protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { #region Task5 // TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid // Then authorise the principle on the current thread using a claim, claimidentity and claimsprinciple IEnumerable <string> headerValues; string headerKey = ""; if (request.Headers.TryGetValues("ApiKey", out headerValues)) { headerKey = headerValues.First(); UserDatabaseAccess accessor = new UserDatabaseAccess(); User existingUser = accessor.CheckandGetUserExists(headerKey); //Will check for user even if nothing exists as header key is "". //Maybe not the best idea for efficiency but it's ok for now. if (existingUser != null) { //Then the key is valid. Claim claim = new Claim(ClaimTypes.Name, existingUser.m_UserName); ClaimsIdentity identity = new ClaimsIdentity(new[] { claim }, "ApiKey"); ClaimsPrincipal principal = new ClaimsPrincipal(identity); Thread.CurrentPrincipal = principal; } } #endregion return(base.SendAsync(request, cancellationToken)); }
public string Get() { string headerKey = Request.Headers.GetValues("ApiKey").First(); User user = accessor.CheckandGetUserExists(headerKey); accessor.CreateNewLogEntry(headerKey, "User request Protected/Hello"); return("Hello " + user.m_UserName); }
public bool Delete([FromUri] string username) { string headerKey = Request.Headers.GetValues("ApiKey").First(); User user = accessor.CheckandGetUserExists(headerKey); if (user != null && user.m_UserName == username) { accessor.DeleteUser(headerKey); accessor.CreateNewLogEntry(headerKey, "User request User/Delete"); return(true); } return(false); }