protected override bool IsAuthorized(HttpActionContext actionContext)
{
bool isAuthorized = base.IsAuthorized(actionContext);
if (!isAuthorized)
{
return(false);
}
IPrincipal user = actionContext.ControllerContext.RequestContext.Principal;
if (user is ClaimsPrincipal == false)
{
return(false);
}
string userId = user.Identity.GetUserId();
var userManager = actionContext.Request.GetOwinContext().GetUserManager <WebApiUserManager>();
ApplicationUser usuarioAplicacao = userManager.FindById(userId);
if (usuarioAplicacao?.IdApplicationSession.HasValue == false)
{
return(false);
}
IList <string> permissions = userManager.GetPermissions(userId);
var customUser = new ApplicationClaimsPrincipal((ClaimsPrincipal)user, permissions);
actionContext.ControllerContext.RequestContext.Principal = customUser;
Thread.CurrentPrincipal = customUser;
return(AuthorizeValidationHelper.UserHasPermission(actionContext, Permissions));
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return(false);
}
return(AuthorizeValidationHelper.UserHasPermission(httpContext, Permissions));
}
