Based on device id check request from valid device or not
Authorize Custom filter:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (SkipAuthorization(actionContext))
{
return;
}
if (!IsUserAuthorized(actionContext))
{
actionContext.Response = new System.Net.Http.HttpResponseMessage()
{
StatusCode = System.Net.HttpStatusCode.Unauthorized
};
}
//base.OnAuthorization(actionContext);
}
private static bool SkipAuthorization(HttpActionContext actionContext)
{
Contract.Assert(actionContext != null);
return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any()
|| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();
}
public bool IsUserAuthorized(HttpActionContext context)
{
using (Entities db = new Entities())
{
IEnumerable<string> deviceId;
context.Request.Headers.TryGetValues("deviceId", out deviceId);
if (deviceId == null)
{
return false;
}
bool result = db.Users.Any(r => r.DeviceId == deviceId.FirstOrDefault() && r.Email == HttpContext.Current.User.Identity.Name);
return result;
}
}
}
------------------------------------------------------------------------------------------------------------------------
In ontroller
[CustomAuthorize]
[RoutePrefix("api/document")]
public class DocumentController : ApiController
{
}
Validate MIME Filter:
public class ValidateMimeFilter : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (!actionContext.Request.Content.IsMimeMultipartContent())
{
throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
}
}
}
---------------------------------------------------------------------------------------------------------------------
In your controller
[ValidateMimeFilter]
[HttpPost]
[Route("upload")]
[SwaggerResponse(HttpStatusCode.OK, Type = typeof(ApiResponseModel))]
[SwaggerResponse(HttpStatusCode.BadRequest, Type = typeof(ModelState))]
[SwaggerResponse(HttpStatusCode.InternalServerError, Type = typeof(Exception))]
public async Task<IHttpActionResult> UploadDocuments()
{
}
Authorize Custom filter:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (SkipAuthorization(actionContext))
{
return;
}
if (!IsUserAuthorized(actionContext))
{
actionContext.Response = new System.Net.Http.HttpResponseMessage()
{
StatusCode = System.Net.HttpStatusCode.Unauthorized
};
}
//base.OnAuthorization(actionContext);
}
private static bool SkipAuthorization(HttpActionContext actionContext)
{
Contract.Assert(actionContext != null);
return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any()
|| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();
}
public bool IsUserAuthorized(HttpActionContext context)
{
using (Entities db = new Entities())
{
IEnumerable<string> deviceId;
context.Request.Headers.TryGetValues("deviceId", out deviceId);
if (deviceId == null)
{
return false;
}
bool result = db.Users.Any(r => r.DeviceId == deviceId.FirstOrDefault() && r.Email == HttpContext.Current.User.Identity.Name);
return result;
}
}
}
------------------------------------------------------------------------------------------------------------------------
In ontroller
[CustomAuthorize]
[RoutePrefix("api/document")]
public class DocumentController : ApiController
{
}
Validate MIME Filter:
public class ValidateMimeFilter : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (!actionContext.Request.Content.IsMimeMultipartContent())
{
throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
}
}
}
---------------------------------------------------------------------------------------------------------------------
In your controller
[ValidateMimeFilter]
[HttpPost]
[Route("upload")]
[SwaggerResponse(HttpStatusCode.OK, Type = typeof(ApiResponseModel))]
[SwaggerResponse(HttpStatusCode.BadRequest, Type = typeof(ModelState))]
[SwaggerResponse(HttpStatusCode.InternalServerError, Type = typeof(Exception))]
public async Task<IHttpActionResult> UploadDocuments()
{
}
No comments:
Post a Comment