I want the api calls to be made from the application (not specific to any user). In a normal MVC, I have done the following
public class ValidateReferrerAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext == null)
{
throw new System.Web.HttpException("No Http context, request not allowed.");
}
else
{
if (filterContext.HttpContext.Request.UrlReferrer == null)
{
throw new System.Web.HttpException("Referrer information missing, request not allowed.");
}
else if (filterContext.HttpContext.Request.UrlReferrer.Host != filterContext.HttpContext.Request.Url.Host)
{
throw new System.Web.HttpException(string.Format("Possible cross site request forgery attack, request sent from another site: {0}", filterContext.HttpContext.Request.UrlReferrer.Host));
}
}
}
}
I want use the same logic for api calls and I have started as below. But I am unable to implement the same if else condition as above. What should be written for api calls to have same logic as above.
public class ValidateApiReferrerAttribute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if(actionContext == null)
{
}
else
{
}
}
}
Aucun commentaire:
Enregistrer un commentaire