public ActionResult PostLogin(User user)
{
if (ModelState.IsValid)
{
using (APIEntities1 api = new APIEntities1())
{
User usr = api.Users.FirstOrDefault(u =>
u.username.Equals(user.username) &&
u.password.Equals(user.password)
);
if (usr != null)
{
string microSeconds = DateTime.Now.ToString("HH:mm:ss.ffffff");
string token = Convert.ToBase64String(Encoding.UTF8.GetBytes(microSeconds));
usr.token = token;
api.SaveChanges();
Session.Add("user", new UserDTO {
UserId = usr.user_id, Username = usr.username, Token = token
});
return(Redirect("~/dashboard"));
}
}
}
return(View("Login"));
}
public override void OnAuthorization(HttpActionContext actionContext)
{
string token = GetToken(actionContext);
try {
if (token == null)
{
throw new Exception();
}
string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(token));
string[] creds = decoded.Split(':');
string username = creds[0];
string userToken = creds[1];
using (APIEntities1 api = new APIEntities1())
{
User user = api.Users.Where(u => u.username.Equals(username)).FirstOrDefault();
if (user == null)
{
throw new Exception();
}
if (!user.token.Equals(userToken))
{
throw new Exception();
}
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(user.username), null);
}
}
catch (Exception e)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
base.OnAuthorization(actionContext);
}
public ActionResult Logout()
{
UserDTO user = (UserDTO)Session["user"];
using (APIEntities1 api = new APIEntities1())
{
User u = api.Users.Find(user.UserId);
u.token = null;
api.SaveChanges();
}
Session["user"] = null;
return(Redirect("~/login"));
}
// GET api/values
public IEnumerable <ItemDTO> Get()
{
using (APIEntities1 api = new APIEntities1())
{
return(api.Items.Select(i =>
new ItemDTO {
ItemId = i.item_id,
Name = i.name,
Price = i.price,
Stock = i.stock
}
).ToList());
}
}
