public async Task Invoke(HttpContext context)
        {
            string authHeader = context.Request.Headers["Authorization"];

            if (authHeader != null && authHeader.StartsWith("Basic"))
            {
                //Extract credentials
                string   encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
                Encoding encoding         = Encoding.GetEncoding("iso-8859-1");
                string   usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));

                int seperatorIndex = usernamePassword.IndexOf(':');

                var username = usernamePassword.Substring(0, seperatorIndex);
                var password = usernamePassword.Substring(seperatorIndex + 1);

                if (UserValidate.Login(username, password))
                {
                    await _next.Invoke(context);
                }
                else
                {
                    context.Response.StatusCode = 401; //Unauthorized
                    return;
                }
            }
            else
            {
                // no authorization header
                context.Response.StatusCode = 401; //Unauthorized
                return;
            }
        }
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response =
                    actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);

                if (actionContext.Response.StatusCode == HttpStatusCode.Unauthorized)
                {
                    actionContext.Response.Headers.Add("WWW-Authrnticate", string.Format("Basic realm=\"{0}\"", Realm));
                }
            }
            else
            {
                string authenticationToken = actionContext.Request.Headers
                                             .Authorization.Parameter;

                string decodeAuthenticationToken =
                    Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));

                string[] usernamePasswordArray = decodeAuthenticationToken.Split(':');

                string username = usernamePasswordArray[0];

                string password = usernamePasswordArray[1];

                if (UserValidate.Login(username, password))
                {
                    var identity = new GenericIdentity(username);

                    IPrincipal principal = new GenericPrincipal(identity, null);

                    Thread.CurrentPrincipal = principal;

                    if (HttpContext.Current != null)
                    {
                        HttpContext.Current.User = principal;
                    }
                }
                else
                {
                    actionContext.Response = actionContext.Request.
                                             CreateResponse(HttpStatusCode.Unauthorized);
                }
            }
        }
Example #3
0
        public UserToken UserLogin(User userLogin)
        {
            var userFound = UserValidate.Login(userLogin.UserName, userLogin.Password);

            if (userFound) //Si el usuario ya se encuentra registrado en la base de datos se le daran sus credenciales (Token)
            {
                var userInDB = UserValidate.GetUserDetails(userLogin.UserName, userLogin.Password);

                string encodeString = $"{userLogin.UserName}:{userLogin.Password}";

                UserToken userToken = new UserToken()
                {
                    UserName = userInDB.UserName,
                    Role     = userInDB.Roles,
                    Token    = Convert.ToBase64String(Encoding.UTF8.GetBytes(encodeString))
                };

                return(userToken);
            }
            else
            {
                return(null);
            }
        }