/// <summary>
/// ApplicationOAuthProvider
/// </summary>
public ApplicationOAuthProvider()
{
//_kullanicilarService = WebApiInstaller.Resolve<IKullanicilarService>();
_userService = WebApiInstaller.Resolve <IUsersService>();
_clientService = WebApiInstaller.Resolve <IClientsService>();
_logger = WebApiInstaller.Resolve <ICoreLogger>();
}
/// <summary>
/// Application_Start
/// </summary>
protected void Application_Start()
{
//Trace Logger Installer
var traceLoggerService = WebApiInstaller.Resolve <ITraceWriter>();
GlobalConfiguration.Configuration.Services.Replace(typeof(ITraceWriter), traceLoggerService);
}
public void Configuration(IAppBuilder app)
{
var logger = WebApiInstaller.Resolve <ICoreLogger>();
logger.Info(GetType(), null, "Startup.Configuration Started.");
HttpConfiguration config = new HttpConfiguration();
// Newtonsoft.JSON kütüphanesinde nested nesnelerin birbirlerine dönüşümünde yaşanan StackOverFlow exception için eklenmiştir.
config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
// Custom Filters
config.Filters.Add(new SessionAuthorizeAttribute());
config.Filters.Add(new WebApiActionLoggerAttribute());
// Message Handlers (For Logging)
config.MessageHandlers.Add(new ApiLogHandler(GetType().Namespace));
// Controller and Actions persisting
ControllerPersister persister = new ControllerPersister();
persister.PersistControllerActions(typeof(Controllers.CodeTableController));
// Register OWIN Middleware
app.Use <GlobalExceptionMiddleware>();
//Register other middlewares
config.Services.Replace(typeof(IExceptionHandler), new GlobalExceptionHandler(GetType().Namespace));
// Constructor Injection Installer
config.Services.Replace(typeof(System.Web.Http.Dispatcher.IHttpControllerActivator), WebApiInstaller.Installer());
logger.Info(GetType(), null, "Dependency Injection Replaced.");
ConfigureOAuth(app);
logger.Info(GetType(), null, "OAuth configuration finished.");
WebApiConfig.Register(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
logger.Info(GetType(), null, "Startup.Configuration completed.");
}
private bool hasPermission(HttpActionContext actionContext)
{
try
{
string controllerName = actionContext.ControllerContext.ControllerDescriptor.ControllerType.Name;
string actionName = actionContext.ActionDescriptor.ActionName;
string userId = string.Empty;
string userName = string.Empty;
if (actionContext.Request.Properties.ContainsKey("MS_OwinContext"))
{
var context = (OwinContext)actionContext.Request.Properties["MS_OwinContext"];
var claimsIdentity = context.Authentication.User.Identity as ClaimsIdentity;
if (claimsIdentity.Claims.ToList().Count > 0)
{
Claim claimsUserId = claimsIdentity.Claims.Where(s => s.Type == ClaimTypes.PrimarySid).FirstOrDefault();
Claim claimsUserName = claimsIdentity.Claims.Where(s => s.Type == ClaimTypes.Name).FirstOrDefault();
userId = claimsUserId != null ? claimsUserId.Value : string.Empty;
userName = claimsUserName != null ? claimsUserName.Value : string.Empty;
}
var usersService = WebApiInstaller.Resolve <IUsersService>();
var roleInPagesService = WebApiInstaller.Resolve <IRoleInPagesService>();
var controllerInActionService = WebApiInstaller.Resolve <IControllerActionsService>();
if (string.IsNullOrEmpty(userId))
{
return(false);
}
UsersModelLite user = usersService.GetAsync(int.Parse(userId)).Result;
if (user == null)
{
return(false);
}
if (user.Roles.Count < 1)
{
return(false);
}
var controllerInActions = controllerInActionService.GetControllerActionsByControllerAndActionAsync(controllerName, actionName).Result;
if (controllerInActions == null)
{
return(false);
}
List <RoleInPagesModel> roleInPageList = new List <RoleInPagesModel>();
foreach (int roleId in user.Roles)
{
var result = roleInPagesService.GetByRoleIdAsync(roleId).Result;
if (result != null)
{
roleInPageList.AddRange(result);
}
}
foreach (RoleInPagesModel model in roleInPageList.Distinct())
{
switch (controllerInActions.OperationType)
{
case OperationType.Create:
if (model.Create)
{
return(true);
}
break;
case OperationType.Read:
if (model.Read)
{
return(true);
}
break;
case OperationType.Update:
if (model.Update)
{
return(true);
}
break;
case OperationType.Delete:
if (model.Delete)
{
return(true);
}
break;
case OperationType.Operation:
if (model.Create && model.Read && model.Update && model.Delete)
{
return(true);
}
break;
default:
break;
}
}
// var user = usersService.GetAsync(int.Parse(userId)).Result;
//var roleList = user.Roles.Where(
// u => u.Pages.Where(
// p => p.ControllerActions.Where(
// c => c.Controller == controllerName && c.Action == actionName).Count() > 0).Count() > 0).ToList();
//if (roleList.Count > 0)
// return true;
//else
// return false;
}
return(false);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RefreshTokenProvider
/// </summary>
public RefreshTokenProvider()
{
_refreshTokenService = WebApiInstaller.Resolve <IRefreshTokenService>();
