RequestService
Members
Namespace: ASPSecurityKit.NetFramework.WebApi
Assembly: ASPSecurityKit.NetFramework.WebApi.dll
Summary
Implements the INetRequestService for ASP.NET Web API.
Constructors
#ctor(actionContext,settings,securityUtility,errorResource,xssValidator)
Summary
Initializes a new instance of the RequestService class.
Parameters
| Name | Type | Description |
|---|---|---|
| actionContext | System.Web.Http.Controllers.HttpActionContext | The action context. |
| settings | ASPSecurityKit.ISecuritySettings | The security settings. |
| securityUtility | ASPSecurityKit.ISecurityUtility | The security utility. |
| errorResource | ASPSecurityKit.IErrorMessageResourceProvider | The error resource. |
| xssValidator | ASPSecurityKit.Xss.IXssValidator | The XSS validator. |
Properties
Verb
Summary
Gets the http verb of the request.
Value
The http verb of the request.
Operation
Summary
Gets the name of the operation (action/endpoint) invoked.
Value
The name of the operation (action/endpoint) invoked.
IsSecureConnection
Summary
Gets a value indicate whether the connection is secure.
Value
true if the connection is secure; otherwise, false.
AbsoluteUri
Summary
Gets the Absolute URL for the request (including scheme, host, pathInfo etc.).
Value
The Absolute URL for the request (including scheme, host, pathInfo etc.).
RawUrl
Summary
Gets the relative URL sent in the request (such as /pathInfo?queryString).
Value
The relative URL sent in the request.
Headers
Summary
Gets the headers sent in the request.
Value
The headers sent in the request.
QueryString
Summary
Gets the queryString sent in the request as key/value pairs.
Value
The queryString sent in the request as key/value pairs.
Cookies
Summary
Gets the cookies sent in the request.
Value
The cookies sent in the request.
UserAgent
Summary
Gets the caller agent information from the request.
Value
The caller agent information from the request.
ControllerName
Summary
Gets the name of the controller that contains the requested action.
Value
The name of the controller that contains the requested action.
ActionName
Summary
Gets the method name of the requested action.
Value
The method name of the requested action.
Methods
GetAttribute<T>()
Summary
Gets an attribute instance of the specified type from the requested action if defined; otherwise, null.
Returns
An attribute instance of the specified type from the requested action if defined; otherwise, null.
Parameters
This method has no parameters.
Generic Types
| Name | Description |
|---|---|
| T | Type of the attribute. |
GetParameterValue(key)
Summary
Gets a value by the specified parameter name from the requested action.
Returns
A value by the specified parameter name from the requested action.
Parameters
| Name | Type | Description |
|---|---|---|
| key | System.String | Name of the parameter. |
GetCallerIp()
Summary
Gets the Remote IP of the caller.
Returns
The Remote IP of the caller.
Parameters
This method has no parameters.
Remarks
The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.
GetRawBody()
Summary
Sync method not supported because Content doesn’t support the same.
Returns
The body (raw) from the request.
Parameters
This method has no parameters.
Exceptions
| Type | Description |
|---|---|
| System.NotSupportedException | Use GetRawBodyAsync instead. |
GetRawBodyAsync()
Summary
Gets the body (raw) from the request.
Returns
The body (raw) from the request.
Parameters
This method has no parameters.
GetRawBodyAsync(cancellationToken)
Summary
Gets the body (raw) from the request.
Returns
The body (raw) from the request.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
IsMarkedWith(feature,verb)
Summary
Determines whether the requested operation is marked with the specified feature.
Returns
true if the requested operation is marked with the specified feature; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| feature | ASPSecurityKit.RequestFeature | The feature to check. |
| verb | System.String | The http verb (method). Null indicates to use the verb associated with the current request. |
GetDisabledReason(verb)
Summary
Gets the reason of why action is disabled.
Returns
The reason of why action is disabled.
Parameters
| Name | Type | Description |
|---|---|---|
| verb | System.String | The http verb (method). Null indicates to use the verb associated with the current request. |
GetEntityCode()
Summary
Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.
Returns
The entity code for the requested operation.
Parameters
This method has no parameters.
Remarks
If AuthEntityAttribute is specified with a non-empty value, its Code is returned; otherwise, ControllerName is returned.
GetPermissionCode()
Summary
Gets the permissionCode for the requested operation.
Returns
The permissionCode for the requested operation.
Parameters
This method has no parameters.
WriteToResponse(failureReason,failureDescription,errors)
Summary
Writes the security check failure details to the response. See remarks for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| failureReason | ASPSecurityKit.OpResult | The failure reason. |
| failureDescription | System.String | The failure description. |
| errors | System.Collections.Generic.List{ASPSecurityKit.AuthError} | The detailed/additional error information to aid in troubleshooting. |
Remarks
Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.
