public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
        {
            var principal = actionContext.RequestContext.Principal as ClaimsPrincipal;

            if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any <AllowAnonymousAttribute>() || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any <AllowAnonymousAttribute>())
            {
                return(Task.FromResult <object>(null));
            }



            if (!principal.Identity.IsAuthenticated)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                return(Task.FromResult <object>(null));
            }
            if (UserConfig.GetLoggedOutUser().Contains(principal.FindFirst(e => e.Type == "user").Value))
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                return(Task.FromResult <object>(null));
            }

            if (!(principal.HasClaim(e => e.Type.ToLower().Equals(ClaimType.ToLower()) &&
                                     ClaimValue.ToLower().Contains(e.Value.ToLower()))))
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                return(Task.FromResult <object>(null));
            }

            return(Task.FromResult <object>(null));
        }
Esempio n. 2
0
 public IHttpActionResult LogedOutUsers()
 {
     return(Ok(UserConfig.GetLoggedOutUser()));
 }