0

I am working on a web application in which we are using web-api and oAuth2.

I had stored my UserId in front-end but now for security reason I am storing my UserId in backend against the token generated from oAuth2.

So I have around 800 api's in my application all of them are POST api's and the data is passing in those api's like below

Type 1

[HttpPost]
[Authorize]
[ActionName("GetList")]
[Filters.AuthorizeLoginApi()]
public List<BusinessEntities.Admin.Users> GetList(Dictionary<string, string> Parameters)
{
    try
    {
        if (Parameters != null)
        {
            BusinessLayer.IAdmin.IUsers a = (BusinessLayer.IAdmin.IUsers)DALFinder.GetInstance(typeof(BusinessLayer.IAdmin.IUsers));
            return a.GetList(Convert.ToString(Parameters["LoginText"]), Convert.ToString(Parameters["Name"])
                , Convert.ToString(Parameters["Email"]), Convert.ToInt32(Parameters["UserTypeId"]), Convert.ToString(Parameters["IsActive"])
                , Convert.ToInt32(Parameters["UserId"])); /*(LoginText, Name, Email, UserTypeId, IsActive, UserId);*/
        }
        else
        {
            return new List<BusinessEntities.Admin.Users>();
        }
    }
    catch (Exception ex)
    {
        Utils.Logger.Instance.LogException(ex);
        return new List<BusinessEntities.Admin.Users>();
    }
}

In the above code I have a Dictionary parameter in which I am storing my userId

Type 2

[HttpPost]
[Authorize]
[ActionName("Delete")]
[Filters.AuthorizeLoginApi()]
public SPResponse Delete(BusinessEntities.Admin.Users item)
{
    SPResponse response = new SPResponse();
    try
    {
        //item.ModifiedByUserId is my UserId
        BusinessLayer.IAdmin.IUsers a = (BusinessLayer.IAdmin.IUsers)DALFinder.GetInstance(typeof(BusinessLayer.IAdmin.IUsers));
        response = a.Delete(item);
    }
    catch (Exception ex)
    {
        response.ReturnMessage = ex.Message;
    }
    return response;
}

I am doing custom validation in each and every api calls like below

public class AuthorizeLoginApi : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        //Code to Get userId from database
        //int UserId = data coming from db
        //pass the above UserId Parameter into every apis as UserId/ModifiedByUserId 
    }
}

Now I want to Pass UserId/ModifiedByUserId from OnActionExecuting filter method into my respective API's

How can I achieve this

Ibrahim shaikh
  • 235
  • 2
  • 15

0 Answers0