public async Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync
(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation)
{
User user = null;
string token = null;
var anonymousAllowed = actionContext.ControllerOrActionMarkedWith<AllowAnonymousAttribute>();
var request = actionContext.Request;
if (request == null)
return SetUnathorizedResponse(actionContext);
IEnumerable<string> headerValues;
var isHeaderFound = request.Headers.TryGetValues(TokenHeaderName, out headerValues);
var authentHeader = isHeaderFound ? headerValues.FirstOrDefault() : GetTokenFromCookie(request);
if (!String.IsNullOrEmpty(authentHeader))
{
var tokenProvider = actionContext.Request.GetDependencyScope().GetService(typeof(ITokenService)) as ITokenService;
if (tokenProvider == null)
return SetUnathorizedResponse(actionContext);
user = tokenProvider.GetUser(authentHeader);
if (user != null)
{
token = tokenProvider.RefreshToken(authentHeader);
}
}
if (user == null)
{
if (anonymousAllowed)
user = new User();
else
{
return SetUnathorizedResponse(actionContext);
}
}
SetUserToEveryContext(actionContext, new SitePrincipal(user));
var response = await continuation();
if (!string.IsNullOrWhiteSpace(token))
{
response.Headers.Add(TokenHeaderName, token);
return response;
}
return response;
}
