public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var JsonFormatter = actionContext.ControllerContext.Configuration.Formatters.JsonFormatter;
if (JsonFormatter != null)
{
JsonFormatter.SerializerSettings.DateFormatString = FormatString;
}
base.OnActionExecuting(actionContext);
}
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
return(false);
}
Guid accessTokenId = new Guid(actionContext.Request.Headers.Authorization.Scheme);
bool back = servToken.IsValidAccessToken(accessTokenId, Roles.Split(','));
return(back);
}
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (AuthorizeRequest(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext)
{
var routeData = actionContext.Request.GetRouteData();
var resourceUserName = routeData.Values["userName"] as string;
if (resourceUserName == userName)
{
return(true);
}
return(false);
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
#region 2.得到传给WEBAPI的参数值
HttpContextWrapper content = (HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"];
//假设POST过来两个参数值 Plain 和Signature
string Plain = content.Request.Form["Plain"];
string Signature = content.Request.Form["Signature"];
#endregion
base.OnActionExecuting(actionContext);
}
private TokenModel ParseRequestHeaders(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var httpRequestHeader = actionContext.Request.Headers.GetValues("Authorization").FirstOrDefault();
httpRequestHeader = httpRequestHeader.Substring("Basic ".Length);
string TokenModel = Encoding.UTF8.GetString(Convert.FromBase64String(httpRequestHeader));
TokenModel token = JsonConvert.DeserializeObject <TokenModel>(TokenModel);
return(token);
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
string clientIp = GetIpaddress();
//检验ip地址合法性
if (!ValidateIpAddress(clientIp))
{
TokenHandleUnauthorizedRequest(actionContext, "非法地址,请求无效。该地址为" + clientIp);
}
}
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//if (base.IsAuthorized(actionContext))
//{
return(IsUserFirm(actionContext));
//}
//else
//{
// return false;
//}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var controller = actionContext.ControllerContext.Controller as ExtendedApiController;
if (controller == null)
{
return;
}
controller.Session = WebApiApplication.Store.OpenSession();
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.ModelState.IsValid)
{
return;
}
var erros = GetErrosDeValidacao(actionContext);
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, erros);
}
/// <summary>
/// 处理未登录的异常相应
/// </summary>
/// <param name="actionContext"></param>
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
base.HandleUnauthorizedRequest(actionContext);
var response = actionContext.Response = actionContext.Response ?? new HttpResponseMessage();
response.StatusCode = HttpStatusCode.Forbidden;
response.Content = new ObjectContent <ForbiddenResponse>(new ForbiddenResponse()
{
Message = "Token已过期,请重新登录"
}, GlobalConfiguration.Configuration.Formatters.JsonFormatter);
}
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(actionContext);
}
else
{
//actionContext.Response = actionContext.Request.CreateResponse();
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var requestInfo = actionContext.Request.GetRequestProcessInfo();
if (requestInfo == null)
{
requestInfo = BuildRequestInfo(actionContext);
actionContext.Request.SetRequestProcessInfo(requestInfo);
}
base.OnActionExecuting(actionContext);
}
protected virtual void UpdateDebugResponseHeader(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (System.Web.HttpContext.Current.Items.Contains(apiController.GuidKey))
{
string actionHeaderGuidValue = System.Web.HttpContext.Current.Items[apiController.GuidKey].ToString();
if (!actionContext.Response.Headers.Contains(apiController.actionHeaderGuidName))
{
actionContext.Response.Headers.Add(apiController.actionHeaderGuidName, actionHeaderGuidValue);
}
}
}
public bool BindModel(System.Web.Http.Controllers.HttpActionContext actionContext, ModelBindingContext bindingContext)
{
var modelType = GetModelTypeFromExpressionType(bindingContext.ModelType);
if (modelType == null)
{
return(false);
}
var body = default(Expression);
var parameter = Expression.Parameter(modelType, modelType.Name);
foreach (var property in modelType.GetProperties())
{
var queryValue = GetValueAndHandleModelState(property, bindingContext.ValueProvider, controllerContext.Controller);
if (queryValue == null)
{
continue;
}
Expression proeprtyCondition = null;
if (property.PropertyType == typeof(string))
{
if (!string.IsNullOrEmpty(queryValue as string))
{
proeprtyCondition = parameter.Property(property.Name)
.Call("Contains", Expression.Constant(queryValue));
}
}
else if (property.PropertyType == typeof(DateTime?))
