private void AuthorizeApiRequest(HttpContextBase httpContext) { if (!httpContext.User.Identity.IsAuthenticated) { var token = GetApiToken(httpContext.Request); if (!string.IsNullOrEmpty(token)) { try { var encodedTicket = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(token)); var ticket = System.Web.Security.FormsAuthentication.Decrypt(encodedTicket); if (!ticket.Expired) { var genericprincipal = new System.Security.Principal.GenericPrincipal( new System.Security.Principal.GenericIdentity(ticket.Name, "api"), null ); var ccPrincipal = new CcPrincipal(genericprincipal); httpContext.User = ccPrincipal; } } catch (Exception ex) { _log.Error(ex); } } } }
protected void Application_AuthenticateRequest() { if (Request.IsAuthenticated) { //get the username which we previously set in //forms authentication ticket in our login1_authenticate event string loggedUser = HttpContext.Current.User.Identity.Name; //build a custom identity and custom principal object based on this username var principal = new CcPrincipal(HttpContext.Current.User); HttpContext.Current.Items[System.CCDecimals.DecimalDigitsDisplayItemName] = principal.CcUser.DecimalDisplayDigits; //set the principal to the current context HttpContext.Current.User = principal; } }