//protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e) //{ // if (FormsAuthentication.CookiesSupported == true) // { // if (Request.Cookies[FormsAuthentication.FormsCookieName] != null) // { // try // { // string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name; // string roles = string.Empty; // var _repository = new AccountRepository(); // FraudTransactions.Models.User user = _repository.Get(username); // roles = user.Roles; // e.User = new System.Security.Principal.GenericPrincipal( // new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';')); // } // catch (Exception) // { // } // } // } //} protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { if (FormsAuthentication.CookiesSupported == true) { if (Request.Cookies[FormsAuthentication.FormsCookieName] != null) { try { //let us take out the username now string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name; string roles = string.Empty; var _repository = new AccountRepository(); FraudTransactions.Models.User user = _repository.Get(username); roles = user.Roles; HttpContext.Current.User = new System.Security.Principal.GenericPrincipal( new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';')); } catch (Exception) { //somehting went wrong } } } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); } else { string authToken = actionContext.Request.Headers.Authorization.Parameter; string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); string username = decodedToken.Substring(0, decodedToken.IndexOf(":")); string password = decodedToken.Substring(decodedToken.IndexOf(":") + 1); //get user from db var _repository = new AccountRepository(); FraudTransactions.Models.User user = _repository.GetByPassword(username, password); if (user != null) { HttpContext.Current.User = new GenericPrincipal(new ApiIdentity(user), new string[] { }); base.OnActionExecuting(actionContext); } else { actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); } } }