protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (HeimdallConfig.ByPassWebApiCorsAndImplementOptions && request.Method.ToString().ToUpper() == "OPTIONS")
            {
                var response = request.CreateResponse(HttpStatusCode.OK, string.Empty);
                AddHeadersToResponse(response);
                return(response);
            }

            if (HeimdallConfig.IgnorePath(request))
            {
                var response = await base.SendAsync(request, cancellationToken);

                AddHeadersToResponse(response);
                return(response);
            }

            if (HeimdallConfig.IgnoreVerb(request))
            {
                var response = await base.SendAsync(request, cancellationToken);

                AddHeadersToResponse(response);
                return(response);
            }

            if (HeimdallConfig.IgnoreVerbAndPath(request))
            {
                var response = await base.SendAsync(request, cancellationToken);

                AddHeadersToResponse(response);
                return(response);
            }

            var isAuthenticated = await AuthenticateRequest.IsAuthenticated(request);

            if (!isAuthenticated)
            {
                var response = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Unauthorized API call");
                AddHeadersToResponse(response);
                return(response);
            }

            var authorisedResponse = await base.SendAsync(request, cancellationToken);

            AddHeadersToResponse(authorisedResponse);
            return(authorisedResponse);
        }
Exemplo n.º 2
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (HeimdallConfig.IgnorePath(request))
            {
                return(await base.SendAsync(request, cancellationToken));
            }

            var isAuthenticated = await AuthenticateRequest.IsAuthenticated(request);

            if (!isAuthenticated)
            {
                var response = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Unauthorized API call");
                response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(HeaderNames.AuthenticationScheme));
                return(await Task.FromResult(response));
            }

            return(await base.SendAsync(request, cancellationToken));
        }