public override void OnActionExecuting(HttpActionContext actionContext)
        {
            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized);
            }
            else
            {
                string authToken = actionContext.Request.Headers.Authorization.Parameter;
                //string decodedToken =
                string DeviceId = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); ; //will contain the decrypted authToken

                summonersRepository dataLayer = new summonersRepository();
                Summoner summoner = dataLayer.ValidateUser(DeviceId);

                if (summoner == null) //not authorized
                {
                    actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized);
                }
                else
                {
                    HttpContext.Current.User = new GenericPrincipal(new ServiceUser(summoner), new string[] { });

                    base.OnActionExecuting(actionContext);
                }
            }
        }
        public void Login()
        {
            // Ensure there's a return URL
            if (Request.QueryString["ReturnUrl"] == null)
                Response.Redirect(FormsAuthentication.LoginUrl + "?ReturnUrl=" + Server.UrlEncode(FormsAuthentication.DefaultUrl));

            if (TempData.ContainsKey("allowLogin"))
            {
                // See if they've supplied credentials
                string authHeader = Request.Headers["Authorization"];

                if ((authHeader != null) && (authHeader.StartsWith("Basic")))
                {
                    // Parse username and password out of the HTTP headers
                    authHeader = authHeader.Substring("Basic".Length).Trim();
                    byte[] authHeaderBytes = Convert.FromBase64String(authHeader);
                    authHeader = Encoding.UTF7.GetString(authHeaderBytes);
                    string userName = authHeader.Split(':')[0];
                    string password = authHeader.Split(':')[1];

                    // Validate login attempt
                    summonersRepository layer = new summonersRepository();
                    if (layer.ValidateAdmin(userName, password))
                    {
                        FormsAuthentication.RedirectFromLoginPage(userName, false);
                        return;
                    }
                }
            }

            // Force the browser to pop up the login prompt
            Response.StatusCode = 401;
            Response.AppendHeader("WWW-Authenticate", "Basic");
            TempData["allowLogin"] = true;

            // This gets shown if they click "Cancel" to the login prompt
            Response.Write("You must log in to access this URL.");
        }
 public UserController()
 {
     this.accountRep = new summonersRepository();
     this.logRep = new logsRepository();
     this.errorRep = new errorsRepository();
 }