public override void OnActionExecuting(HttpActionContext actionContext) { HttpRequestMessage request = actionContext.Request; string query = request.RequestUri.Query.Substring(1); var parts = query.Split('&').ToList(); bool foundExpand = false; for (int i = 0; i < parts.Count; i++) { string segment = parts[i]; if (segment.StartsWith(ODataExpandOption, StringComparison.Ordinal)) { foundExpand = true; parts[i] += "," + this.AlwaysExpand; break; } } if (!foundExpand) { parts.Add(ODataExpandOption + this.AlwaysExpand); } UriBuilder modifiedRequestUri = new UriBuilder(request.RequestUri); modifiedRequestUri.Query = string.Join("&", parts.Where(p => p.Length > 0)); request.RequestUri = modifiedRequestUri.Uri; base.OnActionExecuting(actionContext); }
public override async Task OnAuthorizationAsync( HttpActionContext actionContext, CancellationToken cancellationToken ) { if ( actionContext.ControllerContext.ControllerDescriptor.ControllerType == typeof( UserController ) || string.Equals( actionContext.ActionDescriptor.ActionName, "Test", StringComparison.OrdinalIgnoreCase ) ) return; var request = actionContext.Request; string loginToken = null; if ( loginToken == null ) { var authorization = request.Headers.Authorization; if ( authorization != null && authorization.Scheme == "Hello" ) loginToken = authorization.Parameter; } if ( loginToken == null ) { var cookie = request.Headers.GetCookies( "loginToken" ).SelectMany( c => c.Cookies ); if ( cookie.Any() ) loginToken = cookie.First().Value; } var userId = Host.UserService.GetUserID( loginToken ); if ( userId == null ) actionContext.Response = request.CreateErrorResponse( HttpStatusCode.Unauthorized, "Unauthorized" ); else actionContext.Request.Properties["UserID"] = userId; }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { bool result = base.IsAuthorized(actionContext); Console.WriteLine(result); return(true); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.ModelState.IsValid == false) { actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.BadRequest, actionContext.ModelState); } }
//重写基类的验证方式,加入我们自定义的Ticket验证 public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //url获取token var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase; var token = content.Request.Headers["sessionID"]; if (!string.IsNullOrEmpty(token) && token != "undefined") { //解密用户ticket,并校验用户名密码是否匹配 if (ValidateTicket(token)) { base.IsAuthorized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } //如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401 else { var attributes = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().OfType <AllowAnonymousAttribute>(); bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute); if (isAnonymous) { base.OnAuthorization(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); } else { string authToken = actionContext.Request.Headers.Authorization.Parameter; string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); if (!string.IsNullOrEmpty(decodedToken)) { string[] paramters = decodedToken.Split(':'); if (paramters.Length == 2) { ErpUser obj = new ErpUser() { Username = paramters[0], Token = Guid.Parse(paramters[1]) }; if (ErpUserRepo.IsValidToken(obj)) { return; } } } actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); } }
//public override void OnAuthorization(HttpActionContext actionContext) //{ // var authHeader = actionContext.Request.Headers.Authorization; // if (authHeader != null) // { // var authenticationToken = actionContext.Request.Headers.Authorization.Parameter; // var decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken)); // var usernamePasswordArray = decodedAuthenticationToken.Split(':'); // var userName = usernamePasswordArray[0]; // var password = usernamePasswordArray[1]; // var api_key = ConfigurationManager.AppSettings["basic_api_key"]; // var api_secret = ConfigurationManager.AppSettings["basic_api_secret"]; // // validacion de credenciales // var isValid = userName == api_key && password == api_secret; // if (isValid) // { // var principal = new GenericPrincipal(new GenericIdentity(userName), null); // Thread.CurrentPrincipal = principal; // return; // } // } // HandleUnathorized(actionContext); //} public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { HandleUnathorized(actionContext); } else { var basic_api_key = ConfigurationManager.AppSettings["basic_api_key"]; var basic_api_secret = ConfigurationManager.AppSettings["basic_api_secret"]; // Gets header parameters string authenticationString = actionContext.Request.Headers.Authorization.Parameter; string originalString = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationString)); // Gets credenciales string api_key = originalString.Split(':')[0]; string api_secret = originalString.Split(':')[1]; // validacion de credenciales var isValid = api_key == basic_api_key && api_secret == basic_api_secret; if (!isValid) { // returns unauthorized error HandleUnathorized(actionContext); } } base.OnAuthorization(actionContext); }
