public static async Task ValidateApiKey(ApiKeyValidateIdentityContext context, String schema = null) { var dbContext = ServiceLocator.Current.GetService <IDbContext>(); var host = ServiceLocator.Current.GetService <IApplicationHost>(); schema = schema ?? "a2security"; var findUsersql = $"[{schema}].[FindApiUserByApiKey]"; var writeLogSql = $"[{schema}].[WriteLog]"; var prms = new ExpandoObject(); prms.Set("Host", context.Host); prms.Set("ApiKey", context.ApiKey); var user = await dbContext.LoadAsync <ApiAppUser>(host.CatalogDataSource, findUsersql, prms); if (user != null) { if (IdentityHelpers.IsValidIPAddress(user.AllowIP, context.Host)) { context.Claims = CreateClaims(user); context.IsValidated = true; } else { var fo = new ExpandoObject(); fo.Set("UserId", user.Id); fo.Set("SeverityChar", "W"); fo.Set("Code", 66 /*Api IP forbidden*/); fo.Set("Message", $"expected: '{user.AllowIP}', actual:'{context.Host}'"); await dbContext.ExecuteExpandoAsync(host.CatalogDataSource, writeLogSql, fo); } } }