public override void OnAuthorization(HttpActionContext actionContext)
{
//does the request has username + password?
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password");
return;
}
//got username and password here in server;
//how to retrive username and password:
string autenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken));
string[] usernamepasswordArr = decodedAutenticationToken.Split(':');
string userName = usernamepasswordArr[0];
string password = usernamepasswordArr[1];
Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>();
List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll();
bool isUserLegal = false;
Utility_class_User registeredUser = new Utility_class_User();
foreach (var s in registeredSystemUsersLst)
{
if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50)
{
if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE))
{
isUserLegal = true;
registeredUser.PASSWORD = password;
registeredUser.USER_NAME = userName;
registeredUser.USER_KIND = s.USER_KIND;
break;
}
}
}
if (isUserLegal)
{
/*
* //Also there is an option to put the information in the bag on the Request itself, not on the Principal.
* //There is how to put a data on the Request's bag:
*/
actionContext.Request.Properties["registered_user"] = registeredUser;
return;
}
//stop the request = will not arive to web api controller
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed");
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//got username and password here in server;
//does the request has username + password?
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password");
return;
}
//how to retrive username and password:
string autenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken));
string[] usernamepasswordArr = decodedAutenticationToken.Split(':');
string userName = usernamepasswordArr[0];
string password = usernamepasswordArr[1];
/*
* //Example of using ThreadStatic fields:
*/
Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>();
List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll();
bool isUserLegal = false;
Utility_class_User registeredUser = new Utility_class_User();
foreach (var s in registeredSystemUsersLst)
{
if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50)
{
if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE))
{
isUserLegal = true;
registeredUser.PASSWORD = password;
registeredUser.USER_NAME = userName;
registeredUser.USER_KIND = s.USER_KIND;
break;
}
}
}
//Principle
//if username and pasword are legal stop the function and prevent it to return Unauthorized response
if (isUserLegal)
{
/*
* // Passing information (aka username) through current thread by putting it in the Principal of the thread.
* Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
*/
/*
* // Passing information (aka username) through the request by putting it in the Principal of the request.
*
* actionContext.Request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity(userName), null);
*/
/*
* //Also there is an option to putte information in the bag on the Request itself, not on the Principal.
* //There is how to put a data on the Request's bag:
*/
actionContext.Request.Properties["registered_user"] = registeredUser;
_registeredUser = registeredUser;
actionContext.Request.Properties["arbitrary_key"] = usernamepasswordArr; //
//"actionContext.Request.Properties" is a dictionary of objects (Dictionary<string, object>), you can put inside any object with an arbitrary string key key
return;
}
//stop the request = will not arive to web api controller
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed");
}
