protected override Task <HttpResponseMessage> SendAsync
(
HttpRequestMessage request,
CancellationToken cancellationToken
)
{
IEnumerable <string> authorizationValue;
var hasAutorization = request.Headers.TryGetValues("X-PATRONS-AUTH-TOKEN", out authorizationValue);
if (hasAutorization)
{
var token = authorizationValue.First();
/*-----------------------------------------------------------------------------------------
* INSPECT TOKEN TO SEE IF USER EXISTS AND TOKEN HAS NOT EXPIRED
* -----------------------------------------------------------------------------------------*/
DateTime timeStampTokenCreated;
DateTime timeStampTokenExpires;
IWinstarDataModel winstarDataModel = AuthTokenHelper.UnPackAuthToken(token, out timeStampTokenCreated, out timeStampTokenExpires);
//IF TOKEN EXPIRES TIMESTAMP IS LESS THAN NOW, ABORT
if (timeStampTokenExpires < DateTime.Now)
{
return(CreateUnauthorizedResponse("Authorization has expired. Please login again."));
}
//GET USER
IUserModel currentUser = SecurityHelper.GetWinstarPatron(winstarDataModel);
//IF USER IS UNKNOWN, THEN ABORT
if (currentUser == null)
{
return(CreateUnauthorizedResponse("User is unknown."));
}
//CAPTURE DATA FOR USE IN CONTROLLERS (SEE SecureApiController)
ObjectFactory.Configure(x => x.For <IWinstarDataModel>().Singleton().Use(winstarDataModel));
ObjectFactory.Configure(x => x.For <IUserModel>().Singleton().Use(currentUser));
//CONVERT CURRENT USER TO AN AUTHENTICATED USER
Thread.CurrentPrincipal = currentUser.ToClaimsPrincipal();
//SET HTTP CONTEXT CURRENT USER TO AUTHENTICATED USER
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
return task.Result;
}));
}