public override void OnActionExecuting(HttpActionContext filterContext) { var provider = new BusinessLogic.TokenBusinessLogic(); if (filterContext.Request.Headers.Contains(Token)) { var tokenValue = filterContext.Request.Headers.GetValues(Token).First(); // Validate Token if (provider != null) { Guid userId = provider.ValidateToken(tokenValue); filterContext.Request.Properties.Add(new KeyValuePair <string, object>("UserId", userId)); if (userId == Guid.Empty) { AddLog(filterContext); var responseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "Invalid Request" }; filterContext.Response = responseMessage; } else { string controllerName = filterContext.Request.GetRouteData().Values["controller"].ToString(); string actionName = filterContext.Request.GetRouteData().Values["action"].ToString(); //if (!provider.CheckUserPermission(userId,controllerName,actionName)) //{ // AddLog(filterContext); // var responseMessage = new HttpResponseMessage(HttpStatusCode.Forbidden) { ReasonPhrase = "Permission denied" }; // filterContext.Response = responseMessage; //} } } } else { filterContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); } base.OnActionExecuting(filterContext); }
/// <summary> /// Protected overriden method for authorizing user /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <param name="actionContext"></param> /// <returns></returns> protected override bool OnAuthorizeUser(string username, string password, HttpActionContext actionContext) { //var provider = actionContext.ControllerContext.Configuration // .DependencyResolver.GetService(typeof(IUserServices)) as IUserServices; var provider = new BusinessLogic.TokenBusinessLogic(); if (provider != null) { var userId = provider.Authenticate(username, password); if (userId != Guid.Empty) { var basicAuthenticationIdentity = Thread.CurrentPrincipal.Identity as BasicAuthenticationIdentity; if (basicAuthenticationIdentity != null) { basicAuthenticationIdentity.UserId = userId; } return(true); } } return(false); }
public AuthenticateController() : base() { _tokenBusinessLogic = new BusinessLogic.TokenBusinessLogic(); MainBusinessLogic = _tokenBusinessLogic; }
public TokenController() { _TokenBusinessLogic = new BusinessLogic.TokenBusinessLogic(); }