public override void OnAuthorization(HttpActionContext actionContext)
{
var requestScope = actionContext.Request.GetDependencyScope();
_tohowSvc = requestScope.GetService(typeof(ITohowService)) as ITohowService;
// initi default user
HttpContext.Current.User = new ToHowAPIUser(new ToHowAPIIdentity());
try
{
string token = string.Empty;
switch (AuthType)
{
case AuthenticationTypes.HttpHeader:
IEnumerable<string> sessionToken = new List<string>();
// missing token will return unauthorised
if (!actionContext.Request.Headers.TryGetValues(Constants.TOKEN.API_AUTH_TOKEN, out sessionToken))
if (IsOptional)
return;
else
throw new UnauthorizedAccessException("Missing authentication headers!");
token = sessionToken.First();
break;
case AuthenticationTypes.Cookie:
if (HttpContext.Current.Request.Cookies != null
&& HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE) != null)
{
token = HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE).Value;
}
break;
case AuthenticationTypes.Both:
// try to get token from header first
IEnumerable<string> headerToken = new List<string>();
// missing token will return unauthorised
if (actionContext.Request.Headers.TryGetValues(Constants.TOKEN.API_AUTH_TOKEN, out headerToken))
token = headerToken.First();
if (!string.IsNullOrEmpty(token))
break;
// try to get token from cookie instead
if (HttpContext.Current.Request.Cookies != null
&& HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE) != null)
{
token = HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE).Value;
}
break;
default:
throw new UnauthorizedAccessException("Error in authentication type!");
}
if (string.IsNullOrEmpty(token))
{
if (IsOptional)
return;
else
throw new UnauthorizedAccessException("insufficient credential provided!");
}
var session = _tohowSvc.GetSessionById(new Guid(token));
if (session == null)
{
if (!IsOptional)
throw new UnauthorizedAccessException("Invalid session");
else
return;
}
if (session.Expiry == null ||
session.Expiry < DateTime.UtcNow)
{
_tohowSvc.DeleteSession(session);
if (!IsOptional)
throw new UnauthorizedAccessException("Expired session");
else
return;
}
_tohowSvc.UpdateSessionByOneDay(session);
//HttpContext.Current.User = new ToHowAPIUser(new ToHowAPIIdentity { Name = session.t.DisplayName, SessionId = session, ProfileId = session.ProfileId });
}
catch (UnauthorizedAccessException uex)
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized);
if (actionContext.Response.Headers.Contains(Constants.TOKEN.API_AUTH_TOKEN))
actionContext.Response.Headers.Remove(Constants.TOKEN.API_AUTH_TOKEN);
}
catch (Exception ex)
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.InternalServerError);
if (actionContext.Response.Headers.Contains(Constants.TOKEN.API_AUTH_TOKEN))
actionContext.Response.Headers.Remove(Constants.TOKEN.API_AUTH_TOKEN);
}
}
public ImageController(ITohowService tohowSvc) {
_tohowSvc = tohowSvc;
}
