//protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
//{
// if (FormsAuthentication.CookiesSupported == true)
// {
// if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
// {
// try
// {
// string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
// string roles = string.Empty;
// var _repository = new AccountRepository();
// FraudTransactions.Models.User user = _repository.Get(username);
// roles = user.Roles;
// e.User = new System.Security.Principal.GenericPrincipal(
// new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
// }
// catch (Exception)
// {
// }
// }
// }
//}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
if (FormsAuthentication.CookiesSupported == true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
try
{
//let us take out the username now
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string roles = string.Empty;
var _repository = new AccountRepository();
FraudTransactions.Models.User user = _repository.Get(username);
roles = user.Roles;
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
}
catch (Exception)
{
//somehting went wrong
}
}
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
else
{
string authToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken));
string username = decodedToken.Substring(0, decodedToken.IndexOf(":"));
string password = decodedToken.Substring(decodedToken.IndexOf(":") + 1);
//get user from db
var _repository = new AccountRepository();
FraudTransactions.Models.User user = _repository.GetByPassword(username, password);
if (user != null)
{
HttpContext.Current.User = new GenericPrincipal(new ApiIdentity(user), new string[] { });
base.OnActionExecuting(actionContext);
}
else
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
}
}
