using Code.Utils; using System; using System.Web; using System.Threading; using System.Threading.Tasks; using System.Web.Http.Controllers; using System.Linq; using System.Security.Principal; using System.Web.Http; namespace Code.Security { public class RESTAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(HttpActionContext actionContext) { if (Authorize(actionContext)) return; HandleUnauthorizedRequest(actionContext); } protected override void HandleUnauthorizedRequest(HttpActionContext ctx) { base.HandleUnauthorizedRequest(ctx); } private bool Authorize(HttpActionContext actionContext) { try { //var headers = actionContext.Request.Headers; //if (headers.Contains(Settings._securityToken)) //{ // Settings.Logger.Log(NLog.LogLevel.Debug, "Token found"); // string token = headers.GetValues(Settings._securityToken).First(); // Settings.Logger.Log(NLog.LogLevel.Debug, "Token value:"+token); // return RESTSecurityManager.IsTokenValid(token); //} string token = RESTAuthorizeAttribute.Token(); if (!string.IsNullOrEmpty(token)) { Settings.Logger.Log(NLog.LogLevel.Debug, "Token value:" + token); return RESTSecurityManager.IsTokenValid(token); } else { Settings.Logger.Log(NLog.LogLevel.Debug, "Token not found in header for request!"); } } catch (Exception ex ) { Settings.Logger.Log(NLog.LogLevel.Debug, "Exception!" +ex.Message); } return false; } public static string Token() { var headers = HttpContext.Current.Request.Headers; if (headers[Settings._securityToken] != null) { string token = headers.GetValues(Settings._securityToken).First(); return token; } return null; } } }