private async Task <bool> IsAuthorizedAsync(HttpActionContext actionContext) { try { string token = string.Empty; if (actionContext.Request.Headers.TryGetValues("Token", out var values)) { token = values.FirstOrDefault(); } if (string.IsNullOrEmpty(token)) { if (actionContext.ActionArguments.FirstOrDefault(x => x.Value is ITokenAuthorization).Value is ITokenAuthorization clientToken) { token = clientToken.Token; } if (string.IsNullOrEmpty(token)) { Logger.ServiceLog.Warn($"TokenAuthorizationFilter: missing Token. {actionContext.ActionDescriptor.ActionName}"); return(false); } //Logger.ServiceLog.Info($"TokenAuthorizationFilter: missing Token in Headers. The Token is taken from the request body. {actionContext.ActionDescriptor.ActionName}"); } Session session = null; var bl = RedisBLFactory.CreateAuthenicationRedisBl(); session = await bl.GetClientSession(token); if (session == null) { var siteInfo = new SiteInfo(); try { siteInfo.PartnerId = Convert.ToInt32(actionContext.ControllerContext.RouteData.Values["partnerId"]); siteInfo.LangId = Convert.ToString(actionContext.ControllerContext.RouteData.Values["langId"]); } catch { } if (siteInfo.PartnerId > 0) { try { string partnerApiToken = $"PartnerAPI_{siteInfo.PartnerId}_{token}"; ClientSession clientsession; if (actionContext.ActionDescriptor.ControllerDescriptor.ControllerType == typeof(ClientController) && string.Compare(actionContext.ActionDescriptor.ActionName, "RestoreLogin", StringComparison.InvariantCultureIgnoreCase) == 0) { int?cashDeskId = null; //if (requestData["CashDeskId"] != null) // cashDeskId = requestData["CashDeskId"].Value<int?>(); using (var clientBl = WebApiApplication.BlFactory.CreateClientsBL(null, WebApiApplication.GetSessionInfo(siteInfo), false)) clientsession = await clientBl.TryGetClientSessionFromPartner(siteInfo.PartnerId, token, cashDeskId); if (clientsession != null) { session = Mapper.Map <ClientSession, Session>(clientsession); await bl.AddClientSession(partnerApiToken, session, true); } } else { session = await bl.GetClientSession(partnerApiToken); if (session != null) { await bl.RefreshToken(partnerApiToken, session); } if (session is null) { using (var clientBl = WebApiApplication.BlFactory.CreateClientsBL(null, WebApiApplication.GetSessionInfo(siteInfo), false)) clientsession = clientBl.TryAuthorizeToken(siteInfo.PartnerId, token); if (clientsession != null) { session = Mapper.Map <ClientSession, Session>(clientsession); } } } } catch (Exception ex) { Logger.ServiceLog.Error(ex, "TokenAuthorizationFilter-TryPartnerAPI with token {0} for PartnerId {1}.", token, siteInfo.PartnerId); throw; } } } var controller = actionContext.ControllerContext.Controller as BaseController; if (controller == null || session == null) { return(false); } if (session.AuthenticationStatus == AuthenticationStatus.TwoFactorCodeNeeded) { var actionAnonymousAttribute = actionContext.ActionDescriptor.GetCustomAttributes <TwoFactorCodeAttribute>(); if (!actionAnonymousAttribute.Any()) { return(false); } } controller.ClientSession = session; return(true); } catch (Exception ex) { Logger.ServiceLog.Error(ex, "TokenAuthorizationFilter-Unexpected error."); return(false); } }