private Boolean ValidateSessionId(HttpRequestMessage request) { DYELContext db = new DYELContext(); if (HttpMethod.Post == request.Method || HttpMethod.Put == request.Method) { MediaTypeHeaderValue contentType = request.Content.Headers.ContentType; String body = request.Content.ReadAsStringAsync().Result; Debug.WriteLine("BODY: " + body); JavaScriptSerializer jss = new JavaScriptSerializer(); Dictionary <String, Object> data = (Dictionary <String, Object>)jss.DeserializeObject(body); if (data.ContainsKey("SessionId")) { Guid sessionId = Guid.Parse((String)data["SessionId"]); Session session = db.Sessions.Find(sessionId); if (null != session) { data.Remove("SessionId"); String paramName = "PersonId"; if (data.ContainsKey("SessionName")) { paramName = (String)data["SessionName"]; data.Remove("SessionName"); } data.Add(paramName, session.PersonId); String modified = jss.Serialize(data); Debug.WriteLine("MODIFIED: " + modified); request.Content = new StringContent(modified); request.Content.Headers.ContentType = contentType; return(true); } } return(false); } else { NameValueCollection parameters = request.RequestUri.ParseQueryString(); String sessionIdStr = parameters.Get("SessionId"); Debug.WriteLine("Session: " + sessionIdStr); if (null != sessionIdStr) { Guid sessionId = Guid.Parse(sessionIdStr); Session session = db.Sessions.Find(sessionId); if (null != session) { parameters.Remove("SessionId"); String paramName = parameters.Get("SessionName"); if (null == paramName) { paramName = "PersonId"; } else { parameters.Remove("SessionName"); } Debug.WriteLine("ParamName: " + paramName); parameters.Set(paramName, session.PersonId); UriBuilder builder = new UriBuilder(request.RequestUri); Debug.WriteLine("New query: " + parameters.ToString()); builder.Query = parameters.ToString(); request.RequestUri = builder.Uri; return(true); } } return(false); } }