/// <summary> /// Authorizes a given request based on the existence of the API key. /// </summary> /// <param name="actionContext">The current <see cref="HttpActionContext"/> to inspect.</param> private bool AuthorizeRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { if (Debugger.IsAttached) { return(true); } List <string> values = new List <string>(); try { values = actionContext.Request.Headers.GetValues("APIKey").ToList(); } catch (Exception) { } if (values.Count == 0) { return(false); } else if (values[0] != ConfigurationManager.AppSettings["APIKey"]) { return(false); } return(true); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { var request = actionContext.Request; var headers = request.Headers; if (!headers.Contains("X-Requested-With") || headers.GetValues("X-Requested-With").FirstOrDefault() != "XMLHttpRequest") { TransactionalInformation transactionInformation = new TransactionalInformation(); transactionInformation.ReturnMessage.Add("Access has been denied."); transactionInformation.ReturnStatus = false; actionContext.Response = request.CreateResponse <TransactionalInformation>(HttpStatusCode.BadRequest, transactionInformation); } else { HttpContext ctx = default(HttpContext); ctx = HttpContext.Current; if (ctx.User.Identity.IsAuthenticated == false) { TransactionalInformation transactionInformation = new TransactionalInformation(); transactionInformation.ReturnMessage.Add("Your session has expired."); transactionInformation.ReturnStatus = false; actionContext.Response = request.CreateResponse <TransactionalInformation>(HttpStatusCode.BadRequest, transactionInformation); } } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { string secret = "myJwtAuthDemo";//加解密的key,如果不一樣會無法成功解密 var request = actionContext.Request; if (!WithoutVerifyToken(request.RequestUri.ToString())) { if (request.Headers.Authorization == null || request.Headers.Authorization.Scheme != "Bearer") { setErrorResponse(actionContext, "Lost Token"); } else { var jwtObject = Jose.JWT.Decode <Dictionary <string, Object> >( request.Headers.Authorization.Parameter, Encoding.UTF8.GetBytes(secret), JwsAlgorithm.HS256); if (IsTokenExpired(jwtObject["Exp"].ToString())) { setErrorResponse(actionContext, "Token Expired"); } } } base.OnActionExecuting(actionContext); }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { object tempRoles = null; List <string> lstRoles = new List <string>(); var identity = ParseAuthorizationHeader(actionContext); if (identity == null) { return(false); } if (!OnAuthorizeUser(identity.Name, actionContext)) { return(false); } List <Claim> lstClaims = new List <Claim>(); if (actionContext.Request.Properties.TryGetValue("Token", out tempRoles)) { EmployeeToken employeeTokenInfo = tempRoles as EmployeeToken; lstClaims.Add(new Claim(ClaimTypes.Name, employeeTokenInfo.UserName)); lstClaims.Add(new Claim(ClaimTypes.UserData, identity.Name)); lstClaims.Add(new Claim(ClaimTypes.Role, employeeTokenInfo.Type.ToString())); } ClaimsIdentity claimsIdentity = new ClaimsIdentity(lstClaims, "MicroBot"); ClaimsPrincipal principal = new ClaimsPrincipal(claimsIdentity); Thread.CurrentPrincipal = HttpContext.Current.User = principal; return(base.IsAuthorized(actionContext)); }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { var headers = actionContext.Request.Headers.Authorization; if (headers != null) { try { if (string.IsNullOrWhiteSpace(SessionHelper.SessionId)) { return(false); } CacheManagement _cache = new CacheManagement(); var sessionData = _cache.GetSessionData(headers.Scheme); if (sessionData.ExpirationDate > DateTime.Now) { return(true); } } catch { //return false; } finally { } } return(false); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //if (!SkipAuthorization(actionContext) && !AuthenticateApplicationService.IsAuthenticated()) // throw new UnauthorizeException("nao autorizado"); base.OnAuthorization(actionContext); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //base.OnAuthorization(actionContext); var headers = actionContext.Request.Headers; if (actionContext.Request.Headers.Authorization == null) { PutUnauthorizedResult(actionContext, "No hay autorización"); } else { try { var userPwd = Encoding.UTF8.GetString(Convert.FromBase64String(headers.Authorization.Parameter)); var credArray = userPwd.Split(":".ToCharArray()); var userName = credArray[0]; var password = credArray[1]; if (Ion_Auth.Login(userName, password) == false) { PutUnauthorizedResult(actionContext, "No existe usuario"); } } catch (Exception ex) { PutUnauthorizedResult(actionContext, ex.Message); } } }
/// <summary> /// 重写OnActionExecuting方法 在进入控制器之前验证 sign以及 参数合法性信息 add by caoheyang 20150318 /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { Stopwatch stop = new Stopwatch(); actionContext.Request.Properties[Key] = stop; stop.Start(); }
