public override bool OnAuthorizeUser(string userName, string password, HttpActionContext context)
{
//TODO: Do database lookup here and validate username and password
if (userName == "rickybobby" && password == "Password1!")
{
BasicAuthenticationIdentity basicIdentity = Thread.CurrentPrincipal.Identity as BasicAuthenticationIdentity;
if (basicIdentity != null)
{
//these could come from your database
basicIdentity.UserId = 2;
basicIdentity.FullName = "Ricky Bobby";
}
return(true);
}
//username and password did not match
return(false);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
BasicAuthenticationIdentity identity = FetchHeader(actionContext);
if (identity == null)
{
ChallengeAuthRequest(actionContext);
return;
}
//TODO: If you have roles ad them here?
GenericPrincipal gp = new GenericPrincipal(identity, null);
Thread.CurrentPrincipal = gp; //thread connects you and the server. It monitors this whole process and checking user identity.
if (!OnAuthorizeUser(identity.UserName, identity.Password, actionContext))
{
ChallengeAuthRequest(actionContext);
return;
}
base.OnAuthorization(actionContext);
}
