public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg) { var requestUrl = controller.GetRequestUrl(); if (NeverSecret.IsNeverSecretUrl(requestUrl)) { msg = controller.GetEmptyMessage(); return(true); } //CORS pre-flight (ignore creds if using cors). if (Settings.AccessControlAllowOrigin.Count > 0 && controller.InnerRequest.Method.Method == "OPTIONS") { msg = controller.GetEmptyMessage(); return(true); } var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token"); if (string.IsNullOrEmpty(oneTimeToken) == false) { return(TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg)); } var authHeader = controller.GetHeader("Authorization"); var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase); var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg)); } return(windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg)); }
public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg) { var requestUrl = controller.GetRequestUrl(); if (NeverSecret.IsNeverSecretUrl(requestUrl)) { msg = controller.GetEmptyMessage(); return true; } //CORS pre-flight (ignore creds if using cors). if (!String.IsNullOrEmpty(Settings.AccessControlAllowOrigin) && controller.InnerRequest.Method.Method == "OPTIONS") { msg = controller.GetEmptyMessage(); return true; } var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token"); if (string.IsNullOrEmpty(oneTimeToken) == false) { return TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg); } var authHeader = controller.GetHeader("Authorization"); var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase); var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg); } return windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg); }