public virtual void InternalActionExecuting(HttpActionContext actionContext, CancellationToken cancellationToken) { var contentType = actionContext.Request.Content.Headers.ContentType; if (contentType != null && contentType.MediaType != JsonApiFormatter.JSON_API_MIME_TYPE) { return; } if (actionContext.ActionArguments.Any(a => a.Value is UpdateDocumentTypeWrapper)) { var argument = actionContext.ActionArguments.First(a => a.Value is UpdateDocumentTypeWrapper); var updateDocument = argument.Value as UpdateDocumentTypeWrapper; if (updateDocument != null) { var resultType = updateDocument.Type.GetGenericArguments()[0]; var context = new Context { Configuration = configuration, RoutePrefix = GetRoutePrefix(actionContext) }; var result = jsonApiTransformer.TransformBack(updateDocument.UpdateDocument, resultType, context); actionContext.ActionArguments[argument.Key] = result; } } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { HttpContext.Current.Response.TrySkipIisCustomErrors = true; if (!actionContext.ModelState.IsValid) { var controller = actionContext.ControllerContext.Controller as TSICAppJsonAPIController; if (controller != null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, controller.CreateValidationResponse(actionContext.ModelState)); } else { var errors = actionContext.ModelState .Where(e => e.Value.Errors.Count > 0) .Select(e => new Error { Name = e.Key, Message = e.Value.Errors.First().ErrorMessage }).ToArray(); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, new ErrorList { Errors = errors, Status = "ValidationFailed", Message = "数据绑定检查失败" }); } } }
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { var controller = actionContext.ControllerContext.Controller as TSICAppJsonAPIController; if (controller != null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new AppJsonResponse() { Meta = new JsonAsyncObjectMetaData() { Type = "UnauthorizedModel", Uri = "Unauthorized", }, Data = new UnauthorizedModel() { RequireUri = controller.GetUriFromLocalPath(), Message = "未授权的请求", } }); } else { base.HandleUnauthorizedRequest(actionContext); } }
public void Should_return_context_with_webApi_related_keys() { // Arrange var att = new OutputCacheAttributeWithPublicMethods(); var dependencyScope = Substitute.For<IDependencyScope>(); var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/api"), Properties = { { "MS_DependencyScope", dependencyScope } }, //https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/System.Web.Http/Hosting/HttpPropertyKeys.cs Headers = { }, Content = new StringContent("Content...") }; var actionContext = new HttpActionContext( new HttpControllerContext( new HttpConfiguration(), Substitute.For<IHttpRouteData>(), request), Substitute.For<HttpActionDescriptor>()); // Action var context = att.GetInvocationContextPublic(actionContext); // Assert Assert.AreSame(att, context[Global.__flatwhite_outputcache_attribute]); Assert.AreSame(dependencyScope, context[WebApiExtensions.__webApi_dependency_scope]); Assert.IsTrue((bool)context[WebApiExtensions.__webApi]); Assert.IsNotNull(context["headers"]); Assert.IsNotNull(context["method"]); Assert.IsNotNull(context["requestUri"]); Assert.IsNotNull(context["query"]); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { var headers = actionContext.Request.Headers; if (headers.Authorization != null && headers.Authorization.Scheme == "Basic") { try { var userPwd = Encoding.UTF8.GetString(Convert.FromBase64String(headers.Authorization.Parameter)); var user = userPwd.Substring(0, userPwd.IndexOf(':')); var password = userPwd.Substring(userPwd.IndexOf(':') + 1); // Validamos user y password (aquí asumimos que siempre son ok) if (!user.Equals("my_user") || !password.Equals("my_password")) { PutUnauthorizedResult(actionContext, "Invalid Authorization header"); } } catch (Exception) { PutUnauthorizedResult(actionContext, "Invalid Authorization header"); } } else { // No hay el header Authorization PutUnauthorizedResult(actionContext, "Auhtorization needed"); } }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnAuthorization(actionContext); if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string encoded = actionContext.Request.Headers.Authorization.Parameter.ToString(); string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(encoded)); string[] arr = decoded.Split(new char[] { ':' }); string username = arr[0]; string password = arr[1]; int x = 10; x = Security.Login(username, password); if (x == 0 || x == 1 || x == 2) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("admin"), null); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } }
private bool Authorize(System.Web.Http.Controllers.HttpActionContext actionContext) { try { var container = new UnityContainer(); container.RegisterType <IClienteRepository, ClienteRepository>(); var clienteService = container.Resolve <ClienteRepository>(); var httpRequestHeaderToken = actionContext.Request.Headers.GetValues("Authorization").FirstOrDefault(); var token = clienteService.CheckTokenAuthorization(httpRequestHeaderToken); if (token) { return(true); } else { return(false); } } catch (Exception ex) { return(false); } }
private bool IsApiPageRequested(HttpActionContext actionContext) { var apiAttributes = GetApiAuthorizeAttributes(actionContext.ActionDescriptor); if (apiAttributes != null && apiAttributes.Any()) return true; return false; }
public static bool SkipAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { Contract.Assert(actionContext != null); return(actionContext.ActionDescriptor.GetCustomAttributes <System.Web.Mvc.AllowAnonymousAttribute>().Any() || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <System.Web.Mvc.AllowAnonymousAttribute>().Any()); }
