示例#1
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            base.OnAuthorization(actionContext);
            //do not continue if there's already a response.
            if (actionContext.Response == null)
            {
                //add our DB here.
                TechDispatchContext db   = new TechDispatchContext();
                ClaimsIdentity      user = HttpContext.Current.User.Identity as ClaimsIdentity;
                //find a user that matches both ID and auth ID. Otherwise, fail.
                //grab the string that holds the current auth ID so we can compare it.
                Claim _authId = user.Claims.DefaultIfEmpty(null).FirstOrDefault(x => x.Type == "AuthId");
                int   AuthId;

                if (_authId == null || !Int32.TryParse(_authId.Value, out AuthId))
                {
                    //missing a value here, refuse access.
                    actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                    return;
                }
                string Email = user.Claims.FirstOrDefault(x => x.Type == "Email").Value;

                ApplicationUser target = db.Users.DefaultIfEmpty(null).FirstOrDefault(x => x.Email == Email && x.AuthId == AuthId);
                if (target == null)
                {
                    //refuse access.
                    actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                }
            }
        }