WriteToResponse(content,statusCode,contentType)
Summary
Writes the specified content to the response along with its type and HTTP status code.
Parameters
| Name | Type | Description |
|---|---|---|
| content | System.String | The text to be written to the response. |
| statusCode | System.Int32 | The HTTP status code. Default is 200. |
| contentType | System.String | The content type. Default is ‘text/plain’. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When either content or contentType is null/empty/whitespace. |
WriteToResponse(model,statusCode)
Summary
Writes the specified model to the response serialized as JSON along with the specified HTTP status code.
Parameters
| Name | Type | Description |
|---|---|---|
| model | System.Object | The model object to be serialized as JSON and writtent to the response. |
| statusCode | System.Int32 | The HTTP status code. Default is 200. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When model is null. |
GetActionMethodInfo()
Summary
Gets the metadata for the requested action.
Returns
The metadata for the requested action.
Parameters
This method has no parameters.
GetActionParameters()
Summary
Gets the parameters for the requested action.
Returns
The action method parameters as key-value pairs.
Parameters
This method has no parameters.
Redirect(url)
Summary
Redirects to the specified URL.
Parameters
| Name | Type | Description |
|---|---|---|
| url | System.String | The URL. |
AddCookie(cookie)
Summary
Adds the specified cookie to the response. If the cookie already exists, it’ll be overridden.
Parameters
| Name | Type | Description |
|---|---|---|
| cookie | System.Net.Cookie | The cookie. |
ExpireCookie(name)
Summary
Sets an expired cookie in the response by the specified name if it exists in the request.
Returns
true if a cookie by the specified name was found in the request and set as expired in the response; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| name | System.String | The cookie name. |
IsApiRequest()
Summary
Determines whether the request is a HTTP API request or not.
Returns
true if the request is HTTP API request; otherwise, false.
Parameters
This method has no parameters.
GetContainer()
Summary
Gets the DI container for the current request.
Returns
The DI container for the current request.
Parameters
This method has no parameters.
ValidateForXss()
Summary
Performs XS validation on the input data related to this request instance.
Parameters
This method has no parameters.
Exceptions
| Type | Description |
|---|---|
| ASPSecurityKit.Xss.XssDetectedException | When XSS characters are found. |
Remarks
The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.
GetPermissionCode(actionDescriptor)
Summary
Gets the permission code for the specified action.
Returns
The permission code.
Parameters
| Name | Type | Description |
|---|---|---|
| actionDescriptor | System.Web.Http.Controllers.HttpActionDescriptor | The action descriptor. |
GetParameterValueAsync(key)
Summary
Gets a value by the specified parameter name from the requested action.
Returns
A value by the specified parameter name from the requested action.
Parameters
| Name | Type | Description |
|---|---|---|
| key | System.String | Name of the parameter. |
GetParameterValueAsync(key,cancellationToken)
Summary
Gets a value by the specified parameter name from the requested action.
Returns
A value by the specified parameter name from the requested action.
Parameters
| Name | Type | Description |
|---|---|---|
| key | System.String | Name of the parameter. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
GetCallerIpAsync()
Summary
Gets the Remote IP of the caller.
Returns
The Remote IP of the caller.
Parameters
This method has no parameters.
Remarks
The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.
GetCallerIpAsync(cancellationToken)
Summary
Gets the Remote IP of the caller.
Returns
The Remote IP of the caller.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.
IsMarkedWithAsync(feature,verb)
Summary
Determines whether the requested operation is marked with the specified feature.
Returns
true if the requested operation is marked with the specified feature; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| feature | ASPSecurityKit.RequestFeature | The feature to check. |
| verb | System.String | The http verb (method). Null indicates to use the verb associated with the current request. |
IsMarkedWithAsync(feature,cancellationToken,verb)
Summary
Determines whether the requested operation is marked with the specified feature.
Returns
true if the requested operation is marked with the specified feature; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| feature | ASPSecurityKit.RequestFeature | The feature to check. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| verb | System.String | The http verb (method). Null indicates to use the verb associated with the current request. |
GetDisabledReasonAsync(verb)
Summary
Gets the reason of why action is disabled.
Returns
The reason of why action is disabled.
Parameters
| Name | Type | Description |
|---|---|---|
| verb | System.String | The http verb (method). Null indicates to use the verb associated with the current request. |
GetDisabledReasonAsync(verb,cancellationToken)
Summary
Gets the reason of why action is disabled.
Returns
The reason of why action is disabled.
Parameters
| Name | Type | Description |
|---|---|---|
| verb | System.Threading.CancellationToken | The http verb (method). Null indicates to use the verb associated with the current request. |
| cancellationToken | System.String | The cancellation token. |
GetEntityCodeAsync()
Summary
Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.
Returns
The entity code for the requested operation.
