public override void OnAuthorization(HttpActionContext actionContext) { var requestScope = actionContext.Request.GetDependencyScope(); _tohowSvc = requestScope.GetService(typeof(ITohowService)) as ITohowService; // initi default user HttpContext.Current.User = new ToHowAPIUser(new ToHowAPIIdentity()); try { string token = string.Empty; switch (AuthType) { case AuthenticationTypes.HttpHeader: IEnumerable<string> sessionToken = new List<string>(); // missing token will return unauthorised if (!actionContext.Request.Headers.TryGetValues(Constants.TOKEN.API_AUTH_TOKEN, out sessionToken)) if (IsOptional) return; else throw new UnauthorizedAccessException("Missing authentication headers!"); token = sessionToken.First(); break; case AuthenticationTypes.Cookie: if (HttpContext.Current.Request.Cookies != null && HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE) != null) { token = HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE).Value; } break; case AuthenticationTypes.Both: // try to get token from header first IEnumerable<string> headerToken = new List<string>(); // missing token will return unauthorised if (actionContext.Request.Headers.TryGetValues(Constants.TOKEN.API_AUTH_TOKEN, out headerToken)) token = headerToken.First(); if (!string.IsNullOrEmpty(token)) break; // try to get token from cookie instead if (HttpContext.Current.Request.Cookies != null && HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE) != null) { token = HttpContext.Current.Request.Cookies.Get(Constants.TOKEN.API_AUTH_COOKIE).Value; } break; default: throw new UnauthorizedAccessException("Error in authentication type!"); } if (string.IsNullOrEmpty(token)) { if (IsOptional) return; else throw new UnauthorizedAccessException("insufficient credential provided!"); } var session = _tohowSvc.GetSessionById(new Guid(token)); if (session == null) { if (!IsOptional) throw new UnauthorizedAccessException("Invalid session"); else return; } if (session.Expiry == null || session.Expiry < DateTime.UtcNow) { _tohowSvc.DeleteSession(session); if (!IsOptional) throw new UnauthorizedAccessException("Expired session"); else return; } _tohowSvc.UpdateSessionByOneDay(session); //HttpContext.Current.User = new ToHowAPIUser(new ToHowAPIIdentity { Name = session.t.DisplayName, SessionId = session, ProfileId = session.ProfileId }); } catch (UnauthorizedAccessException uex) { actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized); if (actionContext.Response.Headers.Contains(Constants.TOKEN.API_AUTH_TOKEN)) actionContext.Response.Headers.Remove(Constants.TOKEN.API_AUTH_TOKEN); } catch (Exception ex) { actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.InternalServerError); if (actionContext.Response.Headers.Contains(Constants.TOKEN.API_AUTH_TOKEN)) actionContext.Response.Headers.Remove(Constants.TOKEN.API_AUTH_TOKEN); } }
public ImageController(ITohowService tohowSvc) { _tohowSvc = tohowSvc; }