public override void OnActionExecuting(HttpActionContext actionContext) { var taskId = (long) actionContext.ActionArguments[ActionParameterNames.TaskId]; var taskFragment = (JObject) actionContext.ActionArguments[ActionParameterNames.TaskFragment]; _log.DebugFormat("{0} = {1}", ActionParameterNames.TaskFragment, taskFragment); if (taskFragment == null) { const string errorMessage = "Malformed or null request."; _log.Debug(errorMessage); actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.BadRequest, errorMessage); return; } try { var task = taskFragment.ToObject<Task>(); if (task.TaskId.HasValue && task.TaskId != taskId) { const string errorMessage = "Task ids do not match."; _log.Debug(errorMessage); actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.BadRequest, errorMessage); } } catch (JsonException ex) { _log.Debug(ex.Message); actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.BadRequest, ex.Message); } }
/// <summary> /// Override to Web API filter method to handle Basic Auth check /// </summary> /// <param name="actionContext"></param> public override void OnAuthorization(HttpActionContext actionContext) { if (Active) { var identity = ParseAuthorizationHeader(actionContext); if (identity == null) { Challenge(actionContext); return; } if (!OnAuthorizeUser(identity.Name, identity.Password, actionContext)) { Challenge(actionContext); return; } var principal = new GenericPrincipal(identity, null); Thread.CurrentPrincipal = principal; // inside of ASP.NET this is also required for some async scenarios //if (HttpContext.Current != null) // HttpContext.Current.User = principal; base.OnAuthorization(actionContext); } }
private ModelBindingContext GetModelBindingContext(ModelMetadataProvider metadataProvider, HttpActionContext actionContext) { string name = Descriptor.ParameterName; Type type = Descriptor.ParameterType; string prefix = Descriptor.Prefix; IValueProvider vp = CreateValueProvider(this._valueProviderFactories, actionContext); if (_metadataCache == null) { Interlocked.Exchange(ref _metadataCache, metadataProvider.GetMetadataForType(null, type)); } ModelBindingContext ctx = new ModelBindingContext() { ModelName = prefix ?? name, FallbackToEmptyPrefix = prefix == null, // only fall back if prefix not specified ModelMetadata = _metadataCache, ModelState = actionContext.ModelState, ValueProvider = vp }; if (_validationNodeCache == null) { Interlocked.Exchange(ref _validationNodeCache, ctx.ValidationNode); } else { ctx.ValidationNode = _validationNodeCache; } return ctx; }
public override void OnActionExecuting(HttpActionContext actionContext) { if (!actionContext.ModelState.IsValid) { actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.BadRequest, actionContext.ModelState); } }
AuthorizationRequest GetAuthorizationRequest(HttpActionContext actionContext) { AuthorizationRequest authorizationRequest = actionContext.GetAuthorizationRequest(); try { var absolutePath = actionContext.Request.RequestUri.AbsolutePath; var startIndex = GetNameStartIndex(absolutePath); if(startIndex > -1) { var resourceName = HttpUtility.UrlDecode(absolutePath.Substring(startIndex, absolutePath.Length - startIndex)); var resource = ResourceCatalog.Instance.GetResource(GlobalConstants.ServerWorkspaceID, resourceName); if(resource != null && resource.ResourceType == ResourceType.ReservedService) { authorizationRequest = new AuthorizationRequest { RequestType = WebServerRequestType.WebExecuteInternalService, User = actionContext.ControllerContext.RequestContext.Principal, Url = actionContext.Request.RequestUri, QueryString = new QueryString(actionContext.Request.GetQueryNameValuePairs()) }; } } } catch(Exception e) { Dev2Logger.Log.Error(e); } return authorizationRequest; }
public static bool AuthorizeUserRequest(HttpActionContext context) { var configuration = NotificationServiceContext.Current.Configuration; var repository = configuration.StorageProvider; var message = context.Request; Endpoint requestedEndpoint = null; if (message.Method != HttpMethod.Delete) { var readTask = message.Content.ReadAsAsync<Endpoint>(); readTask.Wait(); var endpoint = readTask.Result; if (endpoint != null) { requestedEndpoint = repository.Find(endpoint.ApplicationId, endpoint.TileId, endpoint.ClientId); } // Since the content is now disposed, we need to restore it so it reaches the action message.Content = new ObjectContent<Endpoint>(endpoint, context.ControllerContext.Configuration.Formatters[0]); } else { var applicationId = context.ControllerContext.RouteData.Values["applicationId"] as string; var tileId = context.ControllerContext.RouteData.Values["tileId"] as string; var clientId = context.ControllerContext.RouteData.Values["clientId"] as string; requestedEndpoint = repository.Find(applicationId, tileId, clientId); } return requestedEndpoint == null || requestedEndpoint.UserId == configuration.MapUsername(message); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { var request = actionContext.Request; if (request.RequestUri.Scheme != Uri.UriSchemeHttps) { HttpResponseMessage response; if (request.Method.Equals(HttpMethod.Get)) { response = request.CreateResponse(HttpStatusCode.Found); UriBuilder uri = new UriBuilder(request.RequestUri); uri.Scheme = Uri.UriSchemeHttps; uri.Port = 443; response.Headers.Location = uri.Uri; } else { response = request.CreateResponse(HttpStatusCode.InternalServerError); response.Content = new StringContent("This request needs to be made via HTTPS."); } actionContext.Response = response; } }
