/// <summary> /// This method has much of functionality of LoginService.TryUserLogin(string userName, string password, out LoginToken<T> token) /// </summary> /// <returns></returns> public static Type Evaluate(string userName, string password) { Dictionary <string, Type> iUserTypeCorrelation = new Dictionary <string, Type>(); iUserTypeCorrelation.Add(typeof(Customer).Name, typeof(Customer)); iUserTypeCorrelation.Add(typeof(Administrator).Name, typeof(Administrator)); iUserTypeCorrelation.Add(typeof(Utility_class_User).Name, typeof(Utility_class_User)); List <Utility_class_User> allTheusers = new Utility_class_UserDAOMSSQL <Utility_class_User>().GetAll(); Type type = null; foreach (var s in allTheusers) { if (userName == s.USER_NAME) { if (password == s.PASSWORD) { type = iUserTypeCorrelation[s.USER_KIND]; } else { throw new WrongPasswordException(password); } } } return(type); }
public override void OnAuthorization(HttpActionContext actionContext) { //does the request has username + password? if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password"); return; } //got username and password here in server; //how to retrive username and password: string autenticationToken = actionContext.Request.Headers.Authorization.Parameter; string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken)); string[] usernamepasswordArr = decodedAutenticationToken.Split(':'); string userName = usernamepasswordArr[0]; string password = usernamepasswordArr[1]; Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>(); List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll(); bool isUserLegal = false; Utility_class_User registeredUser = new Utility_class_User(); foreach (var s in registeredSystemUsersLst) { if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50) { if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE)) { isUserLegal = true; registeredUser.PASSWORD = password; registeredUser.USER_NAME = userName; registeredUser.USER_KIND = s.USER_KIND; break; } } } if (isUserLegal) { /* * //Also there is an option to put the information in the bag on the Request itself, not on the Principal. * //There is how to put a data on the Request's bag: */ actionContext.Request.Properties["registered_user"] = registeredUser; return; } //stop the request = will not arive to web api controller actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed"); }
public override void OnAuthorization(HttpActionContext actionContext) { //got username and password here in server; //does the request has username + password? if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password"); return; } //how to retrive username and password: string autenticationToken = actionContext.Request.Headers.Authorization.Parameter; string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken)); string[] usernamepasswordArr = decodedAutenticationToken.Split(':'); string userName = usernamepasswordArr[0]; string password = usernamepasswordArr[1]; /* * //Example of using ThreadStatic fields: */ Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>(); List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll(); bool isUserLegal = false; Utility_class_User registeredUser = new Utility_class_User(); foreach (var s in registeredSystemUsersLst) { if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50) { if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE)) { isUserLegal = true; registeredUser.PASSWORD = password; registeredUser.USER_NAME = userName; registeredUser.USER_KIND = s.USER_KIND; break; } } } //Principle //if username and pasword are legal stop the function and prevent it to return Unauthorized response if (isUserLegal) { /* * // Passing information (aka username) through current thread by putting it in the Principal of the thread. * Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null); */ /* * // Passing information (aka username) through the request by putting it in the Principal of the request. * * actionContext.Request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity(userName), null); */ /* * //Also there is an option to putte information in the bag on the Request itself, not on the Principal. * //There is how to put a data on the Request's bag: */ actionContext.Request.Properties["registered_user"] = registeredUser; _registeredUser = registeredUser; actionContext.Request.Properties["arbitrary_key"] = usernamepasswordArr; // //"actionContext.Request.Properties" is a dictionary of objects (Dictionary<string, object>), you can put inside any object with an arbitrary string key key return; } //stop the request = will not arive to web api controller actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed"); }