/// <summary> /// Public default Constructor /// </summary> public override void OnActionExecuting(HttpActionContext context) { AuthModel authModel = new AuthModel(); var header = context.Request.Headers.SingleOrDefault(x => x.Key == "token"); bool valid, isAdmin, okDate; if (header.Value == null) { valid = false; } else { //tokenul apartine unui admin isAdmin = authModel.VerifyAdminToken(header.Value.First()); //tokenul este valid okDate = authModel.VerifyToken(header.Value.First()); valid = isAdmin && okDate; } if (!valid) { //Invalid Authorization Key context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden); } }
/// <summary> /// Public default Constructor /// </summary> public override void OnActionExecuting(HttpActionContext context) { AuthModel authModel = new AuthModel(); FormModel formModel = new FormModel(); var header = context.Request.Headers.SingleOrDefault(x => x.Key == "token"); var formIdToDelete = context.Request.RequestUri.Segments[3]; bool valid=false, isAdmin=false, okDate=false, formIsFromUser=false; if (header.Value == null) { valid = false; } else { //tokenul apartine unui admin isAdmin = authModel.VerifyAdminToken(header.Value.First()); //tokenul este valid okDate = authModel.VerifyToken(header.Value.First()); valid = isAdmin && okDate; //tokenul si formul apartin aceluiasi user formIsFromUser = formModel.FormIdCreatedbyUserId(Int32.Parse(formIdToDelete), header.Value.First()); } if (!(valid || formIsFromUser)) { //Invalid Authorization Key context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden); } }
public MyMessage Get() { AuthModel authModel = new AuthModel(); var header = Request.Headers.SingleOrDefault(x => x.Key == "token"); bool isAdmin = authModel.VerifyAdminToken(header.Value.First()); RoleMessage msg; if (isAdmin) { msg = new RoleMessage("admin"); return msg; } else { msg = new RoleMessage("user"); return msg; } }
public HttpResponseMessage Post(UserDTO user) { AuthModel auth = new AuthModel(); HttpResponseMessage responseMessage; string response = auth.Authenticate(user.Username, user.Password); if (response != null) { string role = auth.GetRole(user.Username); TokenMessage msg = new TokenMessage(response,role); responseMessage = Request.CreateResponse(HttpStatusCode.OK, msg); } else { ErrorMessage msg = new ErrorMessage("Invalid username or password"); responseMessage = Request.CreateResponse(HttpStatusCode.Forbidden, msg); } return responseMessage; }