public ActionResult Capturar(int Id) // GET
{
if (ModelState.IsValid)
{
var pokeser = new PokeUser {
IdPokemon = Id, IdUser = LoggedUser().Id, FechaCaptura = DateTime.Now
};
_context.PokeUsers.Add(pokeser);
_context.SaveChanges();
return(RedirectToAction("Index"));
}
return(View("Index"));
}
public HttpResponseMessage PostLogin(LoginCreds creds)
{
PokeUser usr = db.PokeUsers.Find(creds.Username);
if (usr == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
if (Crypto.VerifyHashedPassword(usr.PwdHash, creds.Password) == false)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
FormsAuthentication.SetAuthCookie(creds.Username.ToLower(), false);
return(Request.CreateResponse(HttpStatusCode.OK, usr));
}
public static void Initialize()
{
using (PokeEntities db = new PokeEntities())
{
var admin = db.PokeUsers.Where(u => u.Role == "admin").FirstOrDefault();
if (admin == null)
{
admin = new PokeUser()
{
Name = Resources.AdminUsername,
Id = Resources.AdminUsername,
Role = "admin",
PwdHash = Crypto.HashPassword(Resources.AdminPassword)
};
}
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
// Check if value passed in header
if (actionContext.Request.Headers.Authorization == null)
{
Trace.WriteLine("no authorization header found");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
// get header values
string authToken = actionContext.Request.Headers.Authorization.Parameter;
Trace.WriteLine("auth token: " + authToken);
// decode values
string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(authToken));
string[] credsArray = decoded.Split(':');
string username = credsArray[0];
string password = credsArray[1];
// validate user
using (PokeEntities db = new PokeEntities())
{
PokeUser usr = db.PokeUsers.Find(username);
Trace.WriteLine("User found: " + usr.Name);
bool valid = false;
if (usr != null)
{
valid = Crypto.VerifyHashedPassword(usr.PwdHash, password);
}
if (valid == false)
{
// not validated
Trace.WriteLine("User not validated");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
Trace.WriteLine("User Validated");
Thread.CurrentPrincipal = new GenericPrincipal((IIdentity) new GenericIdentity(username), new string[] { usr.Role });
}
}
}
}
public HttpResponseMessage GetMe()
{
PokeUser u = db.PokeUsers.Find(User.Identity.Name);
return(Request.CreateResponse(HttpStatusCode.OK, u));
}