_logger = WebApiInstaller.Resolve <ICoreLogger>();
}
public void PersistControllerActions(Type controllerType)
{
try
{
Assembly assembly = Assembly.GetAssembly(controllerType);
var controlleractionlist = assembly.GetTypes()
.Where(type => typeof(ApiController).IsAssignableFrom(type))
.SelectMany(type => type.GetMethods(BindingFlags.Instance | BindingFlags.DeclaredOnly | BindingFlags.Public))
.Select(x => new
{
Controller = x.DeclaringType.Name,
Action = x.Name,
CustomAttributes = x.GetCustomAttributes(false)
});
var controllerActionsService = WebApiInstaller.Resolve <IControllerActionsService>();
List <ControllerActionsModel> listOfControllerActions = controllerActionsService.GetAllAsync().Result.ToList();
foreach (var controller in controlleractionlist)
{
string description = controller.CustomAttributes.OfType <DescriptionAttribute>().FirstOrDefault() != null
? controller.CustomAttributes.OfType <DescriptionAttribute>().FirstOrDefault().Description : string.Empty;
OperationType type;
if (controller.CustomAttributes.OfType <HttpGetAttribute>().FirstOrDefault() != null)
{
type = OperationType.Read;
}
else if (controller.CustomAttributes.OfType <HttpPostAttribute>().FirstOrDefault() != null)
{
type = OperationType.Create;
}
else if (controller.CustomAttributes.OfType <HttpPatchAttribute>().FirstOrDefault() != null)
{
type = OperationType.Update;
}
else if (controller.CustomAttributes.OfType <HttpDeleteAttribute>().FirstOrDefault() != null)
{
type = OperationType.Delete;
}
else
{
type = OperationType.Operation;
}
List <ControllerActionsModel> filteredList = listOfControllerActions.Where(s => s.Controller == controller.Controller && s.Action == controller.Action).ToList();
if (filteredList.Count == 0)
{
ControllerActionsModel model = new ControllerActionsModel()
{
Controller = controller.Controller,
Action = controller.Action,
Description = description,
InsertedBy = 1,
InsertedDate = DateTime.Now,
UpdatedBy = 1,
UpdatedDate = DateTime.Now,
OperationType = type
};
controllerActionsService.InsertAsync(model);
}
else if (filteredList.Count == 1)
{
filteredList.FirstOrDefault().UpdatedDate = DateTime.Now;
controllerActionsService.UpdateAsync(filteredList.FirstOrDefault());
}
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Configuration
/// </summary>
/// <param name="app"></param>
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
//Newtonsoft.JSON kütüphanesinde nested nesnelerin birbirlerine dönüşümünde yaşanan StackOverFlow exception için eklenmiştir.
config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
ConfigureOAuth(app);
//Dependency Injection Installer
config.Services.Replace(typeof(System.Web.Http.Dispatcher.IHttpControllerActivator), WebApiInstaller.Installer());
//WebApiConfig.Register(config);
app.UseCors(CorsOptions.AllowAll);
// Attribute routing
config.MapHttpAttributeRoutes();
Assembly asm = Assembly.GetAssembly(typeof(Controllers.EmpEmployeePkController));
app.UseWebApi(config);
var controllerActionsService = WebApiInstaller.Resolve <IControllerActionsService>();
var controlleractionlist = asm.GetTypes()
.Where(type => typeof(ApiController).IsAssignableFrom(type))
.SelectMany(type => type.GetMethods(BindingFlags.Instance | BindingFlags.DeclaredOnly | BindingFlags.Public))
.Select(x => new
{
Controller = x.DeclaringType.Name,
Action = x.Name,
CustomAttributes = x.GetCustomAttributes(false)
// Description = x.GetCustomAttributes(typeof(DescriptionAttribute), false).Cast<DescriptionAttribute>().FirstOrDefault() != null ? x.GetCustomAttributes(typeof(DescriptionAttribute), false).Cast<DescriptionAttribute>().FirstOrDefault().Description : string.Empty
});
foreach (var controller in controlleractionlist)
{
string description = controller.CustomAttributes.OfType <DescriptionAttribute>().FirstOrDefault() != null?controller.CustomAttributes.OfType <DescriptionAttribute>().FirstOrDefault().Description : string.Empty;
OperationType type;
if (controller.CustomAttributes.OfType <HttpGetAttribute>().FirstOrDefault() != null)
{
type = OperationType.Read;
}
else if (controller.CustomAttributes.OfType <HttpPostAttribute>().FirstOrDefault() != null)
{
type = OperationType.Create;
}
else if (controller.CustomAttributes.OfType <HttpPutAttribute>().FirstOrDefault() != null)
{
type = OperationType.Update;
}
else if (controller.CustomAttributes.OfType <HttpDeleteAttribute>().FirstOrDefault() != null)
{
type = OperationType.Delete;
}
else
{
type = OperationType.Operation;
}
Business.Model.Auth.ControllerActionsModel model = new Business.Model.Auth.ControllerActionsModel()
{
Controller = controller.Controller,
Action = controller.Action,
Description = description, // controller.Description,
InsertedBy = 1,
InsertedDate = System.DateTime.Now,
UpdatedBy = 1,
UpdatedDate = System.DateTime.Now,
OperationType = type
};
//controllerActionsService.SaveOrUpdateAsync(model);
}
}