public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { var JsonFormatter = actionContext.ControllerContext.Configuration.Formatters.JsonFormatter; if (JsonFormatter != null) { JsonFormatter.SerializerSettings.DateFormatString = FormatString; } base.OnActionExecuting(actionContext); }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { return(false); } Guid accessTokenId = new Guid(actionContext.Request.Headers.Authorization.Scheme); bool back = servToken.IsValidAccessToken(accessTokenId, Roles.Split(',')); return(back); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (AuthorizeRequest(actionContext)) { return; } HandleUnauthorizedRequest(actionContext); }
private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext) { var routeData = actionContext.Request.GetRouteData(); var resourceUserName = routeData.Values["userName"] as string; if (resourceUserName == userName) { return(true); } return(false); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { #region 2.得到传给WEBAPI的参数值 HttpContextWrapper content = (HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]; //假设POST过来两个参数值 Plain 和Signature string Plain = content.Request.Form["Plain"]; string Signature = content.Request.Form["Signature"]; #endregion base.OnActionExecuting(actionContext); }
private TokenModel ParseRequestHeaders(System.Web.Http.Controllers.HttpActionContext actionContext) { var httpRequestHeader = actionContext.Request.Headers.GetValues("Authorization").FirstOrDefault(); httpRequestHeader = httpRequestHeader.Substring("Basic ".Length); string TokenModel = Encoding.UTF8.GetString(Convert.FromBase64String(httpRequestHeader)); TokenModel token = JsonConvert.DeserializeObject <TokenModel>(TokenModel); return(token); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnActionExecuting(actionContext); string clientIp = GetIpaddress(); //检验ip地址合法性 if (!ValidateIpAddress(clientIp)) { TokenHandleUnauthorizedRequest(actionContext, "非法地址,请求无效。该地址为" + clientIp); } }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { //if (base.IsAuthorized(actionContext)) //{ return(IsUserFirm(actionContext)); //} //else //{ // return false; //} }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { var controller = actionContext.ControllerContext.Controller as ExtendedApiController; if (controller == null) { return; } controller.Session = WebApiApplication.Store.OpenSession(); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.ModelState.IsValid) { return; } var erros = GetErrosDeValidacao(actionContext); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, erros); }
/// <summary> /// 处理未登录的异常相应 /// </summary> /// <param name="actionContext"></param> protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { base.HandleUnauthorizedRequest(actionContext); var response = actionContext.Response = actionContext.Response ?? new HttpResponseMessage(); response.StatusCode = HttpStatusCode.Forbidden; response.Content = new ObjectContent <ForbiddenResponse>(new ForbiddenResponse() { Message = "Token已过期,请重新登录" }, GlobalConfiguration.Configuration.Formatters.JsonFormatter); }
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { if (!HttpContext.Current.User.Identity.IsAuthenticated) { base.HandleUnauthorizedRequest(actionContext); } else { //actionContext.Response = actionContext.Request.CreateResponse(); } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { var requestInfo = actionContext.Request.GetRequestProcessInfo(); if (requestInfo == null) { requestInfo = BuildRequestInfo(actionContext); actionContext.Request.SetRequestProcessInfo(requestInfo); } base.OnActionExecuting(actionContext); }
protected virtual void UpdateDebugResponseHeader(System.Web.Http.Controllers.HttpActionContext actionContext) { if (System.Web.HttpContext.Current.Items.Contains(apiController.GuidKey)) { string actionHeaderGuidValue = System.Web.HttpContext.Current.Items[apiController.GuidKey].ToString(); if (!actionContext.Response.Headers.Contains(apiController.actionHeaderGuidName)) { actionContext.Response.Headers.Add(apiController.actionHeaderGuidName, actionHeaderGuidValue); } } }
public bool BindModel(System.Web.Http.Controllers.HttpActionContext actionContext, ModelBindingContext bindingContext) { var modelType = GetModelTypeFromExpressionType(bindingContext.ModelType); if (modelType == null) { return(false); } var body = default(Expression); var parameter = Expression.Parameter(modelType, modelType.Name); foreach (var property in modelType.GetProperties()) { var queryValue = GetValueAndHandleModelState(property, bindingContext.ValueProvider, controllerContext.Controller); if (queryValue == null) { continue; } Expression proeprtyCondition = null; if (property.PropertyType == typeof(string)) { if (!string.IsNullOrEmpty(queryValue as string)) { proeprtyCondition = parameter.Property(property.Name) .Call("Contains", Expression.Constant(queryValue)); } } else if (property.PropertyType == typeof(DateTime?)) { proeprtyCondition = parameter .Property(property.Name) .Property("Value") .Property("Date") .Equal(Expression.Constant(queryValue)); } else { proeprtyCondition = parameter .Property(property.Name) .Equal(Expression.Constant(queryValue)); } if (proeprtyCondition != null) { body = body != null?body.AndAlso(proeprtyCondition) : proeprtyCondition; } } if (body == null) { body = Expression.Constant(true); } return(body.ToLambda(parameter)); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (!actionContext.ActionArguments.ContainsKey("secret") || !this.storedSecret.Equals(actionContext.ActionArguments["secret"])) { actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, "Unauthorized access"); } base.OnActionExecuting(actionContext); }
