthorization(actionContext))
return;
this.Users = String.IsNullOrEmpty(this.Users) ? this.GetDefaultUsers() : this.Users;
this.Roles = String.IsNullOrEmpty(this.Roles) ? this.GetDefaultRoles() : this.Roles;
AuthorizationInput authInput = null;
// try to get Input from Headres
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null && !String.IsNullOrWhiteSpace(authHeader.Parameter))
authInput = new AuthorizationInput(authHeader.Scheme, authHeader.Parameter);
if (authInput == null)
{
// try to get Input from Query
var authQueryParam = actionContext.Request.GetQueryNameValuePairs().FirstOrDefault(p => p.Key.Equals(TokenAuthLabel)).Value;
if (!String.IsNullOrWhiteSpace(authQueryParam))
authInput = new AuthorizationInput(TokenAuthLabel, authQueryParam);
}
// input should be provided anyway...
if (authInput == null)
{
this.Unauthorized(actionContext);
return;
}
// try to get existing token (token, that was already setted up for current context)
Token token = this.GetExistingTokenFromTokenProvider(authInput);
// try to make Authorization with AuthProvider and create new Token
if (token == null)
token = this.MakeNewAuthorizationToken(authInput);
if (token == null)
{
this.Unauthorized(actionContext);
return;
}
var principal = new ApiPrincipal(token);
// setup thread's principal in .NET
Thread.CurrentPrincipal = principal;
// setup asp.net user
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
#region Check Attribute Roles
if (!String.IsNullOrEmpty(this.Roles))
{
bool inRole = this.Roles.Split(new char[] { ',', ';' }).Any(role => principal.IsInRole(role));
if (!inRole)
{
this.Forbidden(actionContext);
return;
}
}
#endregion
#region Check Attributes Users
if (!String.IsNullOrEmpty(this.Users))
{
if (!this.Users.Split(new char[] { ',', ';' }).Contains(principal.Identity.Name.ToString()))
{
this.Forbidden(actionContext);
return;
}
}
#endregion
}
catch (Exception ex)
{
this.Exception(actionContext, ex);
}
}
protected Token GetExistingTokenFromTokenProvider(AuthorizationInput authInput)
{
if (this.TokenProvider == null || authInput == null)
return null;
// trying to get the existing Token from TokenProvider
Token token = this.TokenProvider.GetToken();
if (token == null)
return null;
// existing Token should be equal to sended 'Token' in header
if (authInput.Scheme.Equals(TokenAuthLabel, CommonService.StringComparison) && token.Key.Equals(authInput.Value, CommonService.StringComparison))
return token;
return null;
}
