public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { // Gets header parameters string authenticationString = actionContext.Request.Headers.Authorization.Parameter; string originalString = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationString)); // Gets username and password string usrename = SecurityEncryptDecrypt.Decrypt(originalString.Split(':')[0]); string password = SecurityEncryptDecrypt.Decrypt(originalString.Split(':')[1]); // Validate username and password if (!WebAPISecurity.APISecurity.IsValid(usrename, password)) { // returns unauthorized error actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } base.OnAuthorization(actionContext); }
/// <summary> /// This is login method and it will connect to DB and check if user is exists or not. If user exists then it will display the user detail /// </summary> /// <param name="userLogin"></param> /// <returns></returns> public MDTTransactionInfo Login(UserLogin userLogin) { MDTTransactionInfo mdt = null; UserLoginDetails loginDetails = null; List <SqlParameter> prm = new List <SqlParameter>(); SqlParameter email = new SqlParameter("@email", userLogin.UserName); prm.Add(email); SqlParameter pwd = new SqlParameter("@pwd", userLogin.Password); prm.Add(pwd); SqlParameter status = new SqlParameter("@Status", 0); status.Direction = ParameterDirection.Output; prm.Add(status); int StatusValue = 0; DataSet ds = DatabaseSettings.GetDataSet(APIHelper.getLoginDetails, out StatusValue, prm); DataTable dt; if (StatusValue == 1) { dt = ds.Tables[0]; mdt = new MDTTransactionInfo(); if (dt.Rows.Count > 0) { loginDetails = new UserLoginDetails(); loginDetails.USER_ID = Convert.ToInt32(dt.Rows[0]["USER_ID"]); loginDetails.FIRST_NAME = dt.Rows[0]["FIRST_NAME"].ToString(); loginDetails.LAST_NAME = dt.Rows[0]["LAST_NAME"].ToString(); loginDetails.EMAIL_ADDRESS = dt.Rows[0]["EMAIL_ADDRESS"].ToString(); loginDetails.FORCE_PWD_CHNG = Convert.ToBoolean(dt.Rows[0]["FORCE_PWD_CHNG"]); loginDetails.PHOTO = dt.Rows[0]["PHOTO"].ToString(); loginDetails.ROLE_NAME = dt.Rows[0]["ROLE_NAME"].ToString(); loginDetails.ROLE_ID = Convert.ToInt32(dt.Rows[0]["ROLE_ID"]); loginDetails.UserKey = SecurityEncryptDecrypt.Encrypt(dt.Rows[0]["EMAIL_ADDRESS"].ToString()); loginDetails.UserValue = SecurityEncryptDecrypt.Encrypt(dt.Rows[0]["PASSWORD"].ToString()); } mdt.status = HttpStatusCode.OK; mdt.transactionObject = loginDetails; mdt.msgCode = MessageCode.Success; mdt.message = "Login Successfully"; } else if (StatusValue == 5 || StatusValue == 6) { mdt = DatabaseSettings.GetTransObject(null, StatusValue, "", ds); //ErrorInfoFromSQL eInfo = null; //if (dt.Rows.Count > 0) //{ // eInfo = new ErrorInfoFromSQL(); // eInfo = DatabaseSettings.GetError(dt); // mdt.status = HttpStatusCode.BadRequest; // mdt.transactionObject = eInfo; // mdt.msgCode = (eInfo.Status == 1) ? MessageCode.Success : (eInfo.Status == 6) ? MessageCode.TechnicalError : MessageCode.Failed; // mdt.message = eInfo.ErrorMessage; // mdt.LineNumber = eInfo.ErrorLineNo; // mdt.ProcedureName = eInfo.Procedure; //} } return(mdt); }
/// <summary> /// This is login method and it will connect to DB and check if user is exists or not. If user exists then it will display the user detail /// </summary> /// <param name="userLogin"></param> /// <returns></returns> public MDTTransactionInfo Login(UserLogin userLogin) { MDTTransactionInfo mdt = null; try { UserLoginDetails loginDetails = null; List <SqlParameter> prm = new List <SqlParameter>(); //SqlParameter email = new SqlParameter("@email", userLogin.UserName); //prm.Add(email); //SqlParameter pwd = new SqlParameter("@pwd", userLogin.Password); //prm.Add(pwd); //SqlParameter status = new SqlParameter("@Status", 0); //status.Direction = ParameterDirection.Output; //prm.Add(status); prm = DatabaseSettings.BindParamers(APIHelper.getLoginDetailsParameters, userLogin.UserName + "~||~" + userLogin.Password); int StatusValue = 0; DataSet ds = DatabaseSettings.GetDataSet(APIHelper.getLoginDetails, out StatusValue, prm); DataTable