} // constructor public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnActionExecuting(actionContext); if (!m_oSecurity.IsActionEnabled(actionContext.Request.GetUserName(), m_nAction)) { actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Forbidden, "You are not authorized to perform this action." ); } // if } // OnActionExecuting
public static HttpResponseMessage CreateResponse(int nApiVersion, HttpRequestMessage oRequest, HttpStatusCode nCode, string sFormat, params object[] args) { string sMsg = string.IsNullOrWhiteSpace(sFormat) ? nCode.ToString() : string.Format(sFormat, args); var oResponse = new HttpResponseMessage(nCode) { ReasonPhrase = sMsg, }; HandleActionExecutedAttribute.FillResponse(nApiVersion, oResponse, oRequest); ms_oLog.Debug("An HTTP response message has been created with code {0}.", oResponse.StatusCode); return(oResponse); } // CreateResponse
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { string sPattern = string.Format( "Validating app key header for '{0} {1}' from '{2}'", actionContext.Request.Method, actionContext.Request.RequestUri, actionContext.Request.GetRemoteIp() ); ms_oLog.Debug("{0} started.", sPattern); HttpRequestMessage oRequest = actionContext.Request; if (!oRequest.Headers.Contains(Const.Headers.AppKey)) { actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Unauthorized, "No app key specified." ); ms_oLog.Debug("{0} failed: no app key header found.", sPattern); return; } // if string sAppKey = oRequest.Headers.GetValues(Const.Headers.AppKey).First(); var oSec = new SecurityStub(); if (!oSec.IsAppKeyValid(sAppKey)) { actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Forbidden, "Invalid app key specified ({0}).", sAppKey ); ms_oLog.Debug("{0} failed: invalid app key header found: '{1}'.", sPattern, sAppKey); return; } // if ms_oLog.Debug("{0} succeeded.", sPattern); } // OnActionExecuting
} // constructor public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { HttpRequestMessage oRequest = actionContext.Request; if (!oRequest.Headers.Contains(Const.Headers.SessionToken)) { actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Forbidden, "No session token specified." ); return; } // if string sToken = oRequest.Headers.GetValues(Const.Headers.SessionToken).First(); ActiveUserInfo oUserInfo = m_oSecurity.ValidateSessionToken(sToken, actionContext.Request.GetRemoteIp()); actionContext.Request.SetUserName(null); switch (oUserInfo.TokenValidity) { case TokenValidity.Valid: actionContext.Request.SetUserName(oUserInfo.UserName); return; case TokenValidity.Expired: actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Forbidden, "Your session has expired, please login again." ); return; case TokenValidity.Invalid: actionContext.Response = HandleActionExecutedAttribute.CreateResponse( GetApiVersion(actionContext), actionContext.Request, HttpStatusCode.Unauthorized, "Invalid session token specified ({0}).", sToken ); return; } // switch } // OnActionExecuting