Thursday 27 July 2017

Custom filter in Web API

Based on device id check request from valid device or not

Authorize Custom filter:

 public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (SkipAuthorization(actionContext))
            {
                return;
            }
            if (!IsUserAuthorized(actionContext))
            {
                actionContext.Response = new System.Net.Http.HttpResponseMessage()
                {
                    StatusCode = System.Net.HttpStatusCode.Unauthorized
                };
            }
            //base.OnAuthorization(actionContext);
        }
        private static bool SkipAuthorization(HttpActionContext actionContext)
        {
            Contract.Assert(actionContext != null);

            return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any()
                   || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();
        }
        public bool IsUserAuthorized(HttpActionContext context)
        {
            using (Entities db = new Entities())
            {
                IEnumerable<string> deviceId;
                context.Request.Headers.TryGetValues("deviceId", out deviceId);
                if (deviceId == null)
                {
                    return false;
                }
                bool result = db.Users.Any(r => r.DeviceId == deviceId.FirstOrDefault() && r.Email == HttpContext.Current.User.Identity.Name);
                return result;
            }
        }
    }
------------------------------------------------------------------------------------------------------------------------
In ontroller
[CustomAuthorize]
    [RoutePrefix("api/document")]
    public class DocumentController : ApiController
    {
    }


Validate MIME Filter:

public class ValidateMimeFilter : ActionFilterAttribute
    {
        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            if (!actionContext.Request.Content.IsMimeMultipartContent())
            {
                throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
            }
        }

    }
---------------------------------------------------------------------------------------------------------------------
In your controller
 [ValidateMimeFilter]
 [HttpPost]
        [Route("upload")]
        [SwaggerResponse(HttpStatusCode.OK, Type = typeof(ApiResponseModel))]
        [SwaggerResponse(HttpStatusCode.BadRequest, Type = typeof(ModelState))]
        [SwaggerResponse(HttpStatusCode.InternalServerError, Type = typeof(Exception))]

        public async Task<IHttpActionResult> UploadDocuments()
        {
         }

No comments:

Post a Comment