/// <summary> /// Checks authorization for the given operation context based on default policy evaluation. /// </summary> /// <param name="operationContext">The <see cref="T:System.ServiceModel.OperationContext"/> for the current authorization request.</param> /// <returns> /// true if access is granted; otherwise, false. The default is true. /// </returns> protected override bool CheckAccessCore( OperationContext operationContext ) { string key = string.Empty; // Always allow the Help interface var properties = operationContext.RequestContext.RequestMessage.Properties; if ( properties["HttpOperationName"].ToString() == "HelpPageInvoke" ) return true; // If the user is currently logged in var currentUser = System.Web.Security.Membership.GetUser(); if ( currentUser != null ) return true; // Get the matched uriTemplate UriTemplateMatch template = properties["UriTemplateMatchResults"] as UriTemplateMatch; if (template != null && !string.IsNullOrEmpty(template.BoundVariables["apiKey"])) { // Get the apiKey value from the uriTemplate key = template.BoundVariables["apiKey"]; // Read the user Rock.Services.Cms.UserService userService = new Rock.Services.Cms.UserService(); Rock.Models.Cms.User user = userService.Queryable(). Where( u => u.ApiKey == key && u.IsApproved == true && u.IsLockedOut == false ). FirstOrDefault(); // Verify that the key is valid if ( user != null ) return true; } return false; }
/// <summary> /// Checks authorization for the given operation context based on default policy evaluation. /// </summary> /// <param name="operationContext">The <see cref="T:System.ServiceModel.OperationContext"/> for the current authorization request.</param> /// <returns> /// true if access is granted; otherwise, false. The default is true. /// </returns> protected override bool CheckAccessCore(OperationContext operationContext) { string key = string.Empty; // Always allow the Help interface var properties = operationContext.RequestContext.RequestMessage.Properties; if (properties["HttpOperationName"].ToString() == "HelpPageInvoke") { return(true); } // If the user is currently logged in var currentUser = System.Web.Security.Membership.GetUser(); if (currentUser != null) { return(true); } // Get the matched uriTemplate UriTemplateMatch template = properties["UriTemplateMatchResults"] as UriTemplateMatch; if (template != null && !string.IsNullOrEmpty(template.BoundVariables["apiKey"])) { // Get the apiKey value from the uriTemplate key = template.BoundVariables["apiKey"]; // Read the user Rock.Services.Cms.UserService userService = new Rock.Services.Cms.UserService(); Rock.Models.Cms.User user = userService.Queryable(). Where(u => u.ApiKey == key && u.IsApproved == true && u.IsLockedOut == false). FirstOrDefault(); // Verify that the key is valid if (user != null) { return(true); } } return(false); }