public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string[] emailPasswordArray = decodedAuthenticationToken.Split(':');
string email = emailPasswordArray[0];
string password = emailPasswordArray[1];
if (EmployeeSecurity.Login(email, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(email), null);
}
else
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
// authenticationToken is username:password in UTF8
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string[] uandp = decodedToken.Split(':');
string username = uandp[0];
string password = uandp[1];
if (EmployeeSecurity.Login(username, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public ActionResult SignIn(Employee employee)
{
try
{
var currentEmp = empBL.GetALL().FirstOrDefault(x => x.Email == employee.Email && x.Password == employee.Password);
var isUserValid = empSecurty.Login(employee.Email, employee.Password);
if (isUserValid)
{
ViewBag.Name = employee.Email;
//return RedirectToAction("Index", "Home", new { employee.Id});
return(RedirectToAction("Index", new RouteValueDictionary(
new { Controller = "Home", Action = "Index", Id = currentEmp.Id })));
}
else
{
TempData["Msg"] = "Login Failed ";
return(RedirectToAction("Index"));
}
}
catch (Exception E1)
{
TempData["Msg"] = "Login Failed " + E1.Message;
return(RedirectToAction("Index"));
}
}
// HttpActionContext has access to both request and response. so in basic authentication
// client send authentication in header. so we check for Authorization header of context.
// if it is null it means unauthorised request.
public override void OnAuthorization(HttpActionContext actionContext)
{
// as no authorization header present so it is considered as unauthorized.
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
// here we will get uname pass as base 64 encoded : username:pass
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
// we need to decode base 64 as it is in base64encoded. // this will return decoded string.
string DecodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
// now we have uid pass in format of colon so need to split with colon (UID:PASS)
string[] usernamepassARRAY = DecodedAuthenticationToken.Split(':');
string username = usernamepassARRAY[0];
string password = usernamepassARRAY[1];
if (EmployeeSecurity.Login(username, password))
{
// setting principle of current thread if login success.
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public IHttpActionResult Check(Employee employee)
{
string tokenValue = EmployeeSecurity.Login(employee.EmployeeUserName, employee.EmployeePassword);
if (tokenValue.Equals(" "))
{
log.Info("Employee Not Logged in Successfully");
return(NotFound());
}
else
{
log.Info("Employee Logged in Successfully");
return(Ok(tokenValue));
}
}
public bool Login(string username, string password)
{
return(EmployeeSecurity.Login(username, password));
}