public override void OnActionExecuting(HttpActionContext actionContext) { var requestScope = actionContext.Request.GetDependencyScope(); _yuyanSvc = requestScope.GetService(typeof(IYuYanService)) as IYuYanService; try { string token = string.Empty; Guid session = Guid.Empty; if (!AllowAnonymous) { if (!actionContext.Request.Headers.Contains(AUTH_HEADER)) throw new UnauthorizedAccessException("Missing required security header!"); } if (actionContext.Request.Headers.Contains(AUTH_HEADER)) { token = actionContext.Request.Headers.FirstOrDefault(h => h.Key == AUTH_HEADER).Value.First(); if (!Guid.TryParse(token, out session)) throw new UnauthorizedAccessException("Invalid security token!"); var sessionObj = _yuyanSvc.ValidateSession(session); if (sessionObj == null) throw new UnauthorizedAccessException("Invalid session!"); else if(sessionObj.SessionId == Guid.Empty) { throw new UnauthorizedAccessException("Session expired!"); } var user = _yuyanSvc.GetUserBySessionId(session); if (user == null) throw new UnauthorizedAccessException("Invalid user!"); } } catch (UnauthorizedAccessException uex) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); if (actionContext.Response.Headers.Contains(AUTH_HEADER)) actionContext.Response.Headers.Remove(AUTH_HEADER); } catch (Exception ex) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError); if (actionContext.Response.Headers.Contains(AUTH_HEADER)) actionContext.Response.Headers.Remove(AUTH_HEADER); } }
public UserController(IYuYanService yuyanSvc) { _yuyanSvc = yuyanSvc; }
public ClientController(IYuYanService yuyanSvc) { _yuyanSvc = yuyanSvc; }
public override void OnAuthorization(HttpActionContext actionContext) { var requestScope = actionContext.Request.GetDependencyScope(); _yuyanSvc = requestScope.GetService(typeof(IYuYanService)) as IYuYanService; YYUser principle = new YYUser() { Authenticated = false }; try { string token = string.Empty; // token = {session} Guid session = Guid.Empty; if (!AllowAnonymous) { if (!actionContext.Request.Headers.Contains(AUTH_HEADER)) throw new UnauthorizedAccessException("Missing required security header!"); } if (actionContext.Request.Headers.Contains(AUTH_HEADER)) { token = actionContext.Request.Headers.FirstOrDefault(h => h.Key == AUTH_HEADER).Value.First(); if (!Guid.TryParse(token, out session)) throw new UnauthorizedAccessException("Invalid security token!"); var sessionObj = _yuyanSvc.ValidateSession(session); if (sessionObj == null) throw new UnauthorizedAccessException("Invalid session!"); else if (sessionObj.SessionId == Guid.Empty) throw new UnauthorizedAccessException("Expired session!"); var user = _yuyanSvc.GetUserBySessionId(session); if (user == null && !AllowAnonymous) throw new UnauthorizedAccessException("Invalid user!"); if (user != null) { principle.Authenticated = true; principle.UserId = user.UserId; principle.Username = user.Username; principle.Email = user.Email; principle.SessionId = session; } HttpContext.Current.User = principle; } } catch (UnauthorizedAccessException uex) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); if (actionContext.Response.Headers.Contains(AUTH_HEADER)) actionContext.Response.Headers.Remove(AUTH_HEADER); } catch (Exception ex) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError); if (actionContext.Response.Headers.Contains(AUTH_HEADER)) actionContext.Response.Headers.Remove(AUTH_HEADER); } }
public ReportController(IYuYanService yuyanSvc) { _yuyanSvc = yuyanSvc; }
public SurveyController(IYuYanService yuyanSvc) { _yuyanSvc = yuyanSvc; }