public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
var configService = GlobalDependencyResolver.GetService <IConfigurationService>();
var serializer = GlobalDependencyResolver.GetService <IHmacSerializer <string> >();
var scheme = actionContext.Request.Headers.Authorization?.Scheme;
var token = actionContext.Request.Headers.Authorization?.Parameter;
if (scheme != "Bearer" || token == null)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("Authorization required for this request")
};
return;
}
var password = serializer.Deserialize(token);
var truePassword = await configService.GetOption <string>("password");
if (password != truePassword)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("Invalid security token")
};
return;
}
((BaseApiController)actionContext.ControllerContext.Controller).IsAdmin = true;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var userService = GlobalDependencyResolver.GetService <IUserService>();
var token = actionContext.Request.Headers.GetCookies("AUTH").FirstOrDefault();
if (token == null)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("Authorization required for this request")
};
return;
}
var user = userService.CheckToken(token.Cookies.First().Value).Result;
if (user == null)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("Invalid security token")
};
return;
}
((BaseApiController)actionContext.ControllerContext.Controller).CurrentUser = user;
}