//private Utility_class_UserDAOMSSQL<Utility_class_User> _currentUserBaseMSSQLDAO = new Utility_class_UserDAOMSSQL<Utility_class_User>(); public bool TryUserLogin(string userName, string password, out LoginToken <T> token) { bool isUserExists = false; LoginToken <T> loginToken = null; //List<Utility_class_User> allTheusers = (_currentUserBaseMSSQLDAO as Utility_class_UserDAOMSSQL<Utility_class_User>).GetAll(); List <Utility_class_User> allTheusers = _currentUtility_Class_UserDAOMSSQL.GetAll(); Dictionary <string, Func <Utility_class_User, IPoco> > correlation = new Dictionary <string, Func <Utility_class_User, IPoco> >(); correlation.Add(typeof(Administrator).Name, (utility_user) => { return(_currentAdministratorDAOMSSQL.GetAdministratorByUserID(utility_user.ID)); }); correlation.Add(typeof(Customer).Name, (utility_user) => { return(_currentCustomerDAOMSSQL.GetCustomerByUserID(utility_user.ID)); }); correlation.Add(typeof(AirlineCompany).Name, (utility_user) => { return(_currentAirlineDAOMSSQL.GerAirlineCompanyByUserID(utility_user.ID)); }); foreach (var s in allTheusers) { string s_username = string.Empty; if (s.USER_NAME.Length < 50) { s_username = s.USER_NAME; } else { s_username = EncryptionProvider.Decryprt(s.USER_NAME); } if (userName == s_username) { //isUserExists = true; string s_password = string.Empty; if (s.PASSWORD.Length < 50) { s_password = s.PASSWORD; } else { s_password = EncryptionProvider.Decryprt(s.PASSWORD); } if (password == s_password) { //var actualUser = correlation[s.USER_KIND](s); isUserExists = correlation.TryGetValue(s.USER_KIND, out Func <Utility_class_User, IPoco> funcMethod); var actualUser = funcMethod(s); loginToken = new LoginToken <T>(); loginToken.ActualUser = actualUser as T; loginToken.UserAsUser = s; } else { throw new WrongPasswordException(password); } } } if (!isUserExists) { throw new UserNotFoundException(userName); } token = loginToken; return(isUserExists); }
public override void OnAuthorization(HttpActionContext actionContext) { //does the request has username + password? if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password"); return; } //got username and password here in server; //how to retrive username and password: string autenticationToken = actionContext.Request.Headers.Authorization.Parameter; string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken)); string[] usernamepasswordArr = decodedAutenticationToken.Split(':'); string userName = usernamepasswordArr[0]; string password = usernamepasswordArr[1]; Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>(); List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll(); bool isUserLegal = false; Utility_class_User registeredUser = new Utility_class_User(); foreach (var s in registeredSystemUsersLst) { if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50) { if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE)) { isUserLegal = true; registeredUser.PASSWORD = password; registeredUser.USER_NAME = userName; registeredUser.USER_KIND = s.USER_KIND; break; } } } if (isUserLegal) { /* * //Also there is an option to put the information in the bag on the Request itself, not on the Principal. * //There is how to put a data on the Request's bag: */ actionContext.Request.Properties["registered_user"] = registeredUser; return; } //stop the request = will not arive to web api controller actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed"); }
public Utility_class_UserRepository() { _registeredUsersLst = _utility_class_UserDAO.GetAll(); }
public UserValidator() { _registeredUsersLst = _utility_class_UserDAO.GetAll(); }
public override void OnAuthorization(HttpActionContext actionContext) { //got username and password here in server; //does the request has username + password? if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you must sent username and password"); return; } //how to retrive username and password: string autenticationToken = actionContext.Request.Headers.Authorization.Parameter; string decodedAutenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken)); string[] usernamepasswordArr = decodedAutenticationToken.Split(':'); string userName = usernamepasswordArr[0]; string password = usernamepasswordArr[1]; /* * //Example of using ThreadStatic fields: */ Utility_class_UserDAOMSSQL <Utility_class_User> utility_class_UserDAO = new Utility_class_UserDAOMSSQL <Utility_class_User>(); List <Utility_class_User> registeredSystemUsersLst = utility_class_UserDAO.GetAll(); bool isUserLegal = false; Utility_class_User registeredUser = new Utility_class_User(); foreach (var s in registeredSystemUsersLst) { if (s.USER_NAME.Length > 50 && s.PASSWORD.Length > 50) { if (userName == Statics.Decrypt(s.USER_NAME, ENCRIPTION_PHRASE) && password == Statics.Decrypt(s.PASSWORD, ENCRIPTION_PHRASE)) { isUserLegal = true; registeredUser.PASSWORD = password; registeredUser.USER_NAME = userName; registeredUser.USER_KIND = s.USER_KIND; break; } } } //Principle //if username and pasword are legal stop the function and prevent it to return Unauthorized response if (isUserLegal) { /* * // Passing information (aka username) through current thread by putting it in the Principal of the thread. * Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null); */ /* * // Passing information (aka username) through the request by putting it in the Principal of the request. * * actionContext.Request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity(userName), null); */ /* * //Also there is an option to putte information in the bag on the Request itself, not on the Principal. * //There is how to put a data on the Request's bag: */ actionContext.Request.Properties["registered_user"] = registeredUser; _registeredUser = registeredUser; actionContext.Request.Properties["arbitrary_key"] = usernamepasswordArr; // //"actionContext.Request.Properties" is a dictionary of objects (Dictionary<string, object>), you can put inside any object with an arbitrary string key key return; } //stop the request = will not arive to web api controller actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized, "you are not allowed"); }