public override void OnAuthorization(HttpActionContext actionContext) { base.OnAuthorization(actionContext); arrRoles = _Roles.Split(','); JwtDecodeModel model = (JwtDecodeModel)Thread.CurrentPrincipal; bool estaEnRol = false; foreach (String r in arrRoles) { if (model.IsInRole(r.Trim())) { estaEnRol = true; break; } } if (!estaEnRol) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, ResponseUtil.CreaRespuestaError(401, "No tiene permisos para esta acción", "Error de autorización")); } }
public override void OnAuthorization(HttpActionContext actionContext) { base.OnAuthorization(actionContext); HttpResponseMessage response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ResponseUtil.CreaRespuestaError(403, "Por favor identificarse", "Error de autenticación")); if (actionContext.Request.Headers.Authorization != null) { string Bearer = actionContext.Request.Headers.Authorization.ToString(); if (Bearer.StartsWith("Bearer ")) { string[] arrAuth = Bearer.Split(' '); if (arrAuth.Count() > 1) { string token = arrAuth[1]; JwtDecodeModel model = JwtUtil.ValidaToken(token); if (model != null) { Thread.CurrentPrincipal = model; HttpContext.Current.User = model; } else { actionContext.Response = response; } } else { actionContext.Response = response; } } else { actionContext.Response = response; } } else { actionContext.Response = response; } }
public override void OnException(HttpActionExecutedContext actionExecutedContext) { base.OnException(actionExecutedContext); HttpResponseMessage response; if (actionExecutedContext.Exception is CustomResponseException) { CustomResponseException exception = (CustomResponseException)actionExecutedContext.Exception; response = actionExecutedContext.Request.CreateResponse <GenericResponse <String> >( (HttpStatusCode)exception.HttpCode, ResponseUtil.CreaRespuestaError(exception.HttpCode, exception.Message) ); } else { response = actionExecutedContext.Request.CreateResponse <GenericResponse <String> >( HttpStatusCode.InternalServerError, ResponseUtil.CreaRespuestaError(500, actionExecutedContext.Exception.Message) ); } actionExecutedContext.Response = response; }