protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { AuthenticationHeaderValue header = request.Headers.Authorization; if (header != null && header.Scheme.Equals("Basic", StringComparison.OrdinalIgnoreCase)) { Credentials credentials = GetBase64Credentials(header.Parameter); var session = request.Properties[Application.Keys.RavenDbSessionKey] as IDocumentSession; Person person = session.Query<Person>().FirstOrDefault( p => p.Username.Equals(credentials.Username, StringComparison.InvariantCultureIgnoreCase)); if (person.IsThePassword(credentials.Password)) { var identity = new PersonIdentity(person); Thread.CurrentPrincipal = new GenericPrincipal(identity, person.Roles.ToArray()); } } return base.SendAsync(request, cancellationToken).ContinueWith( t => { if (t.Result.StatusCode == HttpStatusCode.Unauthorized) { t.Result.Headers.WwwAuthenticate.Add( new AuthenticationHeaderValue("Basic", "realm=\"Teamworks Api\"")); } return t.Result; }); ; }
public override void OnActionExecuting(HttpActionContext context) { IIdentity identity = HttpContext.Current.User.Identity; if (!string.IsNullOrEmpty(identity.Name) && identity.AuthenticationType.Equals("Forms", StringComparison.OrdinalIgnoreCase)) { var session = context.Request.Properties[Application.Keys.RavenDbSessionKey] as IDocumentSession; var person = session.Load<Person>(identity.Name); if (person != null) { identity = new PersonIdentity(person); Thread.CurrentPrincipal = new GenericPrincipal(identity, person.Roles.ToArray()); } } base.OnActionExecuting(context); }