public override void OnAuthorization(HttpActionContext actionContext)
{
VerifyArgument.IsNotNull("actionContext", actionContext);
var user = actionContext.ControllerContext.RequestContext.Principal;
if (user == null && (actionContext.ActionDescriptor.ActionName == "ExecutePublicWorkflow" || actionContext.ActionDescriptor.ActionName == "ExecuteGetRootLevelApisJson"))
{
user = GlobalConstants.GenericPrincipal;
actionContext.ControllerContext.RequestContext.Principal = user;
}
if(!user.IsAuthenticated())
{
actionContext.Response = actionContext.ControllerContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Authorization has been denied for this request.");
return;
}
var authorizationRequest = GetAuthorizationRequest(actionContext);
if(!Service.IsAuthorized(authorizationRequest))
{
actionContext.Response = actionContext.ControllerContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Access has been denied for this request.");
}
}