/// <summary>Authenticates the request.</summary> /// <param name="actionContext">The action context.</param> public override void OnActionExecuting(HttpActionContext actionContext) { try { // Get the DI container for the request scope IDependencyScope DI = actionContext.Request.GetDependencyScope(); ISecurity securityService = DI.GetService(typeof(ISecurity)) as ISecurity; //read the ticket AuthenticationInfo authInfo = actionContext.GetAuthenticationInfoFromCookie(securityService); if (!AllowAnonymous && !securityService.IsAllowedForContent(authInfo)) { LogManager.GetCurrentClassLogger().LogAleph1(LogLevel.Warn, $"{authInfo?.Email ?? "UNKNOWN"} tried to access {actionContext.Request.RequestUri}"); actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, ""); return; } //Regenerating a ticket with the same data - to reset the ticket life span actionContext.Request.AddAuthenticationInfo(securityService, authInfo); } catch (Exception ex) { if (!AllowAnonymous) { LogManager.GetCurrentClassLogger().LogAleph1(LogLevel.Warn, actionContext.Request.RequestUri.ToString(), ex); actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, ""); } } }