using Business.BusinessLogic.Auth; using Business.TokenManagement; using Common.Models.RequestResponse; using Common.Utility; using log4net; using System; using System.Collections.Generic; using System.Configuration; using System.Linq; using System.Net; using System.Net.Http; using System.Threading; using System.Threading.Tasks; using System.Web.Http; using System.Web.Http.Filters; namespace ThirdPartyAPIs.CustomFilter { public class ApplicationAuthenticationFilter : IFilter, IAuthenticationFilter { public bool AllowMultiple => true; public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { var shouldSkipAuthorization = context.ActionContext.ActionDescriptor.GetCustomAttributes(true).Any() || context.ActionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(true).Any(); if (!shouldSkipAuthorization) { HttpResponseMessage _responseMessage = new AuthenticationHelper().CheckApiAuthenticationValidation(context); if (_responseMessage != null) { context.ErrorResult = new FailureResult(_responseMessage); } } return Task.FromResult(0); } public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken) { return Task.FromResult(0); } } public class FailureResult : IHttpActionResult { public HttpResponseMessage _errorMessage { get; private set; } public FailureResult(HttpResponseMessage errorMessage) { _errorMessage = errorMessage; } public Task ExecuteAsync(CancellationToken cancellationToken) { return Task.FromResult(_errorMessage); } } public class AuthenticationHelper { private readonly ILog log = LogManager.GetLogger(typeof(ApplicationAuthenticationFilter)); private readonly ITokenManagementServices _tokenManagementServices; private TPResponse _apiResponse = new TPResponse(); private HttpResponseMessage _responseMessage; public AuthenticationHelper() { _tokenManagementServices = new TokenManagementServices(new AuthServices()); } public HttpResponseMessage CheckApiAuthenticationValidation(HttpAuthenticationContext context) { try { List validApiRequistContentType = new List() { "application/json", "application/json; charset=utf-8", "application/xml", "application/pdf", "application/soap+xml" }; var user = context.Principal.Identity.IsAuthenticated ? context.Principal.Identity.Name : "No Name"; LogicalThreadContext.Properties["client_ip_address"] = new GetClientIpAddress().GetIpAddress(context.Request); LogicalThreadContext.Properties["user_name"] = user; // Check ContainType Valid or Not var contentTypeName = (context.Request.Content.Headers.Contains("Content-Type") ? context.Request.Content.Headers.GetValues("Content-Type").FirstOrDefault() : ""); if (!validApiRequistContentType.Contains(contentTypeName)) { //_apiResponse.ErrorType = "unsupportedMediaType"; _apiResponse.Msg = "Media Type expected: 'application/json'."; _apiResponse.ResponseCode = "1"; log.Error(_apiResponse.Msg); return _responseMessage = context.Request.CreateResponse(HttpStatusCode.BadRequest, _apiResponse); } string msg = ""; if (!CheckApiAccessKey(context.Request, ref msg)) { //_apiResponse.ErrorType = "Access Key"; _apiResponse.Msg = msg.ToString(); _apiResponse.ResponseCode = "1"; log.Error(_apiResponse.Msg); return _responseMessage = context.Request.CreateResponse(HttpStatusCode.NotAcceptable, _apiResponse); } //else if (!CheckTokenValidation(context.Request, ref msg)) //{ // //_apiResponse.ErrorType = "Token No"; // _apiResponse.Msg = msg.ToString(); // _apiResponse.ErrorCode = "1"; // log.Error(_apiResponse.Msg); // return _responseMessage = context.Request.CreateResponse(HttpStatusCode.Unauthorized, _apiResponse); //} } catch (Exception ex) { _apiResponse.ResponseCode = "1"; _apiResponse.Msg = "Api Access Key Not Match"; LogicalThreadContext.Properties["exception"] = ex; log.Error(_apiResponse.Msg); _responseMessage = context.Request.CreateResponse(HttpStatusCode.InternalServerError, _apiResponse); context.ErrorResult = new FailureResult(_responseMessage); } return _responseMessage; } public bool CheckApiAccessKey(HttpRequestMessage request, ref string msg) { //IEnumerable authHeaders; IEnumerable apiAccessKeys; if (!request.Headers.Contains("apiAccessKey") || !request.Headers.TryGetValues("apiAccessKey", out apiAccessKeys) || apiAccessKeys.Count() > 1) { msg = "Api Access Key Is Required On Headers"; return false; } var apiAccessKey = apiAccessKeys.ElementAt(0); if (apiAccessKey != ConfigurationManager.AppSettings["apiAccessKey"].ToString()) { msg = "Api Access Key Not Match"; return false; } return true; } public bool LoginOnSystem(HttpRequestMessage request, ref string msg) { //bool isVl if (!request.Headers.Contains("tokenNo") && !request.Headers.Contains("username") && !request.Headers.Contains("password")) { msg = "Please Include Header With Your Valid Login Credential"; return false; } else if (request.Headers.GetValues("tokenNo").FirstOrDefault() != "1234567890") { msg = "Token No Not Match"; return false; } return true; } public bool CheckTokenValidation(HttpRequestMessage request, ref string msg) { if (!request.Headers.Contains("tokenNo")) { msg = "Token No Is Required On Headers"; return false; } string tokenNo = request.Headers.GetValues("tokenNo").FirstOrDefault(); return _tokenManagementServices.CheckTokenNo(tokenNo, ref msg); } } }