/// <summary> /// POST api/CustomLogin HTTP request handler /// </summary> public HttpResponseMessage Post(LoginRequest Request) { // Use local database context for testing local to service //alltheairgeadmobileContext context = new alltheairgeadmobileContext(); // Setup the connection to the remote database alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); try { // Look for an account with the provided details UserProfile account = context.UserProfiles.Where(a => a.Email == Request.Email).SingleOrDefault(); if (account != null) { // Store membership data from database in a webpages_Membership webpages_Membership membership = context.Memberships.Where(a => a.UserId == account.UserId).SingleOrDefault(); // Attempt to verify the supplied password if (Crypto.VerifyHashedPassword(membership.Password, Request.Password)) { // Generate authentication token ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Request.Email)); LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult)); } } // If an account could not be found with the username, return an unautherized response return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); } catch { return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); } }
/// <summary> /// POST api/CustomRegistration /// </summary> public HttpResponseMessage Post(RegistrationRequest Request) { // Validate the email format if (!EmailValidator.Validate(Request.Email, true)) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid email format")); } // Validate the password else if (Request.Password.Length < 6) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)")); } // Use local database context for testing local to service //alltheairgeadmobileContext context = new alltheairgeadmobileContext(); // Setup the database connection to the remote server alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); // Check that the account doesn't already exist UserProfile account = context.UserProfiles.Where(a => a.Email == Request.Email).SingleOrDefault(); if (account != null) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Email already exists")); } // Otherwise create a new account else { // Build new account from provided email. UserProfile newAccount = new UserProfile { Email = Request.Email }; // Add the email to the userprofiles table context.UserProfiles.Add(newAccount); context.SaveChanges(); // Get autogenerated UserId to use. newAccount = context.UserProfiles.Where(a => a.Email == Request.Email).SingleOrDefault(); // Build a new membership item for the webpages_Membershup table webpages_Membership newMembership = new webpages_Membership { UserId = newAccount.UserId, CreateDate = DateTime.Now, IsConfirmed = true, LastPasswordFailureDate = null, PasswordFailuresSinceLastSuccess = 0, Password = Crypto.HashPassword(Request.Password), PasswordChangedDate = null, PasswordSalt = "blank", PasswordVerificationToken = null, PasswordVerificationTokenExpirationDate = null }; // Add to the table context.Memberships.Add(newMembership); context.SaveChanges(); // Return the successful response return(this.Request.CreateResponse(HttpStatusCode.Created)); } }
// Initialize the table controller to accept HTTP requests protected override void Initialize(HttpControllerContext controllerContext) { base.Initialize(controllerContext); // Setup the connection to the database alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); // set DomainManger to the new one that we created DomainManager = new SimpleMappedEntityDomainManager <CategoryDto, Catagory>( context, Request, Services, Category => Category.CategoryName); }
/// <summary> /// Initialize the table controller /// </summary> protected override void Initialize(HttpControllerContext controllerContext) { base.Initialize(controllerContext); //modify the context to use the constructor that will take a connection string - stored in web.config alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); // set DomainManger to a new one that we created DomainManager = new SimpleMappedEntityDomainManager <ExpenseDto, Expense>( context, Request, Services, Expense => Expense.ExpenseId); }
/// <summary> /// Get the email from the current user structure /// </summary> private UserProfile ValidateUser(ServiceUser CurrentUser) { try { // Extract email from user string Email = CurrentUser.Id.Substring(CurrentUser.Id.IndexOf(':') + 1); // Get the UserId from UserProfiles table alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); return(context.UserProfiles.Where(a => a.Email == Email).SingleOrDefault()); } catch { throw new HttpResponseException(System.Net.HttpStatusCode.Unauthorized); } }
/// <summary> /// GET api/EmailCheck Checks that an email doesn't already exist /// </summary> /// <param name="Email"></param> /// <returns></returns> public HttpResponseMessage Get(string Email) { alltheairgeadContext Context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); try { // Check for email and return a response based on whether it exists already or not if (Context.UserProfiles.Where(a => a.Email == Email).Any()) { return(this.Request.CreateResponse(HttpStatusCode.Found, "Email already exists")); } else { return(this.Request.CreateResponse(HttpStatusCode.OK)); } } catch { // Return an error response if something goes wrong return(this.Request.CreateBadRequestResponse()); } }