public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var isAuthorised = base.IsAuthorized(actionContext);
if (isAuthorised)
{
var cookie = HttpContext.Current.Request.Cookies
[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);
var identity = new GenericIdentity(ticket.Name);
string userData = ticket.UserData;
if (userData.Contains("_"))
{
string[] data = userData.Split('_');
if (data != null && data.Length > 3)
{
string Email = data[0];
string Id = data[1];
string FullName = data[2];
string Role = data[3];
var principal = new CustomUserPrincipal
(identity, new Guid(Id), Email, Role, FullName);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
}
}
}
public IHttpActionResult ChangePassword(ChangePasswordBindingModel model)
{
CustomUserPrincipal currentUser = User as CustomUserPrincipal;
var changeUserPasswordResult = _userManagement.ChangeUserPassword(currentUser.GetUserId(), model);
if (!changeUserPasswordResult.IsSuccess)
{
return(GetErrorResult(changeUserPasswordResult));
}
return(Ok("Password Updated Successfully!"));
}
private void InitializeModel()
{
CustomUserPrincipal principal = Thread.CurrentPrincipal as CustomUserPrincipal;
IsDeleted = false;
DateCreated = DateTime.UtcNow;
DateModified = DateTime.UtcNow;
if (principal != null)
{
CreatedBy = principal.PersonId;
OrganizationId = principal.OrganizationId;
ModifiedBy = principal.PersonId;
CreatedByName = principal.FullName;
ModifiedByName = principal.FullName;
}
}
public void SetCreateProperties()
{
CustomUserPrincipal principal = Thread.CurrentPrincipal as CustomUserPrincipal;
IsDeleted = false;
DateCreated = DateTime.UtcNow;
DateModified = DateTime.UtcNow;
if (principal != null)
{
CreatedBy = principal.PersonId;
OrganizationId = principal.OrganizationId;
ModifiedBy = principal.PersonId;
CreatedByName = principal.FullName;
ModifiedByName = principal.FullName;
}
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
UserData authDetails = JsonConvert.DeserializeObject <UserData>(authTicket.UserData);
CustomUserPrincipal principal = new CustomUserPrincipal(new GenericIdentity(authTicket.Name),
authDetails.Roles.ToArray(), authTicket.Name,
authDetails.WebServiceToken, authDetails.UserId);
Context.User = principal;
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var actionAttributes = actionContext.ActionDescriptor.GetCustomAttributes<AuthorizationActionAttribute>();
var roles = actionAttributes.First().Roles;
var authorizationHeader = actionContext.Request.Headers.Authorization;
if (authorizationHeader == null || string.IsNullOrEmpty(authorizationHeader.Parameter) || string.IsNullOrEmpty(authorizationHeader.Scheme))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
//may need to include authenticate header here
}
else
{
var token = authorizationHeader.Parameter;
var userAuthorizationInformation = _authorizationManagement.GetAuthorizationInformation(token);
var authResult = VerifyAuthorizationToken(userAuthorizationInformation, roles);
if (authResult.Authorized)
{
CustomUserPrincipal principal = new CustomUserPrincipal(new GenericIdentity(userAuthorizationInformation.UserName),
userAuthorizationInformation.Roles.ToArray(),userAuthorizationInformation.UserId);
actionContext.RequestContext.Principal = principal;
base.OnActionExecuting(actionContext);
}
else
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
actionContext.Response.Content = new ObjectContent<List<string>>(authResult.Errors, new JsonMediaTypeFormatter());
}
}
}
