public HttpResponseMessage AuthenicateUser([FromUri] string route) { TransactionalInformation transaction = new TransactionalInformation(); transaction.logoutUrl = GlobalProperties.LOGIN_PAGE; try { var account_role = mainDataservice.GetAccountRole(connectionString, SessionToken, out transaction); if (transaction.ReturnStatus) { if (account_role.group_id == Properties.Settings.Default.DocAppGroup) { var status = HttpStatusCode.OK; try { if (!String.IsNullOrEmpty(route)) { switch (account_role.role) { case "mm.docconect.doc.app.ac.doctor": if (route.Contains("planning")) { status = HttpStatusCode.Forbidden; } break; case "mm.docconect.doc.app.ac.practice": if (route.Contains("planning") || route.Contains("my_account") || route.Contains("receipt")) { status = HttpStatusCode.Forbidden; } break; case "mm.docconect.doc.app.op.practice": if (route.Contains("my_account") || route.Contains("receipt")) { status = HttpStatusCode.Forbidden; } transaction.IsOpRole = true; break; case "mm.docconect.doc.app.op.doctor": transaction.IsOpRole = true; break; } if (route.Contains("patient_detail")) { var id = route.Split('/').Last(); var patient_id = Guid.Empty; if (Guid.TryParse(id, out patient_id)) { var patient_details_accessible = patientDataService.PatientDetailsAccessible(patient_id, connectionString, SessionToken, out transaction); transaction.IsOpRole = account_role.role.Contains("op"); if (!patient_details_accessible) { status = HttpStatusCode.Forbidden; } } } } } catch (Exception ex) { status = HttpStatusCode.Unauthorized; transaction.ReturnMessage.Add(ex.Message); transaction.IsAuthenicated = false; } return(Request.CreateResponse(status, transaction)); } transaction.IsAuthenicated = false; transaction.logoutUrl = GlobalProperties.LOGIN_PAGE; return(Request.CreateResponse(HttpStatusCode.Unauthorized, transaction)); } transaction.logoutUrl = GlobalProperties.LOGIN_PAGE; return(Request.CreateResponse <TransactionalInformation>(HttpStatusCode.Unauthorized, transaction)); } catch { return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } }