public override bool CheckAccess(OperationContext operationContext, ref Message message) { // Open the request message using an xml reader XmlReader xr = OperationContext.Current.IncomingMessageHeaders.GetReaderAtHeader(0); // Split the URL at the API name--Parameters junction indicated by the '?' character - taking the first string will ignore all parameters string[] urlSplit = xr.ReadElementContentAsString().Split('/'); // Extract just the API name and rest of the URL, which will be the last item in the split using '/' string[] apiSplit = urlSplit[3].Split('?'); // Logging the username and API name Tracer.WriteUserLog(apiSplit[0] + " request from user: "******"Client IP address : " + ip); } // If the most-privileged-role that this user belongs has access to this api, then allow access, otherwise deny access // Returning true will allow the user to execute the actual API function; Returning false will deny access to the user // TODO: May be we should send back a HTTP error code; will include this after shivi checks in her code if (ChassisManagerSecurity.GetCurrentUserMostPrivilegedRole() <= ChassisManagerSecurity.GetCurrentApiLeastPrivilegedRole(apiSplit[0])) { Tracer.WriteUserLog("CheckAccess: Authorized"); return(true); } else { Tracer.WriteUserLog("CheckAccess: NOT Authorized"); return(false); } }