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { if (!HttpContext.Current.User.Identity.IsAuthenticated) { base.HandleUnauthorizedRequest(actionContext); } else { actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden); } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { SessionFactories = (ISessionFactoriesManager)GlobalConfiguration.Configuration .DependencyResolver.GetService(typeof(ISessionFactoriesManager)); foreach (var sessionFactory in SessionFactories.GetSessionFactories()) { var session = sessionFactory.Value.OpenSession(); CurrentSessionContext.Bind(session); session.BeginTransaction(); } }
bool IsUserFirm(System.Web.Http.Controllers.HttpActionContext actionContext) { /*var userId = actionContext.RequestContext.Principal.Identity.GetUserId(); * var firmId = (object)null; * if (!actionContext.RequestContext.RouteData.Values.TryGetValue("firmId", out firmId) || string.IsNullOrWhiteSpace(firmId as string)) * return false; * * return this.repository.Exists(userId, firmId as string);*/ Trace.TraceInformation("AuthorizeFirmFilter call #" + this.repository.GetHashCode()); return(this.repository.Exists("123", "111")); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (!actionContext.ModelState.IsValid) { throw new HttpResponseException( actionContext.Request.CreateErrorResponse( System.Net.HttpStatusCode.BadRequest, actionContext.ModelState)); } base.OnActionExecuting(actionContext); }
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { //DOCUMENTATION: RFC 6750 http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html //WWW-Authenticate Header System.Web.HttpContext.Current.Response.Headers.Add("WWW-Authenticate", "Bearer"); //-------------------------------------------------------------------------------- //401 Unauthorized int statusCode = (int)System.Net.HttpStatusCode.OK; var error = ""; var error_description = Gale.Exception.Errors.ResourceManager.GetString(_errorCode); switch (_errorCode) { case "BEARER_TOKEN_NOT_FOUND": //400 BAD REQUEST statusCode = (int)System.Net.HttpStatusCode.BadRequest; error = "invalid_request"; break; case "TOKEN_EXPIRED": //419 SESSION TIMEOUT statusCode = 419; error = "token_expired"; break; case "ACCESS_UNAUTHORIZED": //401 UNAUTHORIZED statusCode = (int)System.Net.HttpStatusCode.Unauthorized; error = "access_denied"; break; case "INVALID_TOKEN": //400 BAD REQUEST statusCode = (int)System.Net.HttpStatusCode.BadRequest; error = "invalid_token"; break; } //-------------------------------------------------------------------------------- throw new HttpResponseException(new System.Net.Http.HttpResponseMessage() { ReasonPhrase = error, StatusCode = (System.Net.HttpStatusCode)statusCode, Content = new System.Net.Http.ObjectContent <AuthorizeError>(new AuthorizeError() { error = error, error_description = error_description, code = _errorCode }, new System.Net.Http.Formatting.JsonMediaTypeFormatter()) }); }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { if (!base.IsAuthorized(actionContext)) { return(false); } var principal = Thread.CurrentPrincipal as AgentClaimsPrincipal; return(principal != null && principal.IdentityValid); }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { if (AuthorizationProvider == null) { throw new SecurityException("The AuthorizationProvider property has not been set for WebApiAdminRequiredAttribute.", null); } IPrincipal principal = Thread.CurrentPrincipal; return(AuthorizationProvider.IsAdmin(principal)); }
/// <summary> /// Returns a ModelValidator for the current context. /// </summary> protected ModelValidator GetModelValidator() { // call default model validator's Validate method var resolver = Configuration.Services; var validator = resolver.GetBodyModelValidator(); var modelMetadataProvider = resolver.GetModelMetadataProvider(); var controllerDescriptor = ControllerContext.ControllerDescriptor; var actionDescriptor = controllerDescriptor.HttpActionSelector.SelectAction(ControllerContext); var actionContext = new System.Web.Http.Controllers.HttpActionContext(ControllerContext, actionDescriptor); return(new ModelValidator(validator, modelMetadataProvider, actionContext)); }
} // constructor public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnActionExecuting(actionContext); if (!m_oSecurity.IsActionEnabled(actionContext.Request.GetUserName(), m_nAction)) { actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Forbidden, "You are not authorized to perform this action." ); } // if } // OnActionExecuting
