public override void OnAuthorization(HttpActionContext actionContext) { var authHeader = actionContext.Request.Headers.Authorization; API_PUCCOINSContext db = new API_PUCCOINSContext(); bool isValid; if (authHeader != null) { var authenticationToken = actionContext.Request.Headers.Authorization.Parameter; var decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken)); var usernamePasswordArray = decodedAuthenticationToken.Split(':'); var email = usernamePasswordArray[0]; var password = CriptografiaMD5.GerarHashMd5(usernamePasswordArray[1]); // Replace this with your own system of security / means of validating credentials //var isValid = userName == "joao.silva" && password == "1234"; UsuarioLogin usuario = db.Usuarios.Select(b => new UsuarioLogin() { Id = b.Id, Email = b.Email, Senha = b.Senha }).SingleOrDefault(a => a.Email == email && a.Senha == password); if (usuario == null) { isValid = false; } else { isValid = true; } if (isValid) { var principal = new GenericPrincipal(new GenericIdentity(usuario.Id.ToString()), null); Thread.CurrentPrincipal = principal; return; } } HandleUnathorized(actionContext); }
private bool UserAuthorized(string roles, string id) { API_PUCCOINSContext db = new API_PUCCOINSContext(); string[] vetRoles = roles.Split(','); int idUser = Convert.ToInt32(id); //TODO: Modificar regra de negocio de cargo var usuario = db.Usuarios.Include("Permissao").Where(a => a.Id == idUser).FirstOrDefault(); foreach (string role in vetRoles) { if (role.Equals(usuario.Permissao.Descricao)) { return(true); } } return(false); }