Пример #1
0
		} // constructor

		public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) {
			base.OnActionExecuting(actionContext);

			if (!m_oSecurity.IsActionEnabled(actionContext.Request.GetUserName(), m_nAction)) {
				actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
					GetApiVersion(actionContext),
					actionContext.Request,
					HttpStatusCode.Forbidden,
					"You are not authorized to perform this action."
				);
			} // if
		} // OnActionExecuting
Пример #2
0
        public static HttpResponseMessage CreateResponse(int nApiVersion, HttpRequestMessage oRequest, HttpStatusCode nCode, string sFormat, params object[] args)
        {
            string sMsg = string.IsNullOrWhiteSpace(sFormat) ? nCode.ToString() : string.Format(sFormat, args);

            var oResponse = new HttpResponseMessage(nCode)
            {
                ReasonPhrase = sMsg,
            };

            HandleActionExecutedAttribute.FillResponse(nApiVersion, oResponse, oRequest);

            ms_oLog.Debug("An HTTP response message has been created with code {0}.", oResponse.StatusCode);

            return(oResponse);
        }         // CreateResponse
Пример #3
0
        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            string sPattern = string.Format(
                "Validating app key header for '{0} {1}' from '{2}'",
                actionContext.Request.Method,
                actionContext.Request.RequestUri,
                actionContext.Request.GetRemoteIp()
                );

            ms_oLog.Debug("{0} started.", sPattern);

            HttpRequestMessage oRequest = actionContext.Request;

            if (!oRequest.Headers.Contains(Const.Headers.AppKey))
            {
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Unauthorized,
                    "No app key specified."
                    );

                ms_oLog.Debug("{0} failed: no app key header found.", sPattern);

                return;
            }             // if

            string sAppKey = oRequest.Headers.GetValues(Const.Headers.AppKey).First();

            var oSec = new SecurityStub();

            if (!oSec.IsAppKeyValid(sAppKey))
            {
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Forbidden,
                    "Invalid app key specified ({0}).",
                    sAppKey
                    );

                ms_oLog.Debug("{0} failed: invalid app key header found: '{1}'.", sPattern, sAppKey);
                return;
            }             // if

            ms_oLog.Debug("{0} succeeded.", sPattern);
        }         // OnActionExecuting
Пример #4
0
        }         // constructor

        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            HttpRequestMessage oRequest = actionContext.Request;

            if (!oRequest.Headers.Contains(Const.Headers.SessionToken))
            {
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Forbidden,
                    "No session token specified."
                    );
                return;
            }             // if

            string sToken = oRequest.Headers.GetValues(Const.Headers.SessionToken).First();

            ActiveUserInfo oUserInfo = m_oSecurity.ValidateSessionToken(sToken, actionContext.Request.GetRemoteIp());

            actionContext.Request.SetUserName(null);

            switch (oUserInfo.TokenValidity)
            {
            case TokenValidity.Valid:
                actionContext.Request.SetUserName(oUserInfo.UserName);
                return;

            case TokenValidity.Expired:
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Forbidden,
                    "Your session has expired, please login again."
                    );
                return;

            case TokenValidity.Invalid:
                actionContext.Response = HandleActionExecutedAttribute.CreateResponse(
                    GetApiVersion(actionContext),
                    actionContext.Request,
                    HttpStatusCode.Unauthorized,
                    "Invalid session token specified ({0}).",
                    sToken
                    );
                return;
            }     // switch
        }         // OnActionExecuting