public override void OnAuthorization(HttpActionContext actionContext)
{
string sessionid = string.Empty;
string path = actionContext.Request.RequestUri.AbsolutePath;
IEnumerable <string> values;
actionContext.Request.Headers.TryGetValues("sessionid", out values);
if (values == null || values.Count() == 0)
{
string query = actionContext.Request.RequestUri.Query;
var nvc = System.Web.HttpUtility.ParseQueryString(query);
sessionid = nvc["sessionid"];
}
else
{
sessionid = values.ToArray()[0];
}
if (string.IsNullOrEmpty(sessionid))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return;
}
if (path == "/api/login")
{
actionContext.ActionArguments.Add("IWebApi", _api);
actionContext.ActionArguments.Add("EncryptKey", Dataflow._ENCRYPT_KEY_NOT_LOGIN);
// setting current principle
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(sessionid), null);
return;
}
int encryptKey = _api.f_user_Authentication(sessionid);
if (encryptKey == 0)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return;
}
actionContext.ActionArguments.Add("IWebApi", _api);
actionContext.ActionArguments.Add("EncryptKey", encryptKey);
// setting current principle
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(sessionid), null);
}