public IHttpActionResult Auth([FromBody] UserForAuth user)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }
            var output = new ObjectParameter("ResultID", typeof(int));

            db.spAuthUser(user.Username, user.Password, output);
            int?userID = output.Value as int?;

            if (userID != null)
            {
                if (db.Employees.Count(e => e.UserID == userID) > 0)
                {
                    return(Ok(db.spGetEmployeeWithUserByID(userID)));
                }
                else
                {
                    return(Ok(db.spGetUserByID(userID)));
                }
            }
            else
            {
                return(NotFound());
            }
        }