protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
#region Task5
// TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid
// Then authorise the principle on the current thread using a claim, claimidentity and claimsprinciple
IEnumerable <string> headerValues;
string headerKey = "";
if (request.Headers.TryGetValues("ApiKey", out headerValues))
{
headerKey = headerValues.First();
UserDatabaseAccess accessor = new UserDatabaseAccess();
User existingUser = accessor.CheckandGetUserExists(headerKey);
//Will check for user even if nothing exists as header key is "".
//Maybe not the best idea for efficiency but it's ok for now.
if (existingUser != null)
{
//Then the key is valid.
Claim claim = new Claim(ClaimTypes.Name, existingUser.m_UserName);
ClaimsIdentity identity = new ClaimsIdentity(new[] { claim }, "ApiKey");
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal = principal;
}
}
#endregion
return(base.SendAsync(request, cancellationToken));
}
public string Get()
{
string headerKey = Request.Headers.GetValues("ApiKey").First();
User user = accessor.CheckandGetUserExists(headerKey);
accessor.CreateNewLogEntry(headerKey, "User request Protected/Hello");
return("Hello " + user.m_UserName);
}
public bool Delete([FromUri] string username)
{
string headerKey = Request.Headers.GetValues("ApiKey").First();
User user = accessor.CheckandGetUserExists(headerKey);
if (user != null && user.m_UserName == username)
{
accessor.DeleteUser(headerKey);
accessor.CreateNewLogEntry(headerKey, "User request User/Delete");
return(true);
}
return(false);
}
