protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { IEnumerable<string> userNameHeaderValues = null; if (request.Headers.TryGetValues(KawalDesaHeaders.X_KD_USERID, out userNameHeaderValues)) { if (!IsValidEmissRequest(request)) { var response = request.CreateErrorResponse(HttpStatusCode.BadRequest, "Not a Valid Request"); return Task.FromResult<HttpResponseMessage>(response); } IEnumerable<String> expireHeaderValues = null; if (request.Headers.TryGetValues(KawalDesaHeaders.X_KD_EXPIRES, out expireHeaderValues)) { if (IsExpiredRequest(expireHeaderValues.FirstOrDefault())) { var response = request.CreateErrorResponse(HttpStatusCode.BadRequest, "Your Request Has Expired"); return Task.FromResult<HttpResponseMessage>(response); } } var userName = userNameHeaderValues.First(); var userManager = new UserManager<User>(new CUserStore<User>(new DB())); var user = userManager.FindByName(userName); if (user != null) { string signature = CryptographyHelper.Sign(request, user.SecretKey); if (signature.Equals(request.Headers.GetValues(KawalDesaHeaders.X_KD_SIGNATURE).FirstOrDefault())) { var identity = new KawalDesaIdentity(user, "Emiss"); var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray()); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } } } else if (HttpContext.Current.Session != null && !String.IsNullOrEmpty((string)HttpContext.Current.Session[KawalDesaController.USERID_KEY])) { var session = HttpContext.Current.Session; var userManager = new UserManager<User>(new CUserStore<User>(new DB())); var user = userManager.FindById((string)session[KawalDesaController.USERID_KEY]); if (user != null) { var identity = new KawalDesaIdentity(user, "Session"); var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray()); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } } return base.SendAsync(request, cancellationToken); }
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { using (var db = new DB()) { IEnumerable<string> authorizationHeaderValues = null; if (request.Headers.TryGetValues("Authorization", out authorizationHeaderValues)) { try { var auth = authorizationHeaderValues.First().Split(null)[1]; var token = JsonWebToken.Decode(auth, ConfigurationManager.AppSettings["Auth.SecretKey"]); var userManager = new UserManager<User>(new CUserStore<User>(db)); var user = userManager.FindById(token.UserId); if (user != null) { var identity = new KawalDesaIdentity(user, "exAuth"); var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray()); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } } catch (Exception e) { LogManager.GetLogger(typeof(AuthorizationHandler)).Error("Auth error", e); } } else if (HttpContext.Current.Session != null && !String.IsNullOrEmpty((string)HttpContext.Current.Session[KawalDesaController.USERID_KEY])) { var session = HttpContext.Current.Session; var userManager = new UserManager<User>(new CUserStore<User>(db)); var user = userManager.FindById((string)session[KawalDesaController.USERID_KEY]); if (user != null) { var identity = new KawalDesaIdentity(user, "Session"); var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray()); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } } return base.SendAsync(request, cancellationToken); } }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { using (var db = new DB()) { IEnumerable <string> authorizationHeaderValues = null; if (request.Headers.TryGetValues("Authorization", out authorizationHeaderValues)) { try { var auth = authorizationHeaderValues.First().Split(null)[1]; var token = JsonWebToken.Decode(auth, ConfigurationManager.AppSettings["Auth.SecretKey"]); var userManager = new UserManager <User>(new CUserStore <User>(db)); var user = userManager.FindById(token.UserId); if (user != null) { var identity = new KawalDesaIdentity(user, "exAuth"); var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray()); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } } catch (Exception e) { LogManager.GetLogger(typeof(AuthorizationHandler)).Error("Auth error", e); } } else if (HttpContext.Current.Session != null && !String.IsNullOrEmpty((string)HttpContext.Current.Session[KawalDesaController.USERID_KEY])) { var session = HttpContext.Current.Session; var userManager = new UserManager <User>(new CUserStore <User>(db)); var user = userManager.FindById((string)session[KawalDesaController.USERID_KEY]); if (user != null) { var identity = new KawalDesaIdentity(user, "Session"); var principal = new GenericPrincipal(identity, userManager.GetRoles(user.Id).ToArray()); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } } return(base.SendAsync(request, cancellationToken)); } }