private void ValidateToken(HeContext heContext, int userId, int tenantId, string eSpaceKey)
{
if (!HttpContext.Current.Request.Headers.AllKeys.Contains("Authorization"))
{
// check if in compatibility mode with pre-O11 versions
if (RuntimePlatformSettings.Authentication.ReferencesAllowLegacyAuth.GetValue())
{
// Check if the request is from a valid IP
if (!NetworkInterfaceUtils.IsLoopbackAddress(HttpContext.Current.Request.UserHostAddress))
{
ErrorLog.StaticWrite(DateTime.Now,
heContext.Session.SessionID,
heContext.AppInfo != null ? heContext.AppInfo.eSpaceId: 0,
heContext.AppInfo != null ? heContext.AppInfo.Tenant.Id: 0,
heContext.Session.UserId,
"Access to ActivityActionsHandler with invalid IP: " + HttpContext.Current.Request.UserHostAddress,
"The activity actions handler can only be accessed by the 127.0.0.1 IP", "BPM");
throw new Exception("The activity actions handler can only be accessed by the 127.0.0.1 IP");
}
else
{
// Request is valid in compatibility mode
return;
}
}
else
{
throw new Exception("Token validation failed");
}
}
SecurityTokenManager.ValidateAuthorizationHeader(
RuntimeSettingsProvider.Instance,
HttpContext.Current.Request.Headers["Authorization"],
userId,
tenantId,
eSpaceKey);
}