public ActionResult Admin(Bank_Admin admin) { BankEntities usersEntities = new BankEntities(); if (admin.b_admin_name == null) { ModelState.AddModelError(admin.b_admin_name, "The Username field cannot be empty"); } if (admin.b_admin_pin.ToString() == null) { ModelState.AddModelError(admin.b_admin_pin.ToString(), "The PIN field cannot be empty"); } int?userId = usersEntities.VALIDATE_ADMIN(admin.b_admin_name.ToString(), admin.b_admin_pin.ToString()).FirstOrDefault(); string message = string.Empty; switch (userId.Value) { case -1: message = "Username or password incorrect"; break; case 0: FormsAuthentication.SetAuthCookie(admin.b_admin_name, admin.RememberMe); return(RedirectToAction("Index", "Admin", admin)); } ViewBag.Message = message; return(View(admin)); }
public override void OnAuthorization(HttpActionContext actionContext) { base.OnAuthorization(actionContext); if (actionContext.Request.Headers.Authorization == null) { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.BadRequest); httpResponse.Content = new StringContent("Authorization data is missing"); httpResponse.ReasonPhrase = "No Data for Authorization"; actionContext.Response = httpResponse; } else { String encodedData = actionContext.Request.Headers.Authorization.Parameter; String decodedData = Encoding.UTF8.GetString(Convert.FromBase64String(encodedData)); String[] udata = decodedData.Split(':'); String uname = udata[0]; String upass = udata[1]; DbInternalEntities dbb = new DbInternalEntities(); Bank_Admin u1 = dbb.Bank_Admin.Where(u => u.adminName == uname && u.adminPass.Equals(upass)).FirstOrDefault(); if (u1 != null) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(u1.adminName), null); } else { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized); httpResponse.Content = new StringContent("You are not an Authorize user to perform this operation!"); httpResponse.ReasonPhrase = "Not Authorized!"; actionContext.Response = httpResponse; } } }
public override void OnAuthorization(HttpActionContext actionContext) { base.OnAuthorization(actionContext); String Accno = actionContext.Request.RequestUri.ToString().Split('=')[1]; if (actionContext.Request.Headers.Authorization == null) { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.BadRequest); httpResponse.Content = new StringContent("Authorization data is missing"); httpResponse.ReasonPhrase = "No Data for Authorization"; actionContext.Response = httpResponse; } else { String encodedData = actionContext.Request.Headers.Authorization.Parameter; String decodedData = Encoding.UTF8.GetString(Convert.FromBase64String(encodedData)); String[] u2data = decodedData.Split(':'); String u2name = u2data[0]; String u2pass = u2data[1]; DbInternalEntities db = new DbInternalEntities(); Bank_Admin u2 = db.Bank_Admin.Where(uu => uu.adminName == u2name && uu.adminPass == u2pass).FirstOrDefault(); if (u2 != null) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(u2.adminName), null); } else { if (u2name == Accno) { Account_Holder u2_2 = db.Account_Holder.Where(uu2 => uu2.acname == u2name && uu2.acpin + "" == u2pass).FirstOrDefault(); if (u2_2 != null) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(u2_2.acname), null); } } else { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized); httpResponse.Content = new StringContent("Authorization Data is invalid!!"); httpResponse.ReasonPhrase = "No Authorization!!"; actionContext.Response = httpResponse; } } } }