public override void OnAuthorization(HttpActionContext actionContext) { System.Net.Http.Headers.AuthenticationHeaderValue authorizationHeader = actionContext.Request.Headers.Authorization; var result = HmacResult.FailedForUnknownReason; var controllingData = WebApiCachingControllingData.Data(); var dependencyScope = actionContext.Request.GetDependencyScope(); var utcNow = DateTime.UtcNow; Customer customer = null; try { result = IsAuthenticated(actionContext, dependencyScope, controllingData, utcNow, out customer); } catch (Exception exception) { exception.Dump(); } if (result == HmacResult.Success) { // Inform core about the authentication. Note, you cannot use IWorkContext.set_CurrentCustomer here. HttpContext.Current.User = new SmartStorePrincipal(customer, HmacAuthentication.Scheme1); var response = HttpContext.Current.Response; response.AddHeader(WebApiGlobal.Header.AppVersion, SmartStoreVersion.CurrentFullVersion); response.AddHeader(WebApiGlobal.Header.Version, controllingData.Version); response.AddHeader(WebApiGlobal.Header.MaxTop, controllingData.MaxTop.ToString()); response.AddHeader(WebApiGlobal.Header.Date, utcNow.ToString("o")); response.AddHeader(WebApiGlobal.Header.CustomerId, customer.Id.ToString()); response.Cache.SetCacheability(HttpCacheability.NoCache); } else { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); var headers = actionContext.Response.Headers; var authorization = actionContext.Request.Headers.Authorization; // See RFC-2616 var scheme = _hmac.GetWwwAuthenticateScheme(authorization != null ? authorization.Scheme : null); headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(scheme)); headers.Add(WebApiGlobal.Header.AppVersion, SmartStoreVersion.CurrentFullVersion); headers.Add(WebApiGlobal.Header.Version, controllingData.Version); headers.Add(WebApiGlobal.Header.MaxTop, controllingData.MaxTop.ToString()); headers.Add(WebApiGlobal.Header.Date, utcNow.ToString("o")); headers.Add(WebApiGlobal.Header.HmacResultId, ((int)result).ToString()); headers.Add(WebApiGlobal.Header.HmacResultDescription, result.ToString()); if (controllingData.LogUnauthorized) { LogUnauthorized(actionContext, dependencyScope, result, customer); } } }
public override void OnAuthorization(HttpActionContext actionContext) { var result = HmacResult.FailedForUnknownReason; var cacheControllingData = WebApiCachingControllingData.Data(); var now = DateTime.UtcNow; Customer customer = null; try { result = IsAuthenticated(actionContext, now, cacheControllingData, out customer); } catch (Exception exc) { exc.Dump(); } if (result == HmacResult.Success) { _workContext.CurrentCustomer = customer; var response = HttpContext.Current.Response; response.AddHeader(WebApiGlobal.Header.Version, cacheControllingData.Version); response.AddHeader(WebApiGlobal.Header.MaxTop, WebApiGlobal.MaxTop.ToString()); response.AddHeader(WebApiGlobal.Header.Date, now.ToString("o")); response.Cache.SetCacheability(HttpCacheability.NoCache); } else { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); var headers = actionContext.Response.Headers; var scheme = _hmac.GetWwwAuthenticateScheme(actionContext.Request.Headers.Authorization.Scheme); headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(scheme)); // see RFC-2616 headers.Add(WebApiGlobal.Header.Version, cacheControllingData.Version); headers.Add(WebApiGlobal.Header.MaxTop, WebApiGlobal.MaxTop.ToString()); headers.Add(WebApiGlobal.Header.Date, now.ToString("o")); headers.Add(WebApiGlobal.Header.HmacResultId, ((int)result).ToString()); headers.Add(WebApiGlobal.Header.HmacResultDescription, result.ToString()); if (cacheControllingData.LogUnauthorized) { LogUnauthorized(actionContext, result, customer); } } }