public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
// Open the request message using an xml reader
XmlReader xr = OperationContext.Current.IncomingMessageHeaders.GetReaderAtHeader(0);
// Split the URL at the API name--Parameters junction indicated by the '?' character - taking the first string will ignore all parameters
string[] urlSplit = xr.ReadElementContentAsString().Split('/');
// Extract just the API name and rest of the URL, which will be the last item in the split using '/'
string[] apiSplit = urlSplit[3].Split('?');
// Logging the username and API name
Tracer.WriteUserLog(apiSplit[0] + " request from user: "******"Client IP address : " + ip);
}
// If the most-privileged-role that this user belongs has access to this api, then allow access, otherwise deny access
// Returning true will allow the user to execute the actual API function; Returning false will deny access to the user
// TODO: May be we should send back a HTTP error code; will include this after shivi checks in her code
if (ChassisManagerSecurity.GetCurrentUserMostPrivilegedRole() <= ChassisManagerSecurity.GetCurrentApiLeastPrivilegedRole(apiSplit[0]))
{
Tracer.WriteUserLog("CheckAccess: Authorized");
return(true);
}
else
{
Tracer.WriteUserLog("CheckAccess: NOT Authorized");
return(false);
}
}
