public override void OnAuthorization(HttpActionContext actionContext)
{
System.Net.Http.Headers.AuthenticationHeaderValue authorizationHeader = actionContext.Request.Headers.Authorization;
var result = HmacResult.FailedForUnknownReason;
var controllingData = WebApiCachingControllingData.Data();
var dependencyScope = actionContext.Request.GetDependencyScope();
var utcNow = DateTime.UtcNow;
Customer customer = null;
try
{
result = IsAuthenticated(actionContext, dependencyScope, controllingData, utcNow, out customer);
}
catch (Exception exception)
{
exception.Dump();
}
if (result == HmacResult.Success)
{
// Inform core about the authentication. Note, you cannot use IWorkContext.set_CurrentCustomer here.
HttpContext.Current.User = new SmartStorePrincipal(customer, HmacAuthentication.Scheme1);
var response = HttpContext.Current.Response;
response.AddHeader(WebApiGlobal.Header.AppVersion, SmartStoreVersion.CurrentFullVersion);
response.AddHeader(WebApiGlobal.Header.Version, controllingData.Version);
response.AddHeader(WebApiGlobal.Header.MaxTop, controllingData.MaxTop.ToString());
response.AddHeader(WebApiGlobal.Header.Date, utcNow.ToString("o"));
response.AddHeader(WebApiGlobal.Header.CustomerId, customer.Id.ToString());
response.Cache.SetCacheability(HttpCacheability.NoCache);
}
else
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
var headers = actionContext.Response.Headers;
var authorization = actionContext.Request.Headers.Authorization;
// See RFC-2616
var scheme = _hmac.GetWwwAuthenticateScheme(authorization != null ? authorization.Scheme : null);
headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(scheme));
headers.Add(WebApiGlobal.Header.AppVersion, SmartStoreVersion.CurrentFullVersion);
headers.Add(WebApiGlobal.Header.Version, controllingData.Version);
headers.Add(WebApiGlobal.Header.MaxTop, controllingData.MaxTop.ToString());
headers.Add(WebApiGlobal.Header.Date, utcNow.ToString("o"));
headers.Add(WebApiGlobal.Header.HmacResultId, ((int)result).ToString());
headers.Add(WebApiGlobal.Header.HmacResultDescription, result.ToString());
if (controllingData.LogUnauthorized)
{
LogUnauthorized(actionContext, dependencyScope, result, customer);
}
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var result = HmacResult.FailedForUnknownReason;
var cacheControllingData = WebApiCachingControllingData.Data();
var now = DateTime.UtcNow;
Customer customer = null;
try
{
result = IsAuthenticated(actionContext, now, cacheControllingData, out customer);
}
catch (Exception exc)
{
exc.Dump();
}
if (result == HmacResult.Success)
{
_workContext.CurrentCustomer = customer;
var response = HttpContext.Current.Response;
response.AddHeader(WebApiGlobal.Header.Version, cacheControllingData.Version);
response.AddHeader(WebApiGlobal.Header.MaxTop, WebApiGlobal.MaxTop.ToString());
response.AddHeader(WebApiGlobal.Header.Date, now.ToString("o"));
response.Cache.SetCacheability(HttpCacheability.NoCache);
}
else
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
var headers = actionContext.Response.Headers;
var scheme = _hmac.GetWwwAuthenticateScheme(actionContext.Request.Headers.Authorization.Scheme);
headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(scheme)); // see RFC-2616
headers.Add(WebApiGlobal.Header.Version, cacheControllingData.Version);
headers.Add(WebApiGlobal.Header.MaxTop, WebApiGlobal.MaxTop.ToString());
headers.Add(WebApiGlobal.Header.Date, now.ToString("o"));
headers.Add(WebApiGlobal.Header.HmacResultId, ((int)result).ToString());
headers.Add(WebApiGlobal.Header.HmacResultDescription, result.ToString());
if (cacheControllingData.LogUnauthorized)
{
LogUnauthorized(actionContext, result, customer);
}
}
}
