public IActionResult CheckToken(string token) { token = Request.Cookies["token"]; if (_storage.TryGetToken(token, out _)) { return(Ok()); } return(NotFound()); }
public void OnResourceExecuting(ResourceExecutingContext context) { string tokenId = context.HttpContext.Request.Cookies["token"]?.ToString(); Token token; if (_storage.TryGetToken(tokenId, out token)) { string[] roles = token.IsAdmin ? new string[] { "Admin" } : new string[0]; context.HttpContext.User = new GenericPrincipal(new GenericIdentity(token.UserID), roles); string query = context.HttpContext.Request.QueryString.ToString(); if (query.Contains("Admin/") && !token.IsAdmin) { context.Result = new UnauthorizedResult(); } } else { context.Result = new UnauthorizedResult(); } }