protected override bool IsAuthorized(HttpActionContext actionContext) { if (actionContext.Request.Headers.GetValues("authenticationToken") != null) { // get value from header string authenticationToken = Convert.ToString( actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()); //authenticationTokenPersistant // it is saved in some data store // i will compare the authenticationToken sent by client with // authenticationToken persist in database against specific user, and act accordingly string userName = string.Empty; var result = ManageToken.ValidateToken(authenticationToken, out userName); if (result != true) { HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken); HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized"); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); return(false); } HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken); HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized"); return(true); } actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed); actionContext.Response.ReasonPhrase = "Please provide valid inputs"; return(false); }
public IHttpActionResult PasswordUpdate(User user) { var re = Request; var headers = re.Headers; string email = string.Empty; string token = string.Empty; if (headers.Contains("authenticationToken")) { token = headers.GetValues("authenticationToken").First(); } var result = ManageToken.ValidateToken(token, out email); if (result) { var userDetails = unitOfWork.UserRepository.Get(filter: q => q.Email == email).FirstOrDefault(); userDetails.Password = DataEntities.Common.ManagePassword.ComputeHash(user.Password, "SHA512", null); unitOfWork.UserRepository.Update(userDetails); unitOfWork.Save(); return(Ok()); } else { return(new HttpActionResult(HttpStatusCode.BadRequest, "Link has expired.")); } }
public IHttpActionResult Confirmation(string authenticationToken) { string email = string.Empty; var result = ManageToken.ValidateToken(authenticationToken, out email); if (result) { var userDetails = unitOfWork.UserRepository.Get(filter: q => q.Email == email).FirstOrDefault(); userDetails.Status = true; unitOfWork.UserRepository.Update(userDetails); unitOfWork.Save(); return(Ok(result)); } else { return(new HttpActionResult(HttpStatusCode.BadRequest, "Link has Expired.")); } }