protected override bool IsAuthorized(HttpActionContext actionContext) { bool isAuthorized = base.IsAuthorized(actionContext); if (!isAuthorized) { return(false); } IPrincipal user = actionContext.ControllerContext.RequestContext.Principal; if (user is ClaimsPrincipal == false) { return(false); } string userId = user.Identity.GetUserId(); var userManager = actionContext.Request.GetOwinContext().GetUserManager <WebApiUserManager>(); ApplicationUser usuarioAplicacao = userManager.FindById(userId); if (usuarioAplicacao?.IdApplicationSession.HasValue == false) { return(false); } IList <string> permissions = userManager.GetPermissions(userId); var customUser = new ApplicationClaimsPrincipal((ClaimsPrincipal)user, permissions); actionContext.ControllerContext.RequestContext.Principal = customUser; Thread.CurrentPrincipal = customUser; return(AuthorizeValidationHelper.UserHasPermission(actionContext, Permissions)); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { bool isAuthorized = base.AuthorizeCore(httpContext); if (!isAuthorized) { return(false); } return(AuthorizeValidationHelper.UserHasPermission(httpContext, Permissions)); }