public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext == null)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent(Constants.UnauthorizedJsonString, System.Text.Encoding.UTF8, Constants.ApplicationJson)
};
return;
}
if (NoAuthorizationNeeded(actionContext))
{
return;
}
SessionUser sess = null;
if (HttpContext.Current.User.GetType() == typeof(SessionUser))
{
sess = (SessionUser)HttpContext.Current.User;
}
if (sess == null)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent(Constants.UnauthorizedJsonString, System.Text.Encoding.UTF8, Constants.ApplicationJson)
};
return;
}
base.OnAuthorization(actionContext);
}
private void AddTokenIntoCookies(SessionUser sess)
{
var cookie = new System.Web.HttpCookie(Constants.AuthTokenName, sess.Token.ToString());
cookie.Expires = DateTime.UtcNow.AddYears(1);
cookie.HttpOnly = false;
Response.Cookies.Add(cookie);
}
protected void Page_Load(object sender, EventArgs e)
{
// Try to restore requestor's profile using the token supplied in the cookie
if (HttpContext.Current.User.GetType() == typeof(SessionUser))
{
_sess = (SessionUser)HttpContext.Current.User;
}
}
public static SessionUser CreateSession(string name)
{
var sess = new SessionUser(name);
//
sess.Token = Guid.NewGuid();
// Both token and blah should match
sess.ExpiresOn = DateTime.UtcNow.AddMinutes(5);
_sessions.Add(sess);
return(sess);
}