Example #1
0
        public ActionResult Capturar(int Id)     // GET
        {
            if (ModelState.IsValid)
            {
                var pokeser = new PokeUser {
                    IdPokemon = Id, IdUser = LoggedUser().Id, FechaCaptura = DateTime.Now
                };
                _context.PokeUsers.Add(pokeser);
                _context.SaveChanges();

                return(RedirectToAction("Index"));
            }
            return(View("Index"));
        }
        public HttpResponseMessage PostLogin(LoginCreds creds)
        {
            PokeUser usr = db.PokeUsers.Find(creds.Username);

            if (usr == null)
            {
                return(Request.CreateResponse(HttpStatusCode.Unauthorized));
            }
            if (Crypto.VerifyHashedPassword(usr.PwdHash, creds.Password) == false)
            {
                return(Request.CreateResponse(HttpStatusCode.Unauthorized));
            }
            FormsAuthentication.SetAuthCookie(creds.Username.ToLower(), false);
            return(Request.CreateResponse(HttpStatusCode.OK, usr));
        }
 public static void Initialize()
 {
     using (PokeEntities db = new PokeEntities())
     {
         var admin = db.PokeUsers.Where(u => u.Role == "admin").FirstOrDefault();
         if (admin == null)
         {
             admin = new PokeUser()
             {
                 Name    = Resources.AdminUsername,
                 Id      = Resources.AdminUsername,
                 Role    = "admin",
                 PwdHash = Crypto.HashPassword(Resources.AdminPassword)
             };
         }
     }
 }
Example #4
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            // Check if value passed in header
            if (actionContext.Request.Headers.Authorization == null)
            {
                Trace.WriteLine("no authorization header found");
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
            else
            {
                // get header values
                string authToken = actionContext.Request.Headers.Authorization.Parameter;
                Trace.WriteLine("auth token: " + authToken);
                // decode values
                string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(authToken));

                string[] credsArray = decoded.Split(':');
                string   username   = credsArray[0];
                string   password   = credsArray[1];

                // validate user
                using (PokeEntities db = new PokeEntities())
                {
                    PokeUser usr = db.PokeUsers.Find(username);
                    Trace.WriteLine("User found: " + usr.Name);
                    bool valid = false;
                    if (usr != null)
                    {
                        valid = Crypto.VerifyHashedPassword(usr.PwdHash, password);
                    }
                    if (valid == false)
                    {
                        // not validated
                        Trace.WriteLine("User not validated");
                        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                    }
                    else
                    {
                        Trace.WriteLine("User Validated");
                        Thread.CurrentPrincipal = new GenericPrincipal((IIdentity) new GenericIdentity(username), new string[] { usr.Role });
                    }
                }
            }
        }
Example #5
0
        public HttpResponseMessage GetMe()
        {
            PokeUser u = db.PokeUsers.Find(User.Identity.Name);

            return(Request.CreateResponse(HttpStatusCode.OK, u));
        }