Пример #1
0
        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            string sPattern = string.Format(
                "Validating app key header for '{0} {1}' from '{2}'",
                actionContext.Request.Method,
                actionContext.Request.RequestUri,
                actionContext.Request.GetRemoteIp()
                );

            ms_oLog.Debug("{0} started.", sPattern);

            HttpRequestMessage oRequest = actionContext.Request;

            if (!oRequest.Headers.Contains(Const.Headers.AppKey))
            {
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Unauthorized,
                    "No app key specified."
                    );

                ms_oLog.Debug("{0} failed: no app key header found.", sPattern);

                return;
            }             // if

            string sAppKey = oRequest.Headers.GetValues(Const.Headers.AppKey).First();

            var oSec = new SecurityStub();

            if (!oSec.IsAppKeyValid(sAppKey))
            {
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Forbidden,
                    "Invalid app key specified ({0}).",
                    sAppKey
                    );

                ms_oLog.Debug("{0} failed: invalid app key header found: '{1}'.", sPattern, sAppKey);
                return;
            }             // if

            ms_oLog.Debug("{0} succeeded.", sPattern);
        }         // OnActionExecuting
Пример #2
0
        public string Post([FromBody] LoginModel oModel)
        {
            try {
                var oSec = new SecurityStub();

                string sToken = oSec.Login(oModel, Request.GetRemoteIp());

                if (string.IsNullOrWhiteSpace(sToken))
                {
                    throw Return.Status(ApiVersion, HttpStatusCode.Unauthorized, "Invalid user name or password.");
                }

                return(sToken);
            }
            catch (HttpResponseException) {
                throw;
            }
            catch (Exception e) {
                throw Return.Error(ApiVersion, "Failed to validate user credentials: {0}.", e.Message);
            } // try
        }     // Post
Пример #3
0
 public ValidateSessionTokenAttribute()
 {
     m_oSecurity = new SecurityStub();
 }         // constructor