private bool isAutherizedAdmin()
{
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get("UserConfig");
try
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cookie.Value);
string authenticationToken = authTicket.UserData;
using (var db = new CustomerFeedbackDbContext())
{
var query = from b in db.AdminUser
select b;
foreach (var AdminUser in query)
{
if (authenticationToken == AdminUser.userName)
{
return(true);
}
}
}
return(false);
}
catch (Exception e)
{
return(false);
}
}
private bool isAutherizedCustomer()
{
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get("CustomerConfig");
try
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cookie.Value);
string authenticationToken = authTicket.UserData;
using (var db = new CustomerFeedbackDbContext())
{
var query = from b in db.Appraisal
select b;
foreach (var app in query)
{
if (PasswordHash.ValidatePassword(authenticationToken, app.validate_key))
{
return(true);
}
}
}
return(false);
}
catch (Exception e)
{
return(false);
}
}
public string Post([FromBody] paramList list)
{
try
{
using (var db = new CustomerFeedbackDbContext())
{
return(db.Appraisal.Find(Convert.ToInt32(list.appId)).appraisal_status);
}
}
catch (Exception e)
{
return("0");
}
}
public string Post([FromBody] AdminUser user)
{
// let's not wrap the errors and hide them
//try
//{
using (var db = new CustomerFeedbackDbContext())
{
var query = from b in db.AdminUser
select b;
foreach (var AdminUser in query)
{
if (AdminUser.userName == user.userName && PasswordHash.ValidatePassword(user.password, AdminUser.password) && AdminUser.userType == user.userType)
{
FormsAuthentication.Initialize();
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1,
"UserConfig",
DateTime.Now,
DateTime.Now.AddMinutes(60),
true,
user.userName
);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// create cookie to contain encrypted auth ticket
var authCookie = new HttpCookie("UserConfig", encryptedTicket);
authCookie.Path = FormsAuthentication.FormsCookiePath;
HttpContext.Current.Response.Cookies.Remove("UserConfig");
HttpContext.Current.Response.Cookies.Add(authCookie);
return("1");
}
}
}
return("0");
//}
//catch (Exception e)
//{
// return "0";
//}
}
public string Post([FromBody] paramList list)
{
try
{
using (var db = new CustomerFeedbackDbContext())
{
var validateKey = db.Appraisal.Find(Convert.ToInt32(list.appId)).validate_key;
String hashPass = PasswordHash.CreateHash(list.validateKey);
if (PasswordHash.ValidatePassword(list.validateKey, validateKey))
{
FormsAuthentication.Initialize();
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1,
"CustomerConfig",
DateTime.Now,
DateTime.Now.AddMinutes(60),
true,
list.validateKey
);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// create cookie to contain encrypted auth ticket
var authCookie = new HttpCookie("CustomerConfig", encryptedTicket);
authCookie.Path = FormsAuthentication.FormsCookiePath;
HttpContext.Current.Response.Cookies.Remove("CustomerConfig");
HttpContext.Current.Response.Cookies.Add(authCookie);
return("1");
}
}
return("0");
}
catch (Exception e)
{
return("0");
}
}
public string Post()
{
try
{
using (var db = new CustomerFeedbackDbContext())
{
var query = from b in db.AdminUser
select b;
foreach (var AdminUser in query)
{
if (hasCookieSet(AdminUser.userName))
{
return("1");
}
}
}
return("0");
}
catch (Exception e)
{
return("0");
}
}
