protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
AuthenticationHeaderValue header = request.Headers.Authorization;
if (header != null && header.Scheme.Equals("Basic", StringComparison.OrdinalIgnoreCase))
{
Credentials credentials = GetBase64Credentials(header.Parameter);
var session = request.Properties[Application.Keys.RavenDbSessionKey] as IDocumentSession;
Person person = session.Query<Person>().FirstOrDefault(
p => p.Username.Equals(credentials.Username, StringComparison.InvariantCultureIgnoreCase));
if (person.IsThePassword(credentials.Password))
{
var identity = new PersonIdentity(person);
Thread.CurrentPrincipal = new GenericPrincipal(identity, person.Roles.ToArray());
}
}
return base.SendAsync(request, cancellationToken).ContinueWith(
t =>
{
if (t.Result.StatusCode == HttpStatusCode.Unauthorized)
{
t.Result.Headers.WwwAuthenticate.Add(
new AuthenticationHeaderValue("Basic", "realm=\"Teamworks Api\""));
}
return t.Result;
});
;
}
public override void OnActionExecuting(HttpActionContext context)
{
IIdentity identity = HttpContext.Current.User.Identity;
if (!string.IsNullOrEmpty(identity.Name) &&
identity.AuthenticationType.Equals("Forms", StringComparison.OrdinalIgnoreCase))
{
var session = context.Request.Properties[Application.Keys.RavenDbSessionKey] as IDocumentSession;
var person = session.Load<Person>(identity.Name);
if (person != null)
{
identity = new PersonIdentity(person);
Thread.CurrentPrincipal = new GenericPrincipal(identity, person.Roles.ToArray());
}
}
base.OnActionExecuting(context);
}