Parameters
This method has no parameters.
Remarks
If AuthEntityAttribute is specified with a non-empty value, its Code is returned; otherwise, ControllerName is returned.
GetEntityCodeAsync(cancellationToken)
Summary
Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.
Returns
The entity code for the requested operation.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
If AuthEntityAttribute is specified with a non-empty value, its Code is returned; otherwise, ControllerName is returned.
GetPermissionCodeAsync()
Summary
Gets the permissionCode for the requested operation.
Returns
The permissionCode for the requested operation.
Parameters
This method has no parameters.
GetPermissionCodeAsync(cancellationToken)
Summary
Gets the permissionCode for the requested operation.
Returns
The permissionCode for the requested operation.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
WriteToResponseAsync(failureReason,failureDescription,errors)
Summary
Writes the security check failure details to the response. See remarks for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| failureReason | ASPSecurityKit.OpResult | The failure reason. |
| failureDescription | System.String | The failure description. |
| errors | System.Collections.Generic.List{ASPSecurityKit.AuthError} | The detailed/additional error information to aid in troubleshooting. |
Remarks
Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.
WriteToResponseAsync(failureReason,failureDescription,cancellationToken,errors)
Summary
Writes the security check failure details to the response. See remarks for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| failureReason | ASPSecurityKit.OpResult | The failure reason. |
| failureDescription | System.String | The failure description. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| errors | System.Collections.Generic.List{ASPSecurityKit.AuthError} | The detailed/additional error information to aid in troubleshooting. |
Remarks
Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.
WriteToResponseAsync(content,statusCode,contentType)
Summary
Writes the specified content to the response along with its type and HTTP status code.
Parameters
| Name | Type | Description |
|---|---|---|
| content | System.String | The text to be written to the response. |
| statusCode | System.Int32 | The HTTP status code. Default is 200. |
| contentType | System.String | The content type. Default is ‘text/plain’. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When either content or contentType is null/empty/whitespace. |
WriteToResponseAsync(content,cancellationToken,statusCode,contentType)
Summary
Writes the specified content to the response along with its type and HTTP status code.
Parameters
| Name | Type | Description |
|---|---|---|
| content | System.String | The text to be written to the response. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| statusCode | System.Int32 | The HTTP status code. Default is 200. |
| contentType | System.String | The content type. Default is ‘text/plain’. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When either content or contentType is null/empty/whitespace. |
WriteToResponseAsync(model,statusCode)
Summary
Writes the specified model to the response serialized as JSON along with the specified HTTP status code.
Parameters
| Name | Type | Description |
|---|---|---|
| model | System.Object | The model object to be serialized as JSON and writtent to the response. |
| statusCode | System.Int32 | The HTTP status code. Default is 200. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When model is null. |
WriteToResponseAsync(model,cancellationToken,statusCode)
Summary
Writes the specified model to the response serialized as JSON along with the specified HTTP status code.
Parameters
| Name | Type | Description |
|---|---|---|
| model | System.Object | The model object to be serialized as JSON and writtent to the response. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| statusCode | System.Int32 | The HTTP status code. Default is 200. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When model is null. |
GetActionMethodInfoAsync()
Summary
Gets the metadata for the requested action.
Returns
The metadata for the requested action.
Parameters
This method has no parameters.
GetActionMethodInfoAsync(cancellationToken)
Summary
Gets the metadata for the requested action.
Returns
The metadata for the requested action.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
GetActionParametersAsync()
Summary
Gets the parameters for the requested action.
Returns
The action method parameters as key-value pairs.
Parameters
This method has no parameters.
GetActionParametersAsync(cancellationToken)
Summary
Gets the parameters for the requested action.
Returns
The action method parameters as key-value pairs.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
ValidateForXssAsync()
Summary
Performs XS validation on the input data related to this request instance.
Parameters
This method has no parameters.
Exceptions
| Type | Description |
|---|---|
| ASPSecurityKit.Xss.XssDetectedException | When XSS characters are found. |
Remarks
The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.
ValidateForXssAsync(cancellationToken)
Summary
Performs XS validation on the input data related to this request instance.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| ASPSecurityKit.Xss.XssDetectedException | When XSS characters are found. |
Remarks
The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.
GetPermissionCodeAsync(actionDescriptor)
Summary
Gets the permission code for the specified action.
Returns
The permission code.
Parameters
| Name | Type | Description |
|---|---|---|
| actionDescriptor | System.Web.Http.Controllers.HttpActionDescriptor | The action descriptor. |
GetPermissionCodeAsync(actionDescriptor,cancellationToken)
Summary
Gets the permission code for the specified action.
Returns
The permission code.
Parameters
| Name | Type | Description |
|---|---|---|
| actionDescriptor | System.Web.Http.Controllers.HttpActionDescriptor | The action descriptor. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |