public override void OnAuthorization(HttpActionContext actionContext)
{
VerifyArgument.IsNotNull("actionContext", actionContext);
var user = actionContext.ControllerContext.RequestContext.Principal;
if (actionContext.ActionDescriptor.ActionName == "ExecutePublicTokenWorkflow" ||
actionContext.ActionDescriptor.ActionName == "ExecuteLoginWorkflow")
{
return;
}
if (user == null && (actionContext.ActionDescriptor.ActionName == "ExecutePublicWorkflow" || actionContext.ActionDescriptor.ActionName == "ExecuteGetRootLevelApisJson"))
{
user = GlobalConstants.GenericPrincipal;
actionContext.ControllerContext.RequestContext.Principal = user;
}
if (!user.IsAuthenticated())
{
actionContext.CreateWarewolfErrorResponse(new WarewolfErrorResponseArgs {
StatusCode = HttpStatusCode.Unauthorized, Title = GlobalConstants.USER_UNAUTHORIZED, Message = ErrorResource.AuthorizationDeniedForThisUser
});
return;
}
var authorizationRequest = GetAuthorizationRequest(actionContext);
if (!Service.IsAuthorized(authorizationRequest))
{
actionContext.CreateWarewolfErrorResponse(new WarewolfErrorResponseArgs {
StatusCode = HttpStatusCode.Forbidden, Title = GlobalConstants.USER_FORBIDDEN, Message = ErrorResource.AuthorizationDeniedForThisRequest
});
}
}