public async Task OnActionExecutionAsync(ActionExecutingContext actionContext, ActionExecutionDelegate next)
{
if (actionContext.HttpContext.Request.Method == HttpMethod.Options.ToString())
{
return;
}
if (_value.Equals(nameof(AllowAnonymousAttribute)))
{
await next();
return;
}
IList <string> tokenValues = null;
var isPublicTokenSet = _value.Equals(nameof(PublicTokenAttribute));
if (!actionContext.HttpContext.Request.Headers.ContainsKey("token"))
{
if (!isPublicTokenSet)
{
actionContext.Result = new UnauthorizedResult();
return;
}
}
else if (actionContext.HttpContext.Request.Headers.TryGetValue("token", out var tokenStringValues) && !tokenStringValues.IsNullOrEmpty())
{
tokenValues = tokenStringValues.ToList();
}
if (!Guid.TryParse(tokenValues?.FirstOrDefault()?.Trim() ?? string.Empty, out var tokenGuid))
{
actionContext.Result = new UnauthorizedResult();
return;
}
var userTokenInfo = AuthenticationLogic.CheckTokenInfo(tokenGuid);
string userLevel = "";
if ((int)Enums.UserLevel.Customer == userTokenInfo.UserLevel)
{
userLevel = Enums.UserLevel.Customer.ToString();
}
else if ((int)Enums.UserLevel.CompanyOwner == userTokenInfo.UserLevel)
{
userLevel = Enums.UserLevel.CompanyOwner.ToString();
}
else if ((int)Enums.UserLevel.DepartmentOwner == userTokenInfo.UserLevel)
{
userLevel = Enums.UserLevel.DepartmentOwner.ToString();
}
else if ((int)Enums.UserLevel.SystemOwner == userTokenInfo.UserLevel)
{
userLevel = Enums.UserLevel.SystemOwner.ToString();
}
if (!_value.Contains(userLevel))
{
actionContext.Result = new ForbidResult();
return;
}
SetIdentities(actionContext, userTokenInfo);
await next();
}