private bool Authorize(HttpActionContext actionContext) { try { IEnumerable <String> AuthenticationHeaders; actionContext.Request.Headers.TryGetValues(TokenManager.TOKEN_HEADER_NAME, out AuthenticationHeaders); String token = AuthenticationHeaders.First(); String userName = TokenManager.ExtractUserNameFromToken(token); String timeStamp = TokenManager.ExtractUserTimesatmpFromToken(token); User WantedUser = RepositoriesFactory.CreateRepository <UsersRepository, User>() .Query().FirstOrDefault <User>(currUser => currUser.UserName == userName); if (WantedUser == null) { return(false); } else if (!_allowedPermissionTypes.Contains(WantedUser.Permission)) { return(false); } String hashedPassword = WantedUser.Password; return(TokenManager.IsTokenValid(token, userName, hashedPassword, TokenManager.GetAccesseingClientIp(actionContext.Request), timeStamp)); } catch (Exception e) { return(false); } }
private User GetCurrentUser() { if (_currUser == null) { IEnumerable <String> AuthenticationHeaders; Request.Headers.TryGetValues(TokenManager.TOKEN_HEADER_NAME, out AuthenticationHeaders); String token = AuthenticationHeaders.First(); String UserName = TokenManager.ExtractUserNameFromToken(token); _currUser = RepositoriesFactory.CreateRepository <UsersRepository, User>().Query().FirstOrDefault(currUser => currUser.UserName == UserName); } return(_currUser); }