public override void OnActionExecuting(HttpActionContext actionContext)
{
var requestScope = actionContext.Request.GetDependencyScope();
_yuyanSvc = requestScope.GetService(typeof(IYuYanService)) as IYuYanService;
try
{
string token = string.Empty;
Guid session = Guid.Empty;
if (!AllowAnonymous)
{
if (!actionContext.Request.Headers.Contains(AUTH_HEADER))
throw new UnauthorizedAccessException("Missing required security header!");
}
if (actionContext.Request.Headers.Contains(AUTH_HEADER))
{
token = actionContext.Request.Headers.FirstOrDefault(h => h.Key == AUTH_HEADER).Value.First();
if (!Guid.TryParse(token, out session))
throw new UnauthorizedAccessException("Invalid security token!");
var sessionObj = _yuyanSvc.ValidateSession(session);
if (sessionObj == null)
throw new UnauthorizedAccessException("Invalid session!");
else if(sessionObj.SessionId == Guid.Empty) {
throw new UnauthorizedAccessException("Session expired!");
}
var user = _yuyanSvc.GetUserBySessionId(session);
if (user == null)
throw new UnauthorizedAccessException("Invalid user!");
}
}
catch (UnauthorizedAccessException uex)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
if (actionContext.Response.Headers.Contains(AUTH_HEADER))
actionContext.Response.Headers.Remove(AUTH_HEADER);
}
catch (Exception ex)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
if (actionContext.Response.Headers.Contains(AUTH_HEADER))
actionContext.Response.Headers.Remove(AUTH_HEADER);
}
}
public UserController(IYuYanService yuyanSvc)
{
_yuyanSvc = yuyanSvc;
}
public ClientController(IYuYanService yuyanSvc)
{
_yuyanSvc = yuyanSvc;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var requestScope = actionContext.Request.GetDependencyScope();
_yuyanSvc = requestScope.GetService(typeof(IYuYanService)) as IYuYanService;
YYUser principle = new YYUser() { Authenticated = false };
try
{
string token = string.Empty; // token = {session}
Guid session = Guid.Empty;
if (!AllowAnonymous)
{
if (!actionContext.Request.Headers.Contains(AUTH_HEADER))
throw new UnauthorizedAccessException("Missing required security header!");
}
if (actionContext.Request.Headers.Contains(AUTH_HEADER))
{
token = actionContext.Request.Headers.FirstOrDefault(h => h.Key == AUTH_HEADER).Value.First();
if (!Guid.TryParse(token, out session))
throw new UnauthorizedAccessException("Invalid security token!");
var sessionObj = _yuyanSvc.ValidateSession(session);
if (sessionObj == null)
throw new UnauthorizedAccessException("Invalid session!");
else if (sessionObj.SessionId == Guid.Empty)
throw new UnauthorizedAccessException("Expired session!");
var user = _yuyanSvc.GetUserBySessionId(session);
if (user == null && !AllowAnonymous)
throw new UnauthorizedAccessException("Invalid user!");
if (user != null)
{
principle.Authenticated = true;
principle.UserId = user.UserId;
principle.Username = user.Username;
principle.Email = user.Email;
principle.SessionId = session;
}
HttpContext.Current.User = principle;
}
}
catch (UnauthorizedAccessException uex)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
if (actionContext.Response.Headers.Contains(AUTH_HEADER))
actionContext.Response.Headers.Remove(AUTH_HEADER);
}
catch (Exception ex)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
if (actionContext.Response.Headers.Contains(AUTH_HEADER))
actionContext.Response.Headers.Remove(AUTH_HEADER);
}
}
public ReportController(IYuYanService yuyanSvc)
{
_yuyanSvc = yuyanSvc;
}
public SurveyController(IYuYanService yuyanSvc)
{
_yuyanSvc = yuyanSvc;
}
