c# - WebApi serialize object from HttpActionContext -
edit: changed approach. using messagehandlers. raciel, pointed direction dig.
these links useful me: messagehandlers overview using own principal classes
i have webapi project , need provide custom authorization it. special token object added each request frontend. that:
sendapirequest: function (controller, action, data, successcallback, failurecallback) { var url = router.getapiurl(controller, action); data.token = token; jquery.ajax({ type: 'post', datatype: 'json', url: url, data: data, success: function (result) { if (typeof successcallback == 'function') { successcallback(result); } }, error: function (result) { if (typeof failurecallback == 'function') { failurecallback(result); } } });}
i have authorizationattribute , somehow need serialize token object request. cannot find automatic way that.
public class customauthorizationattribute : authorizeattribute { public override void onauthorization(httpactioncontext context) { usertoken token = null; //how serialize token object context? } }
usertoken class looks that:
public class usertoken { public int64 tokenid; public int userid; public string tokenvalue; public string ip; public string hash; public datetime createdon; public datetime actionon; }
so question is: how serialize custom object httpactioncontext?
thank you.
this have done when i'm dealing cases similar yours.
instead of creating own authorize attribute, can create messagehandler checks token , validates on every request. message handler responsible populating principal in current thread, authorize attribute can work expected allowing authorized clients access controller/action in question.
this how authorization message handler looks like:
public class authmessagehandler : delegatinghandler { protected itokenprovider tokenprovider { get; private set; } protected iprincipalprovider principalprovider { get; private set; } public authmessagehandler(itokenprovider tokenprovider, iprincipalprovider principalprovider) { tokenprovider = tokenprovider; principalprovider = principalprovider; } protected override task<httpresponsemessage> sendasync(httprequestmessage request, cancellationtoken cancellationtoken) { identity identity = null; string token = extracttoken(request); if (token != null && tokenprovider.verify(token, out identity)) { request.properties.add(constants.identitykey, identity); var principal = principalprovider.createprincipal(identity); thread.currentprincipal = principal; httpcontext.current.user = principal; } return base.sendasync(request, cancellationtoken); } private string extracttoken(httprequestmessage request) { ienumerable<string> tokenvalues = null; if (request.headers.trygetvalues(constants.tokenheaderkey, out tokenvalues)) return tokenvalues.first(); return null; } }
please note:
- both tokenprovider , principalprovider injected here. first in charge of validating token , if valid, return identity data available across request.
- the iprincipal provider creates genericprincipal assigned thread.currentprincipal , context user (httpcontext.current.user). ensures authorize attribute works later, when checks isauthenticated in current principal.
- in case, i'm passing token information in headers, prefer. (you might need authorize requests too)
- if need pass data message handler controller, use request.properties, why i'm putting identity information there request.properties.add(constants.identitykey, identity); available controller. there several ways can achieve this, dictionary pretty cheap transport type of data.
please let me know if have questions. simpler looks.
Comments
Post a Comment