public AbstractController()
{
string connectionstring = WebConfigManipulation.GetConfig("ConnectionString");
ConnectionEnum connectionType = (ConnectionEnum)Convert.ToInt32(WebConfigManipulation.GetConfig("ConnectionType"));
ConnectionString = connectionstring;
ConnectionType = connectionType;
ConnectionFactory = new ConnectionFactory(ConnectionString, ConnectionType);
var identity = User.Identity as System.Security.Claims.ClaimsIdentity;
int usuarioId = 0;
int?empresaId = null;
if (identity.Claims.Count() > 0)
{
usuarioId = Convert.ToInt32(identity.Claims.Single(x => x.Type == "Id").Value);
if (identity.Claims.Any(x => x.Type == "EmpresaId"))
{
empresaId = Convert.ToInt32(identity.Claims.Single(x => x.Type == "EmpresaId").Value);
}
}
UsuarioId = usuarioId;
EmpresaId = empresaId;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
string connectionstring = WebConfigManipulation.GetConfig("ConnectionString");
ConnectionEnum connectionType = (ConnectionEnum)Convert.ToInt32(WebConfigManipulation.GetConfig("ConnectionType"));
var connectionFactory = new ConnectionFactory(connectionstring, connectionType);
var userBO = new UsuarioBO(connectionFactory, 0, 0);
int empresaId = Convert.ToInt32(System.Web.HttpContext.Current.Request.Params["empresaId"]);
var loginUser = userBO.Login(context.UserName, context.Password, empresaId);
if (loginUser == null)
{
context.SetError("invalid_grant", "Usuário ou senha incorretos");
return;
}
ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim("Id", loginUser.UsuarioId.ToString()));
identity.AddClaim(new Claim("EmpresaId", loginUser.EmpresaId.ToString()));
var ticket = new AuthenticationTicket(identity, null);
context.Validated(ticket);
await Task.FromResult <object>(ticket);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var actionName = actionContext.ActionDescriptor.ActionName;
if (!string.IsNullOrEmpty(AuthMethod))
{
actionName = AuthMethod;
}
var controllerName = actionContext.ControllerContext.ControllerDescriptor.ControllerName;
var controllerActionsToCheck = actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AuthorizeControllerActionsAttribute>().FirstOrDefault();
bool checkAction = true;
string[] defaultActions = new string[] { "Insert", "IdentityInsert", "Find", "List", "Update", "Delete", "Activate", "Deactivate" };
if (defaultActions.Contains(actionName) && (
(actionName == "Insert" && controllerActionsToCheck.CheckInsert) ||
(actionName == "IdentityInsert" && controllerActionsToCheck.CheckIdentityInsert) ||
(actionName == "Find" && controllerActionsToCheck.CheckFind) ||
(actionName == "List" && controllerActionsToCheck.CheckList) ||
(actionName == "Update" && controllerActionsToCheck.CheckUpdate) ||
(actionName == "Delete" && controllerActionsToCheck.CheckDelete) ||
(actionName == "Activate" && controllerActionsToCheck.CheckActivate) ||
(actionName == "Deactivate" && controllerActionsToCheck.CheckDeactivate)))
{
checkAction = true;
}
else if (defaultActions.Contains(actionName))
{
checkAction = false;
}
if (checkAction)
{
base.OnAuthorization(actionContext);
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
return;
}
var identity = HttpContext.Current.User.Identity as System.Security.Claims.ClaimsIdentity;
int empresaId = Convert.ToInt32(identity.Claims.Single(x => x.Type == "EmpresaId").Value);
int usuarioId = Convert.ToInt32(identity.Claims.Single(x => x.Type == "Id").Value);
bool usuarioAutorizado = false;
string connectionString = WebConfigManipulation.GetConfig("ConnectionString");
ConnectionEnum connectionType = (ConnectionEnum)Convert.ToInt32(WebConfigManipulation.GetConfig("ConnectionType"));
using (var connectionFactory = new ConnectionFactory(connectionString, connectionType))
usuarioAutorizado = new PermissaoUsuarioDAO(connectionFactory, empresaId).UsuarioPossuiPermissao(usuarioId, controllerName, actionName);
if (!usuarioAutorizado)
{
HandleUnauthorizedRequest(actionContext);
}
}
}
public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
{
var accessToken = context.AccessToken;
var identidade = context.Identity;
string connectionstring = WebConfigManipulation.GetConfig("ConnectionString");
ConnectionEnum connectionType = (ConnectionEnum)Convert.ToInt32(WebConfigManipulation.GetConfig("ConnectionType"));
var connectionFactory = new ConnectionFactory(connectionstring, connectionType);
int id = Convert.ToInt32(identidade.Claims.Single(x => x.Type == "Id").Value);
int empresaId = Convert.ToInt32(identidade.Claims.Single(x => x.Type == "EmpresaId").Value);
var userBO = new UsuarioBO(connectionFactory, id, empresaId);
userBO.AtualizarToken(id, accessToken);
return(Task.FromResult <object>(null));
}
public static void Register(HttpConfiguration config)
{
// Serviços e configuração da API da Web
var urls = WebConfigManipulation.GetConfig("AuthorizedUrls");
var politicas = new EnableCorsAttribute(urls, "*", "GET, PUT, POST, DELETE, OPTIONS");
config.EnableCors(politicas);
// Rotas da API da Web
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Formatters.XmlFormatter.SupportedMediaTypes.Add(new System.Net.Http.Headers.MediaTypeHeaderValue("multipart/form-data"));
}