/// <summary> /// Initializes the current context and sets various members to the values supplied in parameters /// Also checks whether the app token is valid and whether the current user is authorized to access the called web method /// </summary> /// <param name="appToken">Application token supplied by the client</param> /// <param name="userToken">User token supplied by the client</param> /// <param name="userName">Current user name</param> /// <param name="failInNoApp">Whether to throw an exception if no approved application is found to match the token</param> /// public static void Initialize(string appToken, string userToken) { if (Current != null) { return; } using (ApplicationDataContext dataContext = new ApplicationDataContext()) { Current = new BrokerContext(); Current.ActivityId = Guid.NewGuid(); Current.ApplicationToken = appToken; Current.UserToken = userToken; Current.UserName = Security.CurrentUser; Application currentApplication = dataContext.Applications.SingleOrDefault(app => app.Token == appToken && app.IsApproved == true); if (currentApplication != null) { Current.ApplicationId = currentApplication.ApplicationId; Current.ApplicationName = currentApplication.Name; } else { throw new InvalidTokenException(appToken, userToken); } // Now find if current user is authorized to access the current method if (System.Web.HttpContext.Current != null) { var ctx = System.Web.HttpContext.Current; // Search up the stack to find the Method's message name System.Reflection.MethodBase method = null; for (int i = 1; true; i++) { StackFrame stackFrame = new StackFrame(i); method = stackFrame.GetMethod(); if (method == null || method.IsDefined(typeof(WebMethodAttribute), false) && method.DeclaringType.IsSubclassOf(typeof(System.Web.Services.WebService))) { break; } } if (method != null) { // Now get the method's message name WebMethodAttribute webMethodAttribute = (from attr in method.GetCustomAttributes(typeof(WebMethodAttribute), false) select attr).First() as WebMethodAttribute; Current.WebMethodMessageName = string.IsNullOrEmpty(webMethodAttribute.MessageName) ? method.Name : webMethodAttribute.MessageName; bool isAuthorized = System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal( string.Format("{0}/{1}", System.Web.HttpContext.Current.Request.Path, Current.WebMethodMessageName), System.Web.HttpContext.Current.User, "GET" ); if (!isAuthorized) { Console.Write("not authoriced exception" + Current.WebMethodMessageName); throw new System.Security.Authentication.AuthenticationException(); } } } } }