public override void OnActionExecuting(HttpActionContext actionContext) { var parameters = actionContext.ActionDescriptor.GetParameters(); foreach (var parameter in parameters) { object value = null; if (actionContext.ActionArguments.ContainsKey(parameter.ParameterName)) value = actionContext.ActionArguments[parameter.ParameterName]; if (value != null) continue; value = Activator.CreateInstance(parameter.ParameterType); actionContext.ActionArguments[parameter.ParameterName] = value; var bodyModelValidator = actionContext.ControllerContext.Configuration.Services.GetBodyModelValidator(); var metadataProvider = actionContext.ControllerContext.Configuration.Services.GetModelMetadataProvider(); bodyModelValidator.Validate(value, value.GetType(), metadataProvider, actionContext, string.Empty); } base.OnActionExecuting(actionContext); }
/// <summary> /// 驗證是反被授權 /// </summary> /// <param name="actionContext"></param> public override void OnAuthorization(HttpActionContext actionContext) { var identity = actionContext.RequestContext.Principal.Identity as ClaimsIdentity; var authorized = identity.IntersectScopes(this.Scopes?.Split(',') ?? new string[0]); if (!authorized) { var controller = (BaseApiController)actionContext.ControllerContext.Controller; var Fail = new FailOutputModel() { ApiVersion = "1.0.0", Method = string.Format("{0}.{1}", controller.ControllerContext.RouteData.Values["controller"], actionContext.Request.Method), Error = new ErrorMessage() { Domain = "API-CountyDistrictRoad", Code = 0, Message = "驗證錯誤", Description = "驗證錯誤" }, Id = controller.ResponseId }; actionContext.Response = actionContext.ControllerContext.Request.CreateResponse(HttpStatusCode.Unauthorized, Fail); } }
/// <summary> /// Check for simple binding parameters in POST data. Bind POST /// data as well as query string data /// </summary> /// <param name="metadataProvider"></param> /// <param name="actionContext"></param> /// <param name="cancellationToken"></param> /// <returns></returns> public override Task ExecuteBindingAsync(ModelMetadataProvider metadataProvider, HttpActionContext actionContext, CancellationToken cancellationToken) { string stringValue = null; NameValueCollection col = TryReadBody(actionContext.Request); if (col != null) stringValue = col[Descriptor.ParameterName]; // try reading query string if we have no POST/PUT match if (stringValue == null) { var query = actionContext.Request.GetQueryNameValuePairs(); if (query != null) { var matches = query.Where(kv => kv.Key.ToLower() == Descriptor.ParameterName.ToLower()); var keyValuePairs = matches as IList<KeyValuePair<string, string>> ?? matches.ToList(); if (keyValuePairs.Any()) stringValue = keyValuePairs.First().Value; } } object value = StringToType(stringValue); // Set the binding result here SetValue(actionContext, value); // now, we can return a completed task with no result TaskCompletionSource<AsyncVoid> tcs = new TaskCompletionSource<AsyncVoid>(); tcs.SetResult(default(AsyncVoid)); return tcs.Task; }
public override void OnActionExecuting(HttpActionContext actionContext) { try { var headers = actionContext.Request.Headers; if (headers.Authorization != null) { if (headers.Authorization.Scheme == "Token") { using (UserRepo repo = new UserRepo()) { var result = repo.Auth(headers.Authorization.Parameter); if (result == null) throw new UnauthorizedException(); actionContext.ActionArguments.Add(KEY, result.Value); } } } else throw new UnauthorizedException(); } catch (UnauthorizedException) { actionContext.Response = new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, }; } }
public virtual Task ExecuteBindingAsync(HttpActionContext actionContext, CancellationToken cancellationToken) { if (_parameterBindings.Length == 0) { return TaskHelpers.Completed(); } // First, make sure the actionBinding is valid before trying to execute it. This keeps us in a known state in case of errors. foreach (HttpParameterBinding parameterBinder in ParameterBindings) { if (!parameterBinder.IsValid) { // Throwing an exception because the webService developer's action signature is bad. // This exception will be caught and converted into a 500 by the dispatcher return TaskHelpers.FromError(new InvalidOperationException(parameterBinder.ErrorMessage)); } } if (_metadataProvider == null) { HttpConfiguration config = actionContext.ControllerContext.Configuration; _metadataProvider = config.Services.GetModelMetadataProvider(); } // Execute all the binders. IEnumerable<Task> tasks = from parameterBinder in ParameterBindings select parameterBinder.ExecuteBindingAsync(_metadataProvider, actionContext, cancellationToken); return TaskHelpers.Iterate(tasks, cancellationToken, disposeEnumerator: false); }
public Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation) { try { var result = new TokenAuthenticator().Authenticate(actionContext, _authenticator); } catch (Exception e) { TaskCompletionSource<HttpResponseMessage> tcs = new TaskCompletionSource<HttpResponseMessage>(); tcs.SetException(e); return tcs.Task; } if (actionContext.Response != null) { TaskCompletionSource<HttpResponseMessage> tcs = new TaskCompletionSource<HttpResponseMessage>(); tcs.SetResult(actionContext.Response); return tcs.Task; } else { return continuation().ContinueWith<HttpResponseMessage>((tsk) => { HttpResponseMessage response = tsk.Result; return response; }, TaskContinuationOptions.OnlyOnRanToCompletion); } }
