public BpmsEngineApiControlBase()
{
using (ConfigurationService configurationService = new ConfigurationService())
{
if (this.MyRequest.Headers.AllKeys.Contains("clientIp"))
{
this.ClientIp = this.MyRequest.Headers["clientIp"].ToStringObj();
}
else
{
this.ClientIp = ApiUtility.GetIPAddress();
}
//If it is called by bpms user panel module.
if (!this.MyRequest.Headers.AllKeys.Contains("token") &&
!this.MyRequest.Headers.AllKeys.Contains("clientId"))
{
this.ClientUserName = DomainUtility.IsTestEnvironment ? "bpms_expert" : base.UserInfo.Username;
this.ClientFormToken = this.MyRequest.QueryString[FormTokenUtility.FormToken].ToStringObj();
this.ClientId = HttpContext.Current.Session.SessionID;
this.ApiSessionId = DomainUtility.CreateApiSessionID(this.ClientId, this.ClientIp);
this.IsEncrypted = FormTokenUtility.GetIsEncrypted(this.ClientFormToken, this.ClientId);
}
else
{
if (this.MyRequest.Headers.AllKeys.Contains("userName"))
{
this.ClientUserName = this.MyRequest.Headers["userName"].ToStringObj();
}
this.ClientId = this.MyRequest.Headers["clientId"].ToStringObj();
this.ApiSessionId = DomainUtility.CreateApiSessionID(this.ClientId, this.ClientIp);;
//check api access.
if (!AccessUtility.CalledByLocalSA(HttpContext.Current.Request))
{
using (APIAccessService apiAccessService = new APIAccessService())
{
if (!apiAccessService.HasAccess(ApiUtility.GetIPAddress(), this.MyRequest.Headers.GetValues("token").FirstOrDefault()))
{
throw new Exception("You are not authorized to access this application.");
}
}
this.IsEncrypted = this.MyRequest.Headers["isEncrypted"].ToStringObj() == "1";
}
}
}
}
public BpmsCartableApiControlBase()
{
if (this.MyRequest.Headers.AllKeys.Contains("clientIp"))
{
this.ClientIp = this.MyRequest.Headers["clientIp"].ToStringObj();
}
else
{
this.ClientIp = ApiUtility.GetIPAddress();
}
using (APIAccessService apiAccessService = new APIAccessService())
{
//api call using toke header,which is password, or formToken ,which is a parameter like antiforgerytoken cosist of sessionId and mainDynamicFormId encripted by sessionId.
if (!this.MyRequest.Headers.AllKeys.Contains("token"))
{
this.ClientUserName = DomainUtility.IsTestEnvironment ? "bpms_expert" : base.UserInfo.Username;
this.ClientFormToken = this.MyRequest.QueryString[FormTokenUtility.FormToken].ToStringObj();
this.ClientId = HttpContext.Current.Session.SessionID;
this.ApiSessionId = DomainUtility.CreateApiSessionID(this.ClientId, this.ClientIp);
this.IsEncrypted = FormTokenUtility.GetIsEncrypted(this.ClientFormToken, this.ClientId);
}
else
{
if (this.MyRequest.Headers.AllKeys.Contains("userName"))
{
this.ClientUserName = this.MyRequest.Headers["userName"].ToStringObj();
}
this.ClientId = this.MyRequest.Headers["clientId"].ToStringObj();
this.ApiSessionId = DomainUtility.CreateApiSessionID(this.ClientId, this.ClientIp);;
//set ApiSessionID
if (!apiAccessService.HasAccess(ApiUtility.GetIPAddress(), this.MyRequest.Headers.GetValues("token").FirstOrDefault()))
{
throw new Exception("You are not authorized to access this application.");
}
this.IsEncrypted = this.MyRequest.Headers["isEncrypted"].ToStringObj() == "1";
}
}
}
