protected override bool AuthorizeCore(HttpContextBase httpContext) { IFoundation iFoundation = CoreFoundation.Current; Account account = null; bool isPreAuthorized = base.AuthorizeCore(httpContext); // already verified if (httpContext.Items.Contains(CURRENT_ACCOUNT_HTTP_CONTEXT_KEY)) { return(true); } if (isPreAuthorized) { StencilFormsAuthorizer authorizer = iFoundation.Resolve <StencilFormsAuthorizer>(); account = authorizer.Authorize(httpContext.User.Identity.Name); } if (account == null) { // try with headers or QS NameValueCollection query = httpContext.Request.QueryString; string key = query[API_PARAM_KEY]; string signature = query[API_PARAM_SIG]; // from headers string value = httpContext.Request.Headers[API_PARAM_KEY]; if (!string.IsNullOrEmpty(value)) { key = value; } value = httpContext.Request.Headers[API_PARAM_SIG]; if (!string.IsNullOrEmpty(value)) { signature = value; } StencilHashedTimeSignatureAuthorizer authorizer = iFoundation.Resolve <StencilHashedTimeSignatureAuthorizer>(); account = authorizer.Authorize(key, signature); } if (account != null) { httpContext.Items[CURRENT_ACCOUNT_HTTP_CONTEXT_KEY] = account; try { ApiIdentity apiIdentity = new ApiIdentity(account.account_id, string.Format("{0} {1}", account.first_name, account.last_name)); var context = HttpContext.Current; if (context != null) { context.User = new GenericPrincipal(apiIdentity, new string[0]); } } catch (Exception ex) { iFoundation.LogError(ex, "HttpContext.Current.Account"); } return(true); } return(false); }
public bool AuthorizedRequest(HttpActionContext actionContext) { IFoundation iFoundation = CoreFoundation.Current; //weak usage of CoreFoundation.Current Account account = null; bool isPreAuthorized = base.IsAuthorized(actionContext); // already verified [same request?] if (actionContext.Request.Properties.ContainsKey(CURRENT_ACCOUNT_HTTP_CONTEXT_KEY)) { return(true); } if (isPreAuthorized) { StencilFormsAuthorizer authorizer = iFoundation.Resolve <StencilFormsAuthorizer>(); account = authorizer.Authorize(actionContext.RequestContext.Principal.Identity.Name); } if (account == null) { NameValueCollection query = HttpUtility.ParseQueryString(actionContext.Request.RequestUri.ToString()); // from query string string key = query[API_PARAM_KEY]; string signature = query[API_PARAM_SIG]; // from headers if (actionContext.Request.Headers.Contains(API_PARAM_KEY)) { string value = actionContext.Request.Headers.GetValues(API_PARAM_KEY).FirstOrDefault(); if (!string.IsNullOrEmpty(value)) { key = value; } } if (actionContext.Request.Headers.Contains(API_PARAM_SIG)) { string value = actionContext.Request.Headers.GetValues(API_PARAM_SIG).FirstOrDefault(); if (!string.IsNullOrEmpty(value)) { signature = value; } } StencilHashedTimeSignatureAuthorizer authorizer = iFoundation.Resolve <StencilHashedTimeSignatureAuthorizer>(); account = authorizer.Authorize(key, signature); } if (account != null) { actionContext.Request.Properties[CURRENT_ACCOUNT_HTTP_CONTEXT_KEY] = account; try { ApiIdentity apiIdentity = new ApiIdentity(account.account_id, string.Format("{0} {1}", account.first_name, account.last_name)); var context = HttpContext.Current; if (context != null) { context.User = new GenericPrincipal(apiIdentity, new string[0]); } } catch (Exception ex) { iFoundation.LogError(ex, "HttpContext.Current.User"); } string platform = string.Empty; try { if (actionContext.Request.Headers.Contains(PARAM_PLATFORM)) { string value = actionContext.Request.Headers.GetValues(PARAM_PLATFORM).FirstOrDefault(); if (!string.IsNullOrEmpty(value)) { platform += value; } } if (actionContext.Request.Headers.Contains(PARAM_VERSION)) { string value = actionContext.Request.Headers.GetValues(PARAM_VERSION).FirstOrDefault(); if (!string.IsNullOrEmpty(value)) { platform += " - v" + value; } } } catch (Exception ex) { iFoundation.LogError(ex, "HttpContext.Current.User"); } AccountLoggedInWorker.EnqueueRequest(iFoundation, new LoggedInRequest() { account_id = account.account_id, platform = platform, login_utc = DateTime.UtcNow }); return(true); } return(false); }