protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
{
// get value from header
string authenticationToken = Convert.ToString(
actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault());
//authenticationTokenPersistant
// it is saved in some data store
// i will compare the authenticationToken sent by client with
// authenticationToken persist in database against specific user, and act accordingly
string userName = string.Empty;
var result = ManageToken.ValidateToken(authenticationToken, out userName);
if (result != true)
{
HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return(false);
}
HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
return(true);
}
actionContext.Response =
actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
actionContext.Response.ReasonPhrase = "Please provide valid inputs";
return(false);
}
public IHttpActionResult PasswordUpdate(User user)
{
var re = Request;
var headers = re.Headers;
string email = string.Empty;
string token = string.Empty;
if (headers.Contains("authenticationToken"))
{
token = headers.GetValues("authenticationToken").First();
}
var result = ManageToken.ValidateToken(token, out email);
if (result)
{
var userDetails = unitOfWork.UserRepository.Get(filter: q => q.Email == email).FirstOrDefault();
userDetails.Password = DataEntities.Common.ManagePassword.ComputeHash(user.Password, "SHA512", null);
unitOfWork.UserRepository.Update(userDetails);
unitOfWork.Save();
return(Ok());
}
else
{
return(new HttpActionResult(HttpStatusCode.BadRequest, "Link has expired."));
}
}
public IHttpActionResult Confirmation(string authenticationToken)
{
string email = string.Empty;
var result = ManageToken.ValidateToken(authenticationToken, out email);
if (result)
{
var userDetails = unitOfWork.UserRepository.Get(filter: q => q.Email == email).FirstOrDefault();
userDetails.Status = true;
unitOfWork.UserRepository.Update(userDetails);
unitOfWork.Save();
return(Ok(result));
}
else
{
return(new HttpActionResult(HttpStatusCode.BadRequest, "Link has Expired."));
}
}