public override void OnAuthorization(HttpActionContext actionContext) { if (!ResourceService.Authorize(UserContext.UserName, _resourceId, _operation)) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden); } }
protected override bool AuthorizeCore(HttpContextBase httpContext) { //Get the current claims principal var prinicpal = (ClaimsPrincipal)Thread.CurrentPrincipal; //Make sure they are authenticated if (!prinicpal.Identity.IsAuthenticated) { return(false); } //Get the roles from the claims var roles = prinicpal.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray(); //Check if they are authorized return(ResourceService.Authorize(_resourceId, _operation, roles)); }
public override void OnAuthorization(HttpActionContext actionContext) { string username; if (Authenticate(actionContext, out username)) { if (!ResourceService.Authorize(username, _resourceId, _operation)) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden); } } else { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); } }