private bool Authorize(System.Web.Http.Controllers.HttpActionContext actionContext) { try { var apiKey = (from h in actionContext.Request.Headers where h.Key == "apikey" select h.Value.First()).FirstOrDefault(); return(apiKey == WebConfigurationManager.AppSettings["apikey"]); } catch (Exception) { return(false); } }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { try { string authString = actionContext.Request.Headers.Authorization.Parameter; string origString = Encoding.UTF8.GetString(Convert.FromBase64String(authString)); string[] items = origString.Split(new char[] { ':' }); if (items.Length != 2) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string username = items[0]; string password = items[1]; string ConnectionString = ConfigurationManager.ConnectionStrings["GammaStoreConnectionString"].ConnectionString; using (SqlConnection conn = new SqlConnection(ConnectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand("select password from users where username like @Username", conn); cmd.Parameters.AddWithValue("@Username", username); object o = cmd.ExecuteScalar(); if (o == null || o == DBNull.Value) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string dbpass = o.ToString(); if (dbpass != password) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } } } } catch { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.InternalServerError); } } base.OnAuthorization(actionContext); }
public override void OnActionExecuting(TActionContext context) { LocalizationRoute route = context.RequestContext.RouteData.Route as LocalizationRoute; // Route doesn't contain culture information so return if (route == null || string.IsNullOrEmpty(route.Culture)) { return; } // Route contains culture information string cultureName = route.Culture; // Set culture CultureInfo cultureInfo = new CultureInfo(cultureName); // Try to override to region dependent browser culture if (TryToPreserverBrowserRegionCulture) { if (AcceptedCultures.Count == 0) { throw new InvalidOperationException("TryToPreserverBrowserRegionCulture can only be used in combination with AcceptedCultures."); } #if ASPNETWEBAPI cultureInfo = Localization.DetectCultureFromBrowserUserLanguages( new HashSet<string>(AcceptedCultures.Where(culture => culture.StartsWith(cultureInfo.Name))), cultureInfo.Name)( context.Request); #else cultureInfo = Localization.DetectCultureFromBrowserUserLanguages( new HashSet<string>(AcceptedCultures.Where(culture => culture.StartsWith(cultureInfo.Name))), cultureInfo.Name)( context.HttpContext.ApplicationInstance.Context); #endif } if (SetCurrentCulture) { Thread.CurrentThread.CurrentCulture = cultureInfo; } if (SetCurrentUICulture) { Thread.CurrentThread.CurrentUICulture = cultureInfo; } #if ASPNETWEBAPI CultureSelected(this, new CultureSelectedEventArgs() { SelectedCulture = cultureName, Context = context.RequestContext }); #else CultureSelected(this, new CultureSelectedEventArgs() { SelectedCulture = cultureName, Context = context.HttpContext }); #endif }
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { var response = actionContext.ControllerContext.Request .CreateResponse(HttpStatusCode.Unauthorized, currentUser.DisplayName + " is not authorized to use this application."); HttpResponseException ex = new HttpResponseException(response); //log error. DataAccess.addError(currentUser.Sid.ToString(), currentUser.GivenName + " " + currentUser.Surname, "Authentication", response.StatusCode + ": " + response.RequestMessage); throw ex; }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization != null) { var auth = actionContext.Request.Headers.Authorization; string authHeader = actionContext.Request.Headers.Authorization.Parameter; if (auth == null || string.IsNullOrEmpty(authHeader)) { HandleUnauthorizedRequest(actionContext); return; } if ((authHeader.Length % 4) != 0 && !Regex.IsMatch(authHeader, "^[A-Z0-9/+=]*$", RegexOptions.IgnoreCase)) { HandleUnauthorizedRequest(actionContext); return; } string userInfo = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader)); if (!userInfo.Contains(":")) { HandleUnauthorizedRequest(actionContext); return; } var tokens = userInfo.Split(':'); if (tokens.Length < 2) { HandleUnauthorizedRequest(actionContext); return; } if (auth.Scheme == "Basic") { LoginNameLogin(actionContext, userInfo); return; } if (auth.Scheme == "Weixin") { WeixinLogin(actionContext, userInfo); return; } HandleUnauthorizedRequest(actionContext); } else { HandleUnauthorizedRequest(actionContext); } }
/// <summary> /// OnAuthorization /// </summary> /// <param name="actionContext"></param> public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { // Validate that the Authorization header has a valid token var token = MyEventsToken.GetTokenFromHeader(); if (token != null && !token.IsExpired()) { return; } base.OnAuthorization(actionContext); }
private void InitialiseApiCaller(ApiToken applicationToken) { var applicationSecurityAttribute = new ApplicationSecurityAttribute(); var actionContext = new System.Web.Http.Controllers.HttpActionContext(); Request.Headers.Add(applicationToken.TokenKeyName, applicationToken.TokenKey); actionContext.ControllerContext = this.ControllerContext; applicationSecurityAttribute.OnActionExecuting(actionContext); }
/// <summary> /// Returns a ModelValidator for the current context. /// </summary> protected ModelValidator GetModelValidator() { // call default model validator's Validate method var resolver = Configuration.Services; var validator = resolver.GetBodyModelValidator(); var modelMetadataProvider = resolver.GetModelMetadataProvider(); var controllerDescriptor = ControllerContext.ControllerDescriptor; var actionDescriptor = controllerDescriptor.HttpActionSelector.SelectAction(ControllerContext); var actionContext = new System.Web.Http.Controllers.HttpActionContext(ControllerContext, actionDescriptor); return new ModelValidator(validator, modelMetadataProvider, actionContext); }