public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
var principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return(Task.FromResult <object>(null));
}
if (!principal.Identity.IsAuthenticated)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); //burada araya giriyoruz.
return(Task.FromResult <object>(null)); //method u sonlandırmak için yazılıyor.
}
if (UserConfig.GetLoggedOutUsers().Contains(principal.FindFirst(e => e.Type == "user").Value))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return(Task.FromResult <object>(null));
}
if (!principal.HasClaim(e => e.Type.ToLower().Contains(ClaimType.ToLower()) && ClaimValue.ToLower().Equals(e.Value.ToLower()))) //user ya da role tipinde claim var mı ve admin mi
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); //burada araya giriyoruz.
return(Task.FromResult <object>(null));
}
return(Task.FromResult <object>(null));
}
public IHttpActionResult LoggedoutUsers()
{
return(Ok(UserConfig.GetLoggedOutUsers()));
}