/// <summary> /// Determines whether access for this particular request is authenticated. /// </summary> /// <param name="actionContext">The context</param> /// <returns>true if access is authorized; otherwise false</returns> protected virtual bool IsAuthenticated(HttpActionContext actionContext) { actionContext.NotNull(nameof(actionContext)); var user = actionContext.ControllerContext.RequestContext.Principal; return(user.IsNotNull() && user.Identity.IsNotNull() && user.Identity.IsAuthenticated); }
/// <summary> /// Generates the key that should be used to cache/retrieve the content /// for the given action context and action name /// </summary> /// <param name="actionContext">The action context</param> /// <param name="actionName">The action name</param> /// <returns>The key for the given action context and action name</returns> public virtual string Generate( HttpActionContext actionContext, string actionName) { actionContext.NotNull(nameof(actionContext)); actionName.NotNullOrEmpty(nameof(actionName)); return(Generate( actionContext.ControllerContext.ControllerDescriptor.ControllerType, actionName, actionContext)); }
/// <summary> /// Generates the key that should be use to cache/retrieve the content /// for the given controllerType and action name /// </summary> /// <param name="controllerType">The controller type (must be ApiController)</param> /// <param name="actionName">The action name</param> /// <param name="context">The action context</param> /// <returns>The key for the given controller type and action name</returns> /// <exception cref="ArgumentException">If controller type is not an ApiController</exception> public virtual string Generate( Type controllerType, string actionName, HttpActionContext context) { controllerType.NotNull(nameof(controllerType)); controllerType.Is <ApiController>(); actionName.NotNullOrEmpty(nameof(actionName)); context.NotNull(nameof(context)); return("{0}-{1}".AsFormat(controllerType.FullName, actionName)); }
/// <summary> /// Determines whether access for this particular request is authorized. /// Authorization is denied when the user is not in the authorized role (if defined) /// or does not have the authorized claim (if defined) /// </summary> /// <param name="actionContext">The context</param> /// <returns>true if access is authorized; otherwise false</returns> protected virtual bool IsAuthorized(HttpActionContext actionContext) { actionContext.NotNull(nameof(actionContext)); var user = actionContext.ControllerContext.RequestContext.Principal; if (NotAuthorizedRole(user) || NotAuthorizedClaim(user as ClaimsPrincipal)) { return(false); } return(true); }
/// <summary> /// Called when an action is being authorized. /// Authorization is denied if /// - the request is not associated with any user /// - the user is not authenticated, /// - the user is authenticated but it is not in the authorized role (if defined) /// or the user does not have the authorized claim (if defined) /// </summary> /// <param name="actionContext">The context</param> public override void OnAuthorization(HttpActionContext actionContext) { actionContext.NotNull(nameof(actionContext)); if (SkipAuthorization(actionContext)) { return; } if (!IsAuthenticated(actionContext)) { HandleUnauthenticatedRequest(actionContext); } else if (!IsAuthorized(actionContext)) { HandleUnauthorizedRequest(actionContext); } }
/// <summary> /// Action to occur before the actual action method is invoked /// </summary> /// <param name="actionContext">The action context</param> public override void OnActionExecuting( HttpActionContext actionContext) { actionContext.NotNull(nameof(actionContext)); if (!IsCachingAllowed(actionContext)) { return; } var content = GetCachedContent(actionContext); if (content.IsNullOrEmpty()) { return; } CreateResponse(actionContext, content); ApplyCacheHeaders(actionContext.Response); }
/// <summary> /// Processes requests that fail authorization. /// This default implementation creates a new response with the Forbidden status code. /// </summary> /// <param name="actionContext">The context</param> protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext) { actionContext.NotNull(nameof(actionContext)); actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden); }
/// <summary> /// Generates the key that should be used to cache/retrieve the content /// for the given action context using a combination of controller and action names /// </summary> /// <param name="actionContext">The action context</param> /// <returns>The key for the given action context</returns> public virtual string Generate(HttpActionContext actionContext) { actionContext.NotNull(nameof(actionContext)); return(Generate(actionContext, actionContext.ActionDescriptor.ActionName)); }