/// <summary>
/// Generates the key that should be used to cache/retrieve the content
/// for the given action context and action name
/// </summary>
/// <param name="actionContext">The action context</param>
/// <param name="actionName">The action name</param>
/// <returns>The key for the given action context and action name</returns>
public virtual string Generate(
HttpActionContext actionContext,
string actionName)
{
actionContext.NotNull(nameof(actionContext));
actionName.NotNullOrEmpty(nameof(actionName));
return Generate(
actionContext.ControllerContext.ControllerDescriptor.ControllerType,
actionName,
actionContext);
}
/// <summary>
/// Generates the key that should be use to cache/retrieve the content
/// for the given controllerType and action name
/// </summary>
/// <param name="controllerType">The controller type (must be ApiController)</param>
/// <param name="actionName">The action name</param>
/// <param name="context">The action context</param>
/// <returns>The key for the given controller type and action name</returns>
/// <exception cref="ArgumentException">If controller type is not an ApiController</exception>
public virtual string Generate(
Type controllerType,
string actionName,
HttpActionContext context)
{
controllerType.NotNull(nameof(controllerType));
controllerType.Is<ApiController>();
actionName.NotNullOrEmpty(nameof(actionName));
context.NotNull(nameof(context));
return "{0}-{1}".AsFormat(controllerType.FullName, actionName);
}
/// <summary>
/// Action to occur before the actual action method is invoked
/// </summary>
/// <param name="actionContext">The action context</param>
public override void OnActionExecuting(
HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
if (!IsCachingAllowed(actionContext)) return;
var content = GetCachedContent(actionContext);
if (content.IsNullOrEmpty()) return;
CreateResponse(actionContext, content);
ApplyCacheHeaders(actionContext.Response);
}
/// <summary>
/// Called when an action is being authorized.
/// Authorization is denied if
/// - the request is not associated with any user
/// - the user is not authenticated,
/// - the user is authenticated but it is not in the authorized role (if defined)
/// or the user does not have the authorized claim (if defined)
/// </summary>
/// <param name="actionContext">The context</param>
public override void OnAuthorization(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
if (SkipAuthorization(actionContext))
return;
if (!IsAuthenticated(actionContext))
HandleUnauthenticatedRequest(actionContext);
else if (!IsAuthorized(actionContext))
HandleUnauthorizedRequest(actionContext);
}
/// <summary>
/// Processes requests that fail authorization.
/// This default implementation creates a new response with the Forbidden status code.
/// </summary>
/// <param name="actionContext">The context</param>
protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
/// <summary>
/// Determines whether access for this particular request is authorized.
/// Authorization is denied when the user is not in the authorized role (if defined)
/// or does not have the authorized claim (if defined)
/// </summary>
/// <param name="actionContext">The context</param>
/// <returns>true if access is authorized; otherwise false</returns>
protected virtual bool IsAuthorized(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
var user = actionContext.ControllerContext.RequestContext.Principal;
if (NotAuthorizedRole(user) || NotAuthorizedClaim(user as ClaimsPrincipal))
return false;
return true;
}
/// <summary>
/// Determines whether access for this particular request is authenticated.
/// </summary>
/// <param name="actionContext">The context</param>
/// <returns>true if access is authorized; otherwise false</returns>
protected virtual bool IsAuthenticated(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
var user = actionContext.ControllerContext.RequestContext.Principal;
return user.IsNotNull() &&
user.Identity.IsNotNull() &&
user.Identity.IsAuthenticated;
}
/// <summary>
/// Generates the key that should be used to cache/retrieve the content
/// for the given action context using a combination of controller and action names
/// </summary>
/// <param name="actionContext">The action context</param>
/// <returns>The key for the given action context</returns>
public virtual string Generate(HttpActionContext actionContext)
{
actionContext.NotNull(nameof(actionContext));
return Generate(actionContext, actionContext.ActionDescriptor.ActionName);
}
