public bool Authorize(IHttpContext context) { var requestUrl = context.GetRequestUrl(); if (NeverSecret.Urls.Contains(requestUrl)) { return(true); } //CORS pre-flight (ignore creds if using cors). if (!String.IsNullOrEmpty(Settings.AccessControlAllowOrigin) && context.Request.HttpMethod == "OPTIONS") { return(true); } var oneTimeToken = context.Request.Headers["Single-Use-Auth-Token"]; if (string.IsNullOrEmpty(oneTimeToken) == false) { return(AuthorizeUsingleUseAuthToken(context, oneTimeToken)); } var authHeader = context.Request.Headers["Authorization"]; var hasApiKey = "True".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase); var hasOAuthTokenInCookie = context.Request.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.Authorize(context, hasApiKey, IgnoreDb.Urls.Contains(requestUrl))); } return(windowsRequestAuthorizer.Authorize(context, IgnoreDb.Urls.Contains(requestUrl))); }
public bool Authorize(IHttpContext context) { var requestUrl = context.GetRequestUrl(); if (NeverSecret.Urls.Contains(requestUrl)) { return(true); } var oneTimeToken = context.Request.Headers["Single-Use-Auth-Token"]; if (string.IsNullOrEmpty(oneTimeToken) == false) { return(AuthorizeOSingleUseAuthToken(context, oneTimeToken)); } var authHeader = context.Request.Headers["Authorization"]; var hasApiKey = "True".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase); var hasOAuthTokenInCookie = context.Request.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.Authorize(context, hasApiKey, IgnoreDb.Urls.Contains(requestUrl))); } return(windowsRequestAuthorizer.Authorize(context, IgnoreDb.Urls.Contains(requestUrl))); }
public override bool Authorize(IHttpContext context) { var requestUrl = context.GetRequestUrl(); if (NeverSecret.Urls.Contains(requestUrl)) { return(true); } var authHeader = context.Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.Authorize(context)); } return(windowsRequestAuthorizer.Authorize(context)); }
public bool Authorize(IHttpContext context) { var requestUrl = context.GetRequestUrl(); if (NeverSecret.Urls.Contains(requestUrl)) { return(true); } var hasApiKey = "true".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase); var authHeader = context.Request.Headers["Authorization"]; if (hasApiKey || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.Authorize(context, hasApiKey)); } return(windowsRequestAuthorizer.Authorize(context)); }