public class DoThisController : ApiController{ [Authorize(Application = "My

1. public class DoThisController : ApiController
2. {
3. [Authorize(Application = "MyApp", Resource = "DoThis", Operation = "read")]
4. public string GetData()
5. {
6. return "We did this.";
7. }
8. }
9.  
10. public override void OnAuthorization(HttpActionContext actionContext)
11. {
12.  
13. string username;
14. string password;
15. if (GetUserNameAndPassword(actionContext, out username, out password))
16. {
17. if (Membership.ValidateUser(username, password))
18. {
19. FormsAuthentication.SetAuthCookie(username, false);
20. base.Roles = GetResourceOperationRoles();
21. }
22. else
23. {
24. FormsAuthentication.SignOut();
25. base.Roles = "";
26. }
27. }
28. else
29. {
30. FormsAuthentication.SignOut();
31. base.Roles = "";
32. }
33. base.OnAuthorization(actionContext);
34. }
35.  
36. protected override void HandleUnauthorizedRequest(HttpActionContext filterContext)
37. {
38. if (((System.Web.HttpContext.Current.User).Identity).IsAuthenticated)
39. {
40. filterContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
41. }
42. else
43. {
44. base.HandleUnauthorizedRequest(filterContext);
45. }
46. }
47.  
48. public override void OnAuthorization(HttpActionContext actionContext)
49. {
50.  
51. string username;
52. string password;
53. if (GetUserNameAndPassword(actionContext, out username, out password))
54. {
55. if (Membership.ValidateUser(username, password))
56. {
57. if (!isUserAuthorized(username))
58. actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
59. }
60. else
61. {
62. actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
63. }
64. }
65. else
66. {
67. actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest);
68. }
69. }