public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg)
{
var requestUrl = controller.GetRequestUrl();
if (NeverSecret.IsNeverSecretUrl(requestUrl))
{
msg = controller.GetEmptyMessage();
return(true);
}
//CORS pre-flight (ignore creds if using cors).
if (Settings.AccessControlAllowOrigin.Count > 0 && controller.InnerRequest.Method.Method == "OPTIONS")
{
msg = controller.GetEmptyMessage();
return(true);
}
var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token");
if (string.IsNullOrEmpty(oneTimeToken) == false)
{
return(TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg));
}
var authHeader = controller.GetHeader("Authorization");
var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");
if (hasApiKey || hasOAuthTokenInCookie ||
string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
{
return(oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg));
}
return(windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg));
}
public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg)
{
var requestUrl = controller.GetRequestUrl();
if (NeverSecret.IsNeverSecretUrl(requestUrl))
{
msg = controller.GetEmptyMessage();
return true;
}
//CORS pre-flight (ignore creds if using cors).
if (!String.IsNullOrEmpty(Settings.AccessControlAllowOrigin) && controller.InnerRequest.Method.Method == "OPTIONS")
{
msg = controller.GetEmptyMessage();
return true;
}
var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token");
if (string.IsNullOrEmpty(oneTimeToken) == false)
{
return TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg);
}
var authHeader = controller.GetHeader("Authorization");
var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");
if (hasApiKey || hasOAuthTokenInCookie ||
string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
{
return oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg);
}
return windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg);
}
