public async override Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
if (string.IsNullOrEmpty(actionContext.Request.Headers.Authorization?.Scheme) ||
string.IsNullOrEmpty(actionContext.Request.Headers.Authorization.Parameter) ||
!actionContext.Request.Headers.Authorization.Scheme.Equals("Bearer") ||
!await SecurityCache.IsValid(actionContext.Request.Headers.Authorization.Parameter))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return;
}
SecurityProfile securityProfile = SecurityCache.Get(actionContext.Request.Headers.Authorization.Parameter);
if (securityProfile == null || !RequiredPermissions.All(permission => securityProfile.Permissions.Contains(permission)))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
}
actionContext.Request.Properties.Add("SecurityProfile", securityProfile);
}
public async Task <ActionResult> Token(string access_token)
{
SecurityProfile profile = await SecurityCache.Get(access_token, true);
return(Json(profile, JsonRequestBehavior.AllowGet));
}