public UserDto LogIn([System.Web.Http.FromBody] LoginDto loginDto)
{
var user = _authenticationDomain.LogInUser(loginDto.UserEmail, loginDto.Password);
var userDto = _mapper.Map <Entity.User, UserDto>(user);
return(userDto);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.ControllerContext.Controller.GetType() == typeof(SecurityController))
{
return;
}
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
// If the request was unauthorized, add the WWW-Authenticate header
// to the response which indicates that it require basic authentication
if (actionContext.Response.StatusCode == HttpStatusCode.Unauthorized)
{
actionContext.Response.Headers.Add("WWW-Authenticate",
string.Format("Basic realm=\"{0}\"", Realm));
}
return;
}
SetAuthenticationDomain();
var usernamePasswordArray = GetAuthenticationHeader(actionContext);
string username = string.Empty, password = string.Empty;
if (usernamePasswordArray.Length == 2)
{
username = usernamePasswordArray[0];
password = usernamePasswordArray[1];
}
var user = _authenticationDomain.LogInUser(username, password);
if (user != null)
{
var identity = new GenericIdentity(username);
identity.AddClaims(GetUserClaims(user, user.Roles));
IPrincipal principal = new GenericPrincipal(identity, null);
if (!IsRolePermissionOk(user.Roles))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
return;
}
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
