protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { #region Task5 // TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid // Then authorise the principle on the current thread using a claim, claimidentity and claimsprinciple UserDatabaseAccess database = new UserDatabaseAccess(); IEnumerable <string> tempkey; request.Headers.TryGetValues("ApiKey", out tempkey); if (tempkey != null) { string APIKey = tempkey.First(); User temp = database.CheckKeyUser(APIKey); if (temp != null) { Claim name = new Claim(ClaimTypes.Name, temp.UserName); Claim type = new Claim(ClaimTypes.Role, temp.Role); ClaimsIdentity key = new ClaimsIdentity(temp.userID); key.AddClaim(name); key.AddClaim(type); ClaimsPrincipal cPrincipal = new ClaimsPrincipal(key); Thread.CurrentPrincipal = cPrincipal; } } #endregion return(base.SendAsync(request, cancellationToken)); }
public HttpResponseMessage hello() { IEnumerable <string> key; Request.Headers.TryGetValues("ApiKey", out key); string APIKey = key.First(); database.createLog("User requested /Protected/hello", APIKey); User u = database.CheckKeyUser(APIKey); return(Request.CreateResponse(HttpStatusCode.OK, "Hello " + u.UserName)); }