public override void OnActionExecuting(HttpActionContext context)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <User> repository = new Repository <User>(unitOfWork);
IUserService userService = new UserService(repository);
IAuthService authService = new AuthService(repository);
bool skipAuthorization = context.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
context.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any();
if (skipAuthorization)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Authorization key required" });
return;
}
string apiKey = context.Request.Headers.Authorization.ToString();
User user = userService.FindBy(x => x.ApiKey == apiKey).FirstOrDefault();
DateTime now = DateUtil.GetDateTimeNow();
if (user == null || (user.ExpiraApiKey.HasValue && user.ExpiraApiKey.Value < now))
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Invalid authorization token" });
return;
}
LanguageMngr.SetLanguage(user.Language);
UserApiAuthenticated.SetUserAuthenticated(context, user);
}
}
public override void OnActionExecuting(HttpActionContext context)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <User> repository = new Repository <User>(unitOfWork);
IUserService userService = new UserService(repository);
IAuthService authService = new AuthService(repository);
bool skipAuthorization = context.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
context.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any();
if (skipAuthorization)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Authorization key required" });
return;
}
string apiKey = context.Request.Headers.Authorization.ToString();
User user = userService.FindBy(x => x.ApiKey == apiKey).FirstOrDefault();
DateTime now = DateUtil.GetDateTimeNow();
if (user == null || (user.ExpiraApiKey.HasValue && user.ExpiraApiKey.Value < now))
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Invalid authorization token" });
return;
}
string actionName = context.ActionDescriptor.ActionName;
string controllerName = context.ActionDescriptor.ControllerDescriptor.ControllerName;
IEnumerable <Permission> permissions = authService.GetPermissions(user.Id,
actionName, controllerName,
Constants.PERMISSIONS_TYPE_ENUM.API.GetEnumValue <string>());
if (!permissions.Any())
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden, new { message = "User has no permissions for this action" });
return;
}
LanguageMngr.SetLanguage(user.Language);
UserApiAuthenticated.SetUserAuthenticated(context, user);
//Validacion de tokens generados
/*
* if (!tokenEngine.ValidateToken(apiKey, out clienteId))
* {
* context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { mensaje = "invalid authorization token" });
* return;
* }
* context.Request.Properties.Add(new KeyValuePair<string, object>("clienteId", clienteId));*/
//context.Request.Properties.Add(new KeyValuePair<string, object>("clientEmail", clientEmail));
}
}
