//private Utility_class_UserDAOMSSQL<Utility_class_User> _currentUserBaseMSSQLDAO = new Utility_class_UserDAOMSSQL<Utility_class_User>();
public bool TryUserLogin(string userName, string password, out LoginToken <T> token)
{
bool isUserExists = false;
LoginToken <T> loginToken = null;
//List<Utility_class_User> allTheusers = (_currentUserBaseMSSQLDAO as Utility_class_UserDAOMSSQL<Utility_class_User>).GetAll();
List <Utility_class_User> allTheusers = _currentUtility_Class_UserDAOMSSQL.GetAll();
Dictionary <string, Func <Utility_class_User, IPoco> > correlation = new Dictionary <string, Func <Utility_class_User, IPoco> >();
correlation.Add(typeof(Administrator).Name, (utility_user) => { return(_currentAdministratorDAOMSSQL.GetAdministratorByUserID(utility_user.ID)); });
correlation.Add(typeof(Customer).Name, (utility_user) => { return(_currentCustomerDAOMSSQL.GetCustomerByUserID(utility_user.ID)); });
correlation.Add(typeof(AirlineCompany).Name, (utility_user) => { return(_currentAirlineDAOMSSQL.GerAirlineCompanyByUserID(utility_user.ID)); });
foreach (var s in allTheusers)
{
string s_username = string.Empty;
if (s.USER_NAME.Length < 50)
{
s_username = s.USER_NAME;
}
else
{
s_username = EncryptionProvider.Decryprt(s.USER_NAME);
}
if (userName == s_username)
{
//isUserExists = true;
string s_password = string.Empty;
if (s.PASSWORD.Length < 50)
{
s_password = s.PASSWORD;
}
else
{
s_password = EncryptionProvider.Decryprt(s.PASSWORD);
}
if (password == s_password)
{
//var actualUser = correlation[s.USER_KIND](s);
isUserExists = correlation.TryGetValue(s.USER_KIND, out Func <Utility_class_User, IPoco> funcMethod);
var actualUser = funcMethod(s);
loginToken = new LoginToken <T>();
loginToken.ActualUser = actualUser as T;
loginToken.UserAsUser = s;
}
else
{
throw new WrongPasswordException(password);
}
}
}
if (!isUserExists)
{
throw new UserNotFoundException(userName);
}
token = loginToken;
return(isUserExists);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//does the request has username + password?
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password");
return;
}
//got username and password here in server;
//how to retrive username and password:
string autenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken));
string[] usernamepasswordArr = decodedAutenticationToken.Split(':');
string userName = usernamepasswordArr[0];
string password = usernamepasswordArr[1];
Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>();
List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll();
bool isUserLegal = false;
Utility_class_User registeredUser = new Utility_class_User();
foreach (var s in registeredSystemUsersLst)
{
if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50)
{
if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE))
{
isUserLegal = true;
registeredUser.PASSWORD = password;
registeredUser.USER_NAME = userName;
registeredUser.USER_KIND = s.USER_KIND;
break;
}
}
}
if (isUserLegal)
{
/*
* //Also there is an option to put the information in the bag on the Request itself, not on the Principal.
* //There is how to put a data on the Request's bag:
*/
actionContext.Request.Properties["registered_user"] = registeredUser;
return;
}
//stop the request = will not arive to web api controller
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed");
}
public Utility_class_UserRepository()
{
_registeredUsersLst = _utility_class_UserDAO.GetAll();
}
public UserValidator()
{
_registeredUsersLst = _utility_class_UserDAO.GetAll();
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//got username and password here in server;
//does the request has username + password?
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password");
return;
}
//how to retrive username and password:
string autenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken));
string[] usernamepasswordArr = decodedAutenticationToken.Split(':');
string userName = usernamepasswordArr[0];
string password = usernamepasswordArr[1];
/*
* //Example of using ThreadStatic fields:
*/
Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>();
List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll();
bool isUserLegal = false;
Utility_class_User registeredUser = new Utility_class_User();
foreach (var s in registeredSystemUsersLst)
{
if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50)
{
if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE))
{
isUserLegal = true;
registeredUser.PASSWORD = password;
registeredUser.USER_NAME = userName;
registeredUser.USER_KIND = s.USER_KIND;
break;
}
}
}
//Principle
//if username and pasword are legal stop the function and prevent it to return Unauthorized response
if (isUserLegal)
{
/*
* // Passing information (aka username) through current thread by putting it in the Principal of the thread.
* Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
*/
/*
* // Passing information (aka username) through the request by putting it in the Principal of the request.
*
* actionContext.Request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity(userName), null);
*/
/*
* //Also there is an option to putte information in the bag on the Request itself, not on the Principal.
* //There is how to put a data on the Request's bag:
*/
actionContext.Request.Properties["registered_user"] = registeredUser;
_registeredUser = registeredUser;
actionContext.Request.Properties["arbitrary_key"] = usernamepasswordArr; //
//"actionContext.Request.Properties" is a dictionary of objects (Dictionary<string, object>), you can put inside any object with an arbitrary string key key
return;
}
//stop the request = will not arive to web api controller
actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed");
}
