public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext == null) { throw new ArgumentNullException("actionContext"); } var httpRequestMessage = actionContext.Request; if (httpRequestMessage.Method == HttpMethod.Options) { return; } if (actionContext.Request.Headers.Authorization == null) { HandleUnauthorizedRequest(actionContext); return; } var authorizationParameters = AuthorizationParameters(actionContext); if (authorizationParameters.ContainsKey("ApiKey") == false) { HandleUnauthorizedRequest(actionContext); return; } string apiKey = authorizationParameters["ApiKey"]; var authenticateResponse = _externalCommandService.Execute(new AuthenticateApiKeyRequest { ApiKey = apiKey }); if (authenticateResponse is ErrorResponseStatus <AuthenticateApiKeyResponse> ) { HandleUnauthorizedRequest(actionContext); return; } var successfulAuthenticateResponse = (OkResponseStatus <AuthenticateApiKeyResponse>)authenticateResponse; if (successfulAuthenticateResponse.Response == null || successfulAuthenticateResponse.Response.IsAuthenticated == false) { HandleUnauthorizedRequest(actionContext); return; } var partnerDto = successfulAuthenticateResponse.Response.Partner; var apiKeyAuthResult = new ApiKeyAuthorizationResult(partnerDto.Id, partnerDto.Name); var protectedAuthorizeResult = HandleAuthorizeProtected(authorizationParameters, apiKeyAuthResult); if (protectedAuthorizeResult.IsSuccessful) { Thread.CurrentPrincipal = CreatePrincipal(apiKeyAuthResult, protectedAuthorizeResult); } }
protected virtual IPrincipal CreatePrincipal(ApiKeyAuthorizationResult response, AuthorizationResult protectedAuthorizeResult) { return(new GenericPrincipal(new PartnerIdentity { AuthenticationType = "ApiKeyAuthentication", IsAuthenticated = true, Name = response.PartnerName, PartnerId = response.PartnerId }, new string[0])); }
protected abstract AuthorizationResult HandleAuthorizeProtected(Dictionary <string, string> authorizationParametersDictionary, ApiKeyAuthorizationResult apiKeyAuthorizationResult);
protected override AuthorizationResult HandleAuthorizeProtected(Dictionary <string, string> authorizationParametersDictionary, ApiKeyAuthorizationResult apiKeyAuthorizationResult) { return(AuthorizationResult.Success()); }