{
proeprtyCondition = parameter
.Property(property.Name)
.Property("Value")
.Property("Date")
.Equal(Expression.Constant(queryValue));
}
else
{
proeprtyCondition = parameter
.Property(property.Name)
.Equal(Expression.Constant(queryValue));
}
if (proeprtyCondition != null)
{
body = body != null?body.AndAlso(proeprtyCondition) : proeprtyCondition;
}
}
if (body == null)
{
body = Expression.Constant(true);
}
return(body.ToLambda(parameter));
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (!actionContext.ActionArguments.ContainsKey("secret") ||
!this.storedSecret.Equals(actionContext.ActionArguments["secret"]))
{
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.Unauthorized, "Unauthorized access");
}
base.OnActionExecuting(actionContext);
}
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(actionContext);
}
else
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
SessionFactories = (ISessionFactoriesManager)GlobalConfiguration.Configuration
.DependencyResolver.GetService(typeof(ISessionFactoriesManager));
foreach (var sessionFactory in SessionFactories.GetSessionFactories())
{
var session = sessionFactory.Value.OpenSession();
CurrentSessionContext.Bind(session);
session.BeginTransaction();
}
}
bool IsUserFirm(System.Web.Http.Controllers.HttpActionContext actionContext)
{
/*var userId = actionContext.RequestContext.Principal.Identity.GetUserId();
* var firmId = (object)null;
* if (!actionContext.RequestContext.RouteData.Values.TryGetValue("firmId", out firmId) || string.IsNullOrWhiteSpace(firmId as string))
* return false;
*
* return this.repository.Exists(userId, firmId as string);*/
Trace.TraceInformation("AuthorizeFirmFilter call #" + this.repository.GetHashCode());
return(this.repository.Exists("123", "111"));
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (!actionContext.ModelState.IsValid)
{
throw new HttpResponseException(
actionContext.Request.CreateErrorResponse(
System.Net.HttpStatusCode.BadRequest,
actionContext.ModelState));
}
base.OnActionExecuting(actionContext);
}
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//DOCUMENTATION: RFC 6750 http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html
//WWW-Authenticate Header
System.Web.HttpContext.Current.Response.Headers.Add("WWW-Authenticate", "Bearer");
//--------------------------------------------------------------------------------
//401 Unauthorized
int statusCode = (int)System.Net.HttpStatusCode.OK;
var error = "";
var error_description = Gale.Exception.Errors.ResourceManager.GetString(_errorCode);
switch (_errorCode)
{
case "BEARER_TOKEN_NOT_FOUND":
//400 BAD REQUEST
statusCode = (int)System.Net.HttpStatusCode.BadRequest;
error = "invalid_request";
break;
case "TOKEN_EXPIRED":
//419 SESSION TIMEOUT
statusCode = 419;
error = "token_expired";
break;
case "ACCESS_UNAUTHORIZED":
//401 UNAUTHORIZED
statusCode = (int)System.Net.HttpStatusCode.Unauthorized;
error = "access_denied";
break;
case "INVALID_TOKEN":
//400 BAD REQUEST
statusCode = (int)System.Net.HttpStatusCode.BadRequest;
error = "invalid_token";
break;
}
//--------------------------------------------------------------------------------
throw new HttpResponseException(new System.Net.Http.HttpResponseMessage()
{
ReasonPhrase = error,
StatusCode = (System.Net.HttpStatusCode)statusCode,
Content = new System.Net.Http.ObjectContent <AuthorizeError>(new AuthorizeError()
{
error = error,
error_description = error_description,
code = _errorCode
},
new System.Net.Http.Formatting.JsonMediaTypeFormatter())
});
}
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (!base.IsAuthorized(actionContext))
{
return(false);
}
var principal = Thread.CurrentPrincipal as AgentClaimsPrincipal;
return(principal != null && principal.IdentityValid);
}
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (AuthorizationProvider == null)
{
throw new SecurityException("The AuthorizationProvider property has not been set for WebApiAdminRequiredAttribute.", null);
}
IPrincipal principal = Thread.CurrentPrincipal;
return(AuthorizationProvider.IsAdmin(principal));
}
/// <summary>
/// Returns a ModelValidator for the current context.
/// </summary>
protected ModelValidator GetModelValidator()
{
// call default model validator's Validate method
var resolver = Configuration.Services;
var validator = resolver.GetBodyModelValidator();
var modelMetadataProvider = resolver.GetModelMetadataProvider();
var controllerDescriptor = ControllerContext.ControllerDescriptor;
var actionDescriptor = controllerDescriptor.HttpActionSelector.SelectAction(ControllerContext);
var actionContext = new System.Web.Http.Controllers.HttpActionContext(ControllerContext, actionDescriptor);
return(new ModelValidator(validator, modelMetadataProvider, actionContext));
}
} // constructor
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) {
base.OnActionExecuting(actionContext);
if (!m_oSecurity.IsActionEnabled(actionContext.Request.GetUserName(), m_nAction)) {
actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
GetApiVersion(actionContext),
actionContext.Request,
HttpStatusCode.Forbidden,
"You are not authorized to perform this action."