internal static bool ValidateObject(object o, List<ValidationResultInfo> validationErrors, HttpActionContext actionContext) { // create a model validation node for the object ModelMetadataProvider metadataProvider = actionContext.GetMetadataProvider(); string modelStateKey = String.Empty; ModelValidationNode validationNode = CreateModelValidationNode(o, metadataProvider, actionContext.ModelState, modelStateKey); validationNode.ValidateAllProperties = true; // add the node to model state ModelState modelState = new ModelState(); modelState.Value = new ValueProviderResult(o, String.Empty, CultureInfo.CurrentCulture); actionContext.ModelState.Add(modelStateKey, modelState); // invoke validation validationNode.Validate(actionContext); if (!actionContext.ModelState.IsValid) { foreach (var modelStateItem in actionContext.ModelState) { foreach (ModelError modelError in modelStateItem.Value.Errors) { validationErrors.Add(new ValidationResultInfo(modelError.ErrorMessage, new string[] { modelStateItem.Key })); } } } return actionContext.ModelState.IsValid; }
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { var challengeMessage = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); challengeMessage.Headers.Add("WWW-Authenticate", "Basic"); throw new System.Web.Http.HttpResponseException(challengeMessage); }
private bool AuthorizeRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { var modulo = actionContext.Request.GetRouteData().Route.RouteTemplate; var accion = actionContext.Request.Method.Method; return(Util.IsTokenValid(modulo, accion, actionContext.Request.Headers)); }
public override void OnActionExecuting(HttpActionContext actionContext) { string token; try { token = actionContext.Request.Headers.GetValues("Authorization-Token").First(); } catch (Exception) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest) { Content = new StringContent("Missing Authorization-Token") }; return; } try { // TODO: here we use simple membership provider, // replace with your own authentication. if (!WebSecurity.UserExists(RsaCrypto.Decrypt(token))) { throw new Exception() ; } base.OnActionExecuting(actionContext); } catch (Exception) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { Content = new StringContent("Unauthorized User") }; } }
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { base.HandleUnauthorizedRequest(actionContext); if (actionContext.Request.Headers.Authorization != null) return; var headerValue = String.Format("Basic realm=\"{0}\"", realm); actionContext.Response.Headers.Add("WWW-Authenticate", headerValue); }
public Task<HttpResponseMessage> ExecuteActionFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation) { if (actionContext.Request.Headers.Contains("X-AccessToken")) { var tokenvalue = actionContext.Request.Headers.GetValues("X-AccessToken").FirstOrDefault(); if (!string.IsNullOrWhiteSpace(tokenvalue) && tokenvalue.Equals(ConfigurationManager.AppSettings["token"])) { return continuation(); } } else if (actionContext.Request.RequestUri.ParseQueryString() != null) { var queryValues = actionContext.Request.RequestUri.ParseQueryString(); var tokenvalue = queryValues["token"]; if (!string.IsNullOrWhiteSpace(tokenvalue) && tokenvalue.Equals(ConfigurationManager.AppSettings["token"])) { return continuation(); } } return Task.Factory.StartNew(() => { var retur = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("This resource cannot be used without the correct access token") }; return retur; }); }
public static RequestInfo Collect(HttpActionContext context, IEnumerable<string> exclusions) { if (context == null) return null; var info = new RequestInfo { ClientIpAddress = context.Request.GetClientIpAddress(), HttpMethod = context.Request.Method.Method }; if (context.Request.Headers.UserAgent != null) info.UserAgent = context.Request.Headers.UserAgent.ToString(); if (context.Request.RequestUri != null) { info.Host = context.Request.RequestUri.Host; info.IsSecure = context.Request.RequestUri.Scheme == "https"; info.Path = String.IsNullOrEmpty(context.Request.RequestUri.LocalPath) ? "/" : context.Request.RequestUri.LocalPath; info.Port = context.Request.RequestUri.Port; } if (context.Request.Headers.Referrer != null) info.Referrer = context.Request.Headers.Referrer.ToString(); var exclusionList = exclusions as string[] ?? exclusions.ToArray(); info.Cookies = context.Request.Headers.GetCookies().ToDictionary(exclusionList); info.QueryString = context.Request.RequestUri.ParseQueryString().ToDictionary(exclusionList); // TODO Collect form data. return info; }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnAuthorization(actionContext); if (actionContext.Request.Headers.Authorization != null) { string encoded = actionContext.Request.Headers.Authorization.Parameter; string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(encoded)); string[] splittedData = decoded.Split(new