dt; if (StatusValue == 1) { dt = ds.Tables[0]; mdt = new MDTTransactionInfo(); if (dt.Rows.Count > 0) { loginDetails = new UserLoginDetails(); loginDetails.USER_ID = Convert.ToInt32(dt.Rows[0]["USER_ID"]); loginDetails.FIRST_NAME = dt.Rows[0]["FIRST_NAME"].ToString(); loginDetails.LAST_NAME = dt.Rows[0]["LAST_NAME"].ToString(); loginDetails.EMAIL_ADDRESS = dt.Rows[0]["EMAIL_ADDRESS"].ToString(); loginDetails.FORCE_PWD_CHNG = Convert.ToBoolean(dt.Rows[0]["FORCE_PWD_CHNG"]); loginDetails.PHOTO = dt.Rows[0]["PHOTO"].ToString(); loginDetails.ROLE_NAME = dt.Rows[0]["ROLE_NAME"].ToString(); loginDetails.ROLE_ID = Convert.ToInt32(dt.Rows[0]["ROLE_ID"]); loginDetails.UserKey = SecurityEncryptDecrypt.Encrypt(dt.Rows[0]["EMAIL_ADDRESS"].ToString()); loginDetails.UserValue = SecurityEncryptDecrypt.Encrypt(dt.Rows[0]["PASSWORD"].ToString()); mdt.status = HttpStatusCode.OK; mdt.transactionObject = loginDetails; mdt.msgCode = MessageCode.Success; mdt.message = "Login Successfully"; } else { mdt.msgCode = MessageCode.Failed; mdt.status = HttpStatusCode.NoContent; mdt.message = "No record found"; } } else if (StatusValue == 5 || StatusValue == 6) { mdt = DatabaseSettings.GetTransObject(null, StatusValue, "", ds); } } catch (Exception ex) { mdt.status = HttpStatusCode.ExpectationFailed; mdt.msgCode = MessageCode.TechnicalError; mdt.message = "Technical Error in the system, please contact to administrator"; } return(mdt); }
/// <summary> /// This method will send the email notification to recipient /// </summary> /// <param name="sendMailRequest"> Pass SendMailRequest type object to process the request</param> /// <returns></returns> public bool SendNotification(SendMailRequest sendMailRequest) { MailMessage mailMessage = new MailMessage(); try { // Setting To recipient string[] emailAddress = sendMailRequest.recipient.Split(','); foreach (var email in emailAddress) { mailMessage.To.Add(email); } // Separate the cc array , if not null //if (sendMailRequest.cc != null) //{ // string[] cc_emailAddress = sendMailRequest.cc.Split(','); // foreach (var email in cc_emailAddress) // { // mailMessage.CC.Add(email); // } //} //// Include the reply to if not null //if (sendMailRequest.replyto != null) //{ // mailMessage.ReplyToList.Add(new MailAddress(sendMailRequest.replyto)); //} // Include the file attachment if the filename is not null //if (sendMailRequest.filename != null) //{ // // Declare a temp file path where we can assemble our file // string tempPath = Properties.Settings.Default["TempFile"].ToString(); // string filePath = Path.Combine(tempPath, sendMailRequest.filename); // using (System.IO.FileStream reader = System.IO.File.Create(filePath)) // { // byte[] buffer = Convert.FromBase64String(sendMailRequest.filecontent); // reader.Write(buffer, 0, buffer.Length); // reader.Dispose(); // } //msg.Attachments.Add(new Attachment(filePath)); //} string sendFromEmail = ConfigurationManager.AppSettings["SendFromEmail"].ToString(); string sendFromName = ConfigurationManager.AppSettings["SendFromName"].ToString(); string sendFromPwd = SecurityEncryptDecrypt.Decrypt(ConfigurationManager.AppSettings["SendFromPwd"].ToString()); mailMessage.From = new MailAddress(sendFromEmail, sendFromName); mailMessage.Subject = sendMailRequest.subject; mailMessage.Body = sendMailRequest.body; mailMessage.IsBodyHtml = true; SmtpClient client = new SmtpClient(ConfigurationManager.AppSettings["SMTPName"].ToString()); client.Port = 25; //client.EnableSsl = true; client.UseDefaultCredentials = false; System.Net.NetworkCredential nCred = new System.Net.NetworkCredential(sendFromEmail, sendFromPwd); client.Credentials = nCred; client.DeliveryMethod = SmtpDeliveryMethod.Network; client.Send(mailMessage); //return "Email sent successfully to " + sendMailRequest.recipient.ToString(); return(true); } catch (Exception ex) { throw new Exception("Password has been reset but unable to send an email due to some technical issue, please contact to administrator"); } finally { mailMessage.Dispose(); } }