public ActionResult PostLogin(User user) { if (ModelState.IsValid) { using (APIEntities1 api = new APIEntities1()) { User usr = api.Users.FirstOrDefault(u => u.username.Equals(user.username) && u.password.Equals(user.password) ); if (usr != null) { string microSeconds = DateTime.Now.ToString("HH:mm:ss.ffffff"); string token = Convert.ToBase64String(Encoding.UTF8.GetBytes(microSeconds)); usr.token = token; api.SaveChanges(); Session.Add("user", new UserDTO { UserId = usr.user_id, Username = usr.username, Token = token }); return(Redirect("~/dashboard")); } } } return(View("Login")); }
public override void OnAuthorization(HttpActionContext actionContext) { string token = GetToken(actionContext); try { if (token == null) { throw new Exception(); } string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(token)); string[] creds = decoded.Split(':'); string username = creds[0]; string userToken = creds[1]; using (APIEntities1 api = new APIEntities1()) { User user = api.Users.Where(u => u.username.Equals(username)).FirstOrDefault(); if (user == null) { throw new Exception(); } if (!user.token.Equals(userToken)) { throw new Exception(); } Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(user.username), null); } } catch (Exception e) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); } base.OnAuthorization(actionContext); }
public ActionResult Logout() { UserDTO user = (UserDTO)Session["user"]; using (APIEntities1 api = new APIEntities1()) { User u = api.Users.Find(user.UserId); u.token = null; api.SaveChanges(); } Session["user"] = null; return(Redirect("~/login")); }
// GET api/values public IEnumerable <ItemDTO> Get() { using (APIEntities1 api = new APIEntities1()) { return(api.Items.Select(i => new ItemDTO { ItemId = i.item_id, Name = i.name, Price = i.price, Stock = i.stock } ).ToList()); } }