char[] { ':' }); string email = splittedData[0]; string password = splittedData[1]; if (context.Users.Any(x => x.Email == email) && context.Users.Any(x => x.Password == password)) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(email), null); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { int timeout = Properties.Settings.Default.CASSession_Timeout; var transactionInformation = new TransactionalInformation(); var httpRequest = HttpContext.Current.Request; var sessionProvider = ProviderFactory.Instance.CreateSessionServiceProvider(); var request = actionContext.Request; try { var cookieData = BOpCookieUtility.GetCookieData(HttpContext.Current.Request); var sessionValid = sessionProvider.CheckIfSessionIsValid(cookieData.SessionToken); if (!sessionValid) { throw new UnauthorizedAccessException("Session not valid!"); } } catch (Exception ex) { transactionInformation.ReturnMessage.Add(ex.Message); transactionInformation.ReturnStatus = false; transactionInformation.IsException = true; transactionInformation.IsAuthenicated = false; transactionInformation.logoutUrl = GlobalProperties.LOGIN_PAGE; actionContext.Response = request.CreateResponse <TransactionalInformation>(HttpStatusCode.Unauthorized, transactionInformation); CookieHeaderValue cookie = new CookieHeaderValue("bops", "st=0"); cookie.Expires = DateTime.Now.AddDays(-7d); cookie.Domain = actionContext.Request.RequestUri.Host; cookie.Path = "/"; actionContext.Response.Headers.AddCookies(new CookieHeaderValue[] { cookie }); } }
public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Content != null && actionContext.Request.Content.Headers.ContentType != null) { if (allowJson && actionContext.Request.Content.Headers.ContentType.MediaType == JsonMediaTypeFormatter.DefaultMediaType.MediaType) { return; } if (allowFormUrlEncoded && actionContext.Request.Content.Headers.ContentType.MediaType == FormUrlEncodedMediaTypeFormatter.DefaultMediaType.MediaType) { return; } var env = actionContext.Request.GetOwinEnvironment(); var localization = env.ResolveDependency<ILocalizationService>(); actionContext.Response = actionContext.Request.CreateResponse( HttpStatusCode.UnsupportedMediaType, new { ErrorMessage = localization.GetMessage(MessageIds.UnsupportedMediaType) } ); } }
public override void OnActionExecuting(HttpActionContext actionContext) { ReflectedHttpActionDescriptor actionDescriptor = actionContext.ActionDescriptor as ReflectedHttpActionDescriptor; if (null == actionDescriptor) { base.OnActionExecuting(actionContext); } CacheKey key = new CacheKey(actionDescriptor.MethodInfo,actionContext.ActionArguments); object[] array = HttpRuntime.Cache.Get(key.ToString()) as object[]; if (null == array) { base.OnActionExecuting(actionContext); return; } object value = array.Any() ? array[0] : null; IHttpActionResult actionResult = value as IHttpActionResult; if (null != actionResult) { actionContext.Response = actionResult.ExecuteAsync(CancellationToken.None).Result; return; } actionContext.Response = actionDescriptor.ResultConverter.Convert(actionContext.ControllerContext, value); }
////重写基类的验证方式,加入我们自定义的Ticket验证 public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //从http请求的头里面获取身份验证信息,验证是否是请求发起方的ticket var authorization = actionContext.Request.Headers.Authorization; if ((authorization != null) && (authorization.Scheme != null)) { //解密用户ticket,并校验用户名密码是否匹配 var tokenID = authorization.Scheme; if (ValidateTicket(tokenID)) { base.IsAuthorized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } //如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401 else { var attributes = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().OfType <AllowAnonymousAttribute>(); bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute); if (isAnonymous) { base.OnAuthorization(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } }
//重写基类的验证方式,加入我们自定义的Ticket验证 public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { var attributes = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().OfType <AllowAnonymousAttribute>(); var isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute); if (isAnonymous) { base.OnAuthorization(actionContext); } else { //从http请求的头里面获取身份验证信息,验证是否是请求发起方的ticket var authorization = actionContext.Request.Headers.Authorization; if (authorization?.Parameter != null) { //解密用户ticket,并校验用户名密码是否匹配 var encryptTicket = authorization.Parameter; if (ValidateTicket(encryptTicket)) { base.IsAuthorized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } else { HandleUnauthorizedRequest(actionContext); } } }
public override Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken) { var apiKey = System.Configuration.ConfigurationManager.AppSettings["apiKey"]; var auth = actionContext.Request.Headers.Authorization; if (auth == null) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); actionContext.Response.ReasonPhrase = "this service required an api key"; } else if (auth.Scheme == null) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); actionContext.Response.ReasonPhrase = "this service required an api key"; } else if (apiKey == null) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); actionContext.Response.ReasonPhrase = "this service required an api key"; } else if (auth.Scheme != apiKey) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); actionContext.Response.ReasonPhrase = "invalid api key"; } return base.OnActionExecutingAsync(actionContext, cancellationToken); }
