public bool ValidatePrivilege(mstUserPrivilege param)
{
try
{
_uow.Open(DBConnection.BMIERP);
var repo = new mstUserPrivilegeRepository(_uow);
var data = repo.ReadByFilter(x => x.Token == param.Token && x.Controller == param.Controller && x.RequestMethod == param.RequestMethod).FirstOrDefault();
if (data != null)
{
return(true);
}
return(false);
}
catch (Exception)
{
throw;
}
finally
{
_uow.Dispose();
}
}
public bool validatePrivilege(mstUserPrivilege param)
{
try
{
return(this._Domain.ValidatePrivilege(param));
}
catch (Exception)
{
throw;
}
}
/// <summary>
/// Check auth and Logging before Executing Action
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.ActionDescriptor.GetCustomAttributes <SkipGlobalActionFilterAttribute>().Any())
{
return;
}
_log = actionContext.Request.GetDependencyScope().GetService(typeof(ILog)) as ILog;
_userDomain = actionContext.Request.GetDependencyScope().GetService(typeof(IMstUserPrivilegeDomain)) as IMstUserPrivilegeDomain;
var controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var actionName = actionContext.ActionDescriptor.ActionName;
var requestMethod = actionContext.Request.Method.Method;
var ipAddress = GetClientIpAddress(actionContext);
var tokenValue = actionContext.Request.Headers.Contains(Token) ? actionContext.Request.Headers.GetValues(Token).First() : string.Empty;
_mstLog.RequestID = Guid.NewGuid();
_mstLog.ControllerName = controllerName;
_mstLog.ActionName = actionName;
_mstLog.RequestMethod = requestMethod;
_mstLog.CreatedDate = DateTime.Now;
_mstLog.Token = tokenValue;
_log.Setup(_mstLog);
try
{
_log.Info("Start Invoke......");
if (!string.IsNullOrEmpty(tokenValue))
{
var param = new mstUserPrivilege();
_log.Info("IP Address : {0} ", ipAddress);
param.Token = tokenValue;
param.Controller = controllerName;
param.RequestMethod = requestMethod;
if (actionContext.ActionArguments.Count > 0)
{
_log.Debug("Parameter(s) : {0} ", getListParameter(actionContext));
}
if (!_userDomain.ValidatePrivilege(param))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("Ooopss... You are not allowed to access this resource")
};
}
}
else
{
_log.Info("Unauthorized user, ip address : {0} ", ipAddress);
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("You are unauthorized to access this resource")
};
}
}
catch (Exception ex)
{
_log.Error(ex, tokenValue);
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Ooops... Something went wrong!")
};
}
base.OnActionExecuting(actionContext);
}
