/// <summary> /// May allow or disallow access to the controller. This is called before the client-specified action method is called. /// </summary> /// <param name="result">If authorization fails, this should be set to an appropriate result such as an HTTP 403 Forbidden response. If null, authorization will be assumed to have succeeded.</param> public override void OnAuthorization(ref ActionResult result) { base.OnAuthorization(ref result); if (result != null) { return; } ApiRequestBase args = ApiRequestBase.ParseRequest <ApiRequestBase>(this); session = args.GetSession(); if (session == null) { result = StatusCode("403 Forbidden"); } else if (!session.IsAuthValid) { result = StatusCode("418 Insufficient Privilege"); } }