public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { // Gets header parameters string authenticationString = actionContext.Request.Headers.Authorization.Parameter; string originalString = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationString)); // Gets username and password string usrename = originalString.Split(':')[0]; string password = originalString.Split(':')[1]; // Validate username and password if (!ApiSecurity.VaidateUser(usrename, password)) { // returns unauthorized error actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } base.OnAuthorization(actionContext); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { var myid = filterContext.RouteData.Values["id"] as string; if (myid != null) { filterContext.ActionParameters["id"] = Convert.ToInt32(ApiSecurity.DecryptString(myid)); } base.OnActionExecuting(filterContext); }