Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public class DoThisController : ApiController
- {
- [Authorize(Application = "MyApp", Resource = "DoThis", Operation = "read")]
- public string GetData()
- {
- return "We did this.";
- }
- }
- public override void OnAuthorization(HttpActionContext actionContext)
- {
- string username;
- string password;
- if (GetUserNameAndPassword(actionContext, out username, out password))
- {
- if (Membership.ValidateUser(username, password))
- {
- FormsAuthentication.SetAuthCookie(username, false);
- base.Roles = GetResourceOperationRoles();
- }
- else
- {
- FormsAuthentication.SignOut();
- base.Roles = "";
- }
- }
- else
- {
- FormsAuthentication.SignOut();
- base.Roles = "";
- }
- base.OnAuthorization(actionContext);
- }
- protected override void HandleUnauthorizedRequest(HttpActionContext filterContext)
- {
- if (((System.Web.HttpContext.Current.User).Identity).IsAuthenticated)
- {
- filterContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
- }
- else
- {
- base.HandleUnauthorizedRequest(filterContext);
- }
- }
- public override void OnAuthorization(HttpActionContext actionContext)
- {
- string username;
- string password;
- if (GetUserNameAndPassword(actionContext, out username, out password))
- {
- if (Membership.ValidateUser(username, password))
- {
- if (!isUserAuthorized(username))
- actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
- }
- else
- {
- actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
- }
- }
- else
- {
- actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest);
- }
- }
Add Comment
Please, Sign In to add comment