);
} // if
} // OnActionExecuting
private bool Authorize(System.Web.Http.Controllers.HttpActionContext actionContext)
{
try
{
var apiKey = (from h in actionContext.Request.Headers where h.Key == "apikey" select h.Value.First()).FirstOrDefault();
return(apiKey == WebConfigurationManager.AppSettings["apikey"]);
}
catch (Exception)
{
return(false);
}
}
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
try
{
string authString = actionContext.Request.Headers.Authorization.Parameter;
string origString = Encoding.UTF8.GetString(Convert.FromBase64String(authString));
string[] items = origString.Split(new char[] { ':' });
if (items.Length != 2)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string username = items[0];
string password = items[1];
string ConnectionString = ConfigurationManager.ConnectionStrings["GammaStoreConnectionString"].ConnectionString;
using (SqlConnection conn = new SqlConnection(ConnectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("select password from users where username like @Username", conn);
cmd.Parameters.AddWithValue("@Username", username);
object o = cmd.ExecuteScalar();
if (o == null || o == DBNull.Value)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string dbpass = o.ToString();
if (dbpass != password)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
}
}
catch
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.InternalServerError);
}
}
base.OnAuthorization(actionContext);
}
public override void OnActionExecuting(TActionContext context)
{
LocalizationRoute route = context.RequestContext.RouteData.Route as LocalizationRoute;
// Route doesn't contain culture information so return
if (route == null || string.IsNullOrEmpty(route.Culture))
{
return;
}
// Route contains culture information
string cultureName = route.Culture;
// Set culture
CultureInfo cultureInfo = new CultureInfo(cultureName);
// Try to override to region dependent browser culture
if (TryToPreserverBrowserRegionCulture)
{
if (AcceptedCultures.Count == 0)
{
throw new InvalidOperationException("TryToPreserverBrowserRegionCulture can only be used in combination with AcceptedCultures.");
}
#if ASPNETWEBAPI
cultureInfo =
Localization.DetectCultureFromBrowserUserLanguages(
new HashSet<string>(AcceptedCultures.Where(culture => culture.StartsWith(cultureInfo.Name))), cultureInfo.Name)(
context.Request);
#else
cultureInfo =
Localization.DetectCultureFromBrowserUserLanguages(
new HashSet<string>(AcceptedCultures.Where(culture => culture.StartsWith(cultureInfo.Name))), cultureInfo.Name)(
context.HttpContext.ApplicationInstance.Context);
#endif
}
if (SetCurrentCulture)
{
Thread.CurrentThread.CurrentCulture = cultureInfo;
}
if (SetCurrentUICulture)
{
Thread.CurrentThread.CurrentUICulture = cultureInfo;
}
#if ASPNETWEBAPI
CultureSelected(this, new CultureSelectedEventArgs() { SelectedCulture = cultureName, Context = context.RequestContext });
#else
CultureSelected(this, new CultureSelectedEventArgs() { SelectedCulture = cultureName, Context = context.HttpContext });
#endif
}
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var response = actionContext.ControllerContext.Request
.CreateResponse(HttpStatusCode.Unauthorized, currentUser.DisplayName + " is not authorized to use this application.");
HttpResponseException ex = new HttpResponseException(response);
//log error.
DataAccess.addError(currentUser.Sid.ToString(), currentUser.GivenName + " "
+ currentUser.Surname, "Authentication", response.StatusCode + ": "
+ response.RequestMessage);
throw ex;
}
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization != null)
{
var auth = actionContext.Request.Headers.Authorization;
string authHeader = actionContext.Request.Headers.Authorization.Parameter;
if (auth == null || string.IsNullOrEmpty(authHeader))
{
HandleUnauthorizedRequest(actionContext);
return;
}
if ((authHeader.Length % 4) != 0 && !Regex.IsMatch(authHeader, "^[A-Z0-9/+=]*$", RegexOptions.IgnoreCase))
{
HandleUnauthorizedRequest(actionContext);
return;
}
string userInfo = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader));
if (!userInfo.Contains(":"))
{
HandleUnauthorizedRequest(actionContext);
return;
}
var tokens = userInfo.Split(':');
if (tokens.Length < 2)
{
HandleUnauthorizedRequest(actionContext);
return;
}
if (auth.Scheme == "Basic")
{
LoginNameLogin(actionContext, userInfo);
return;
}
if (auth.Scheme == "Weixin")
{
WeixinLogin(actionContext, userInfo);
return;
}
HandleUnauthorizedRequest(actionContext);
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
/// <summary>
/// OnAuthorization
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
// Validate that the Authorization header has a valid token
var token = MyEventsToken.GetTokenFromHeader();
if (token != null && !token.IsExpired())
{
return;
}
base.OnAuthorization(actionContext);
}
private void InitialiseApiCaller(ApiToken applicationToken)
{
var applicationSecurityAttribute = new ApplicationSecurityAttribute();
var actionContext = new System.Web.Http.Controllers.HttpActionContext();
Request.Headers.Add(applicationToken.TokenKeyName, applicationToken.TokenKey);
actionContext.ControllerContext = this.ControllerContext;
applicationSecurityAttribute.OnActionExecuting(actionContext);
}
/// <summary>
/// Returns a ModelValidator for the current context.
/// </summary>
protected ModelValidator GetModelValidator()
{
// call default model validator's Validate method
var resolver = Configuration.Services;
var validator = resolver.GetBodyModelValidator();
var modelMetadataProvider = resolver.GetModelMetadataProvider();
var controllerDescriptor = ControllerContext.ControllerDescriptor;
var actionDescriptor = controllerDescriptor.HttpActionSelector.SelectAction(ControllerContext);
var actionContext = new System.Web.Http.Controllers.HttpActionContext(ControllerContext, actionDescriptor);
return new ModelValidator(validator, modelMetadataProvider, actionContext);
}
