/// <summary> /// /// </summary> /// <param name="actionContext"></param> protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Role", "Invalid User Role")); }
public override void OnActionExecuting(HttpActionContext actionContext) { if (actionContext.ModelState.IsValid == false) { List <string> errorCollestion = new List <string>(); var states = actionContext.ModelState.ToList(); foreach (var item in states) { var errores = item.Value.Errors; foreach (var error in errores) { errorCollestion.Add(error.ErrorMessage); } } string message = String.Join("|", errorCollestion.ToArray()); actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>(message)); } }
private void AuthorizeRequest(HttpActionContext actionContext, AuthenticationTicket tokenTicket) { string token = string.Empty; AuthenticationTicket ticket; token = (actionContext.Request.Headers.Any(x => x.Key == "Authorization")) ? actionContext.Request.Headers.Where(x => x.Key == "Authorization").FirstOrDefault().Value.SingleOrDefault().Replace("Bearer ", "") : ""; if (token == string.Empty) { actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Header", "Invalid Header/Token not present")); return; } //your OAuth startup class may be called something else... ticket = tokenTicket; //Startup.OAuthServerOptions.AccessTokenFormat.Unprotect(token); if (ticket == null) { actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Token", "Invalid token value")); return; } else if (ticket.Identity.Claims.Where(c => c.Type.StartsWith("expires_at")).FirstOrDefault() != null) { DateTime expiresAt = DateTime.Parse(ticket.Identity.Claims.Where(c => c.Type.StartsWith("expires_at")).FirstOrDefault().Value); if (DateTime.Now > expiresAt) { actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Token", "Invalid token value")); return; } } else if (ticket.Identity.Claims.Where(c => c.Type.StartsWith("User-Agent")).FirstOrDefault() != null) { var tokenUserAgent = ticket.Identity.Claims.Where(c => c.Type.StartsWith("User-Agent")).FirstOrDefault().Value; if (actionContext.Request.Headers.UserAgent.Count > 0 && ticket != null) { var headers = actionContext.Request.Headers.GetValues("User-Agent"); var userAgent = string.Join(" ", headers); if (tokenUserAgent != userAgent) { actionContext.Response = actionContext.Request.CreateResponse <ApiResponse <bool> >(HttpStatusCode.OK, ApiUtility.ApiBadRequest <bool>("Invalid Agent", "Invalid agent value")); return; } } } if (actionContext.Request.Properties.Where(a => a.Key == "deviceIdentity").Count() == 0) { var userIdentityNo = ticket.Identity.Claims.Where(c => c.Type.StartsWith("deviceId")).Count() > 0 ? ticket.Identity.Claims.Where(c => c.Type.StartsWith("deviceId")).FirstOrDefault().Value : "System"; actionContext.Request.Properties.Add(new KeyValuePair <string, object>("deviceIdentity", userIdentityNo)); } }