/// <summary> /// Public default Constructor /// </summary> public override void OnActionExecuting(HttpActionContext context) { AuthModel authModel = new AuthModel(); var header = context.Request.Headers.SingleOrDefault(x => x.Key == "token"); bool valid, isAdmin, okDate; if (header.Value == null) { valid = false; } else { //tokenul apartine unui admin isAdmin = authModel.VerifyAdminToken(header.Value.First()); //tokenul este valid okDate = authModel.VerifyToken(header.Value.First()); valid = isAdmin && okDate; } if (!valid) { //Invalid Authorization Key context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden); } }
private static void ChallengeAuthRequest(HttpActionContext filterContext) { var dnsHost = filterContext.Request.RequestUri.DnsSafeHost; filterContext.Response = filterContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized); filterContext.Response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", dnsHost)); }
public override void OnActionExecuting(HttpActionContext actionContext) { var authHead = actionContext.Request.Headers.Authorization; if (authHead != null) { if (authHead.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHead.Parameter != null) { var credentials = Encoding.GetEncoding("iso-8859-1").GetString(Convert.FromBase64String(authHead.Parameter)); int separator = credentials.IndexOf(':'); string username = credentials.Substring(0, separator); string password = credentials.Substring(separator + 1); if (apiKeys.Contains(password)) { IUserScopedController controller = actionContext.ControllerContext.Controller as IUserScopedController; if (controller != null && !string.IsNullOrWhiteSpace(username)) { controller.UserId = username; } return; } } } actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); actionContext.Response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", actionContext.Request.RequestUri.Host)); }
/// <summary> /// Determines whether access for this particular request is authorized. This method uses the user <see cref="IPrincipal"/> /// returned via <see cref="Thread.CurrentPrincipal"/>. Authorization is denied if the user is not authenticated, /// the user is not in the authorized group of <see cref="Users"/> (if defined), or if the user is not in any of the authorized /// <see cref="Roles"/> (if defined). /// </summary> /// <param name="actionContext">The context.</param> /// <returns><c>true</c> if access is authorized; otherwise <c>false</c>.</returns> protected virtual bool IsAuthorized(HttpActionContext actionContext) { if (actionContext == null) { throw Error.ArgumentNull("actionContext"); } IPrincipal user = Thread.CurrentPrincipal; if (user == null || !user.Identity.IsAuthenticated) { return false; } if (_usersSplit.Length > 0 && !_usersSplit.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase)) { return false; } if (_rolesSplit.Length > 0 && !_rolesSplit.Any(user.IsInRole)) { return false; } return true; }
public virtual bool BindModel(HttpActionContext actionContext, ModelBindingContext bindingContext) { ModelBindingContext newBindingContext = CreateNewBindingContext(bindingContext, bindingContext.ModelName); bool boundSuccessfully = TryBind(actionContext, newBindingContext); if (!boundSuccessfully && !String.IsNullOrEmpty(bindingContext.ModelName) && bindingContext.FallbackToEmptyPrefix) { // fallback to empty prefix? newBindingContext = CreateNewBindingContext(bindingContext, modelName: String.Empty); boundSuccessfully = TryBind(actionContext, newBindingContext); } if (!boundSuccessfully) { return false; // something went wrong } // run validation and return the model // If we fell back to an empty prefix above and are dealing with simple types, // propagate the non-blank model name through for user clarity in validation errors. // Complex types will reveal their individual properties as model names and do not require this. if (!newBindingContext.ModelMetadata.IsComplexType && String.IsNullOrEmpty(newBindingContext.ModelName)) { newBindingContext.ValidationNode = new Validation.ModelValidationNode(newBindingContext.ModelMetadata, bindingContext.ModelName); } newBindingContext.ValidationNode.Validate(actionContext, null /* parentNode */); bindingContext.Model = newBindingContext.Model; return true; }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //判断用户是否登录 if (!HttpContext.Current.User.Identity.IsAuthenticated) { HandleUnauthorizedRequest(actionContext); } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { //AuthorizationFilterAttribute //AuthorizeAttribute // OverrideActionFiltersAttribute HttpRequestMessageHelper.Add(actionContext.Request, new FilterModel(this.GetType(), GetFilterScope(actionContext.ActionDescriptor))); }
private bool AuthorizeRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { if (RoleID.Equals(GetGroup(actionContext))) { return(true); } return(false); }
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { if (SessionManager.IsUserLoggedIn == false) { return(false); } return(true); }