public BpmsCartableApiControlBase()
{
if (this.MyRequest.Headers.AllKeys.Contains("clientIp"))
{
this.ClientIp = this.MyRequest.Headers["clientIp"].ToStringObj();
}
else
{
this.ClientIp = ApiUtility.GetIPAddress();
}
using (APIAccessService apiAccessService = new APIAccessService())
{
//api call using toke header,which is password, or formToken ,which is a parameter like antiforgerytoken cosist of sessionId and mainDynamicFormId encripted by sessionId.
if (!this.MyRequest.Headers.AllKeys.Contains("token"))
{
this.ClientUserName = DomainUtility.IsTestEnvironment ? "bpms_expert" : base.UserInfo.Username;
this.ClientFormToken = this.MyRequest.QueryString[FormTokenUtility.FormToken].ToStringObj();
this.ClientId = HttpContext.Current.Session.SessionID;
this.ApiSessionId = DomainUtility.CreateApiSessionID(this.ClientId, this.ClientIp);
this.IsEncrypted = FormTokenUtility.GetIsEncrypted(this.ClientFormToken, this.ClientId);
}
else
{
if (this.MyRequest.Headers.AllKeys.Contains("userName"))
{
this.ClientUserName = this.MyRequest.Headers["userName"].ToStringObj();
}
this.ClientId = this.MyRequest.Headers["clientId"].ToStringObj();
this.ApiSessionId = DomainUtility.CreateApiSessionID(this.ClientId, this.ClientIp);;
//set ApiSessionID
if (!apiAccessService.HasAccess(ApiUtility.GetIPAddress(), this.MyRequest.Headers.GetValues("token").FirstOrDefault()))
{
throw new Exception("You are not authorized to access this application.");
}
this.IsEncrypted = this.MyRequest.Headers["isEncrypted"].ToStringObj() == "1";
}
}
}
public System.Net.Http.HttpResponseMessage PostData(string controller, string action, string formToken = "")
{
if (FormTokenUtility.ValidateFormToken(formToken, HttpContext.Current.Session.SessionID))
{
SingleActionSettingDTO setting = new SingleActionSettingDTO(new HttpRequestWrapper(HttpContext.Current.Request), base.PortalSettings.PortalId);
//when calling main api from client application, there is no need to pass formToken to main bpms api.
string url = UrlUtility.GetApiUrl(setting.WebApiAddress, action, controller, "", this.GetParameters().ToArray());
return(ApiUtility.PostData(url, QueryModel.GetFormDataList(this.MyRequest).ToList(), setting.WebServicePass, base.UserInfo.Username, ApiUtility.GetIPAddress(), HttpContext.Current.Session.SessionID, FormTokenUtility.GetIsEncrypted(formToken, HttpContext.Current.Session.SessionID)));
}
else
{
throw new System.Web.Http.HttpResponseException(System.Net.HttpStatusCode.Unauthorized);
}
}
public System.Net.Http.HttpResponseMessage GetData(string controller, string action, string formToken = "")
{
if (FormTokenUtility.ValidateFormToken(formToken, HttpContext.Current.Session.SessionID))
{
SingleActionSettingDTO setting = new SingleActionSettingDTO(new HttpRequestWrapper(HttpContext.Current.Request), base.PortalSettings.PortalId);
//when calling main bpms api from client application, there is no need to pass formToken to main bpms api.
string url = UrlUtility.GetApiUrl(setting.WebApiAddress, action, controller, "", this.GetParameters().ToArray());
var result = ApiUtility.GetData(url, setting.WebServicePass, base.UserInfo.Username, ApiUtility.GetIPAddress(), HttpContext.Current.Session.SessionID, FormTokenUtility.GetIsEncrypted(formToken, HttpContext.Current.Session.SessionID));
/*
* In ReportEngine.cs response would be flushed and as a result sessionID will be rewrite with server
* session ID which is different with singleAction sessionID because it sends data using api to server
* and therefore it must rewrite sessionid there in case user call report or download a file.
*/
SessionIDManager Manager = new SessionIDManager();
Manager.SaveSessionID(HttpContext.Current, HttpContext.Current.Session.SessionID, out bool redirected, out bool IsAdded);
return(result);
}
else
{
throw new System.Web.Http.HttpResponseException(System.Net.HttpStatusCode.Unauthorized);
}
}