| public ValidateUser ( string userName, string password ) : bool | ||
| userName | string | |
| password | string | |
| return | bool | |
public override void OnAuthorization(AuthorizationContext filterContext)
{
bool basicValidated = false;
var req = filterContext.HttpContext.Request;
var auth = req.Headers["Authorization"];
if (!string.IsNullOrEmpty(auth))
{
var cred = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(auth.Substring(6))).Split(':');
var userName = cred[0];
var pass = cred[1];
var membership = new AccountMembershipService();
basicValidated = membership.ValidateUser(userName, pass);
if (!basicValidated)
{
base.OnAuthorization(filterContext);
}
else
{
var roles = System.Web.Security.Roles.GetRolesForUser(userName);
IPrincipal principal = new GenericPrincipal(
new GenericIdentity(userName), roles);
Thread.CurrentPrincipal = principal;
System.Web.HttpContext.Current.User = principal;
}
}
else
{
base.OnAuthorization(filterContext);
}
}
public ActionResult Index(int dinnerCount = 100)
{
const string name = "Nerd";
var membershipService = new AccountMembershipService();
if(membershipService.ValidateUser(name, "password") == false) {
membershipService.CreateUser(name, "password", "*****@*****.**");
}
var repo = new DinnerRepository();
foreach(var d in repo.All) {
repo.Delete(d.DinnerID);
}
for (var i = 0; i < dinnerCount; i++) {
var dinner = new Dinner {Title = "Nerd-Out",
Description = "Nerding out with the nerds",
EventDate = DateTime.Now.Add(new TimeSpan(30, 0, 0, 0)),
ContactPhone = "403-999-9999",
Address = "Calgary, AB",
Country = "Canada",
HostedById = name,
HostedBy = name};
var rsvp = new RSVP {AttendeeNameId = name, AttendeeName = name};
dinner.RSVPs = new List<RSVP> {rsvp};
repo.InsertOrUpdate(dinner);
}
try {
repo.Save();
}
catch(DbEntityValidationException e) {
var error = e.EntityValidationErrors.First().ValidationErrors.First();
return new ContentResult {Content = string.Format("{0}: {1}", error.PropertyName, error.ErrorMessage)};
}
return new ContentResult{Content = "Success"};
}
/// <summary>
/// This method has been implemented so as we can refactor the entire application to use the Infostructure.SimpleList.Web.Service.Api class, which takes a userName and password parameter for every call.
/// This method returns the User object for an authenticated user, whether they have come in through the service or the web front-end.
/// There is still a bit of a "smell" about this method and some of the authetication architecture, in particular that I'm passing around unencrypted passwords, but it's tollerable for the time being.
/// Since the API service is accessed directly, there should be no need to use this method where the user is not ASP.NET authenticated.
/// </summary>
/// <param name="controller"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns>A Infostructure.SimpleList.DataModel.Models.User instance if authetication is successful.</returns>
public static User GetUserCredentials(this Controller controller)
{
// Get the username and password off the quesry string, if they're there.
string userName = controller.Request.QueryString["userName"];
string password = controller.Request.QueryString["password"];
if (userName != null && password != null) // This is where we would go if we've come in via the service.
{
IMembershipService membershipService = new AccountMembershipService();
if (membershipService.ValidateUser(userName, password))
{
return(_userRepository.GetUser(userName));
}
else
{
return(null);
}
}
else if (controller.User.Identity.IsAuthenticated) // This is where we go if we've come in via the web front-end, since the request will not be ASP.NET authenticated by the service.
{
return(_userRepository.GetUser(userName));
}
else // User has not been successfully authenticated.
{
return(null);
}
}
/// <summary>
/// This method has been implemented so as we can refactor the entire application to use the Infostructure.SimpleList.Web.Service.Api class, which takes a userName and password parameter for every call.
/// This method returns the User object for an authenticated user, whether they have come in through the service or the web front-end.
/// There is still a bit of a "smell" about this method and some of the authetication architecture, in particular that I'm passing around unencrypted passwords, but it's tollerable for the time being.
/// Since the API service is accessed directly, there should be no need to use this method where the user is not ASP.NET authenticated.
/// </summary>
/// <param name="controller"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns>A Infostructure.SimpleList.DataModel.Models.User instance if authetication is successful.</returns>
private User GetUserCredentials()
{
_userRepository = new UserRepository();
// Get the username and password off the query string, if they're there.
string userName = HttpContext.Current.Request.QueryString["userName"];
string password = HttpContext.Current.Request.QueryString["password"];
// This is where we would go if we've come in via the service.
if (userName != null && password != null)
{
IMembershipService membershipService = new AccountMembershipService();
if (membershipService.ValidateUser(userName, password))
{
return(_userRepository.GetUser(userName));
}
else
{
return(null);
}
}
// This is where we go if we've come in via the web front-end, since the request will not be ASP.NET authenticated by the service.
else if (HttpContext.Current.User.Identity.IsAuthenticated)
{
return(_userRepository.GetUser(HttpContext.Current.User.Identity.Name));
}
// User has not been successfully authenticated.
else
{
return(null);
}
}
public static void AddDefaultAccount()
{
var svc = new AccountMembershipService();
if (svc.ValidateUser("zys", "112233445566") == false)
{
svc.CreateUser("zys", "112233445566", "*****@*****.**");
}
}
public static bool IsUserAuthenticated(this Controller controller, string userName, string password)
{
if (userName != null && password != null)
{
IMembershipService membershipService = new AccountMembershipService();
return(membershipService.ValidateUser(userName, password));
}
else
{
return(false);
}
}