public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string authenticationToken = actionContext.Request.Headers.Authorization.Parameter; string decodedAutenticationToken = Encoding.UTF8.GetString( Convert.FromBase64String(authenticationToken)); string[] usernamePasswordArray = decodedAutenticationToken.Split(':'); string username = usernamePasswordArray[0]; string password = usernamePasswordArray[1]; if (EmployeeSecurity.Login(username, password)) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } }
public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request .CreateResponse(HttpStatusCode.Unauthorized); } else { string authToken = actionContext.Request.Headers.Authorization .Parameter; string decryptToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); string[] userpwdArray = decryptToken.Split(':'); string uname = userpwdArray[0]; string paswd = userpwdArray[1]; if (EmployeeSecurity.Login(uname, paswd)) { // Creating generic principle and identity and setting that as the current principal Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(uname), null); } else { actionContext.Response = actionContext.Request .CreateResponse(HttpStatusCode.Unauthorized); } } }
public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string token = actionContext.Request.Headers.Authorization.Parameter; string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(token)); string[] tokenAray = decodedToken.Split(':'); if (tokenAray.Length == 2) { string userName = tokenAray[0]; string userPWD = tokenAray[1]; if (EmployeeSecurity.ValidateCredentials(userName, userPWD)) { string[] roles = new string[] { "admin" }; Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userName), roles); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } }
// her overrider vi en method som er i AuthorizationFilterAttribute base klassen. public override void OnAuthorization(HttpActionContext actionContext) { // The HTTP Authorization request header contains the credentials to authenticate a user agent with a server // Hvis følgende == null så har brugeren ikke sendt de rigtige credentials. // Og så vil vi sende en unauthorized HTTP Response message. if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { // authenticationToken kommer til at være base 64 encoded string authenticationToken = actionContext.Request.Headers.Authorization.Parameter; // Her decoder vi the authenticationToken // Får at få fat i den decodede string skal vi benytte Encoding klassen og gøre følgende. string decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken)); // Selve vores authenticationToken ser sådan her ud: username:password, når den er decoded // Så vi skal splitte den ved kolon // Følgende komemer til at retunere et string array der kommer til at indeholde [0]brugernavnet og [1]passwordet. string[] usernamePasswordArray = decodedAuthenticationToken.Split(':'); string username = usernamePasswordArray[0]; string password = usernamePasswordArray[1]; // Følgende er true hvis vi har et brugernavn og password som svare til det som brugeren har indtastet. if (EmployeeSecurity.Login(username, password)) { // Thread.CurrentPrincipal is the way .NET applications represent the identity of the user or service account running the process. // https://stackoverflow.com/questions/34954577/what-is-thread-currentprincipal-and-what-does-it-do // Setting CurrentPrincipal to the current Thread is valuable in situations where the principal must be validated several times and or it must be validated by other code running in your application // GenericIdentity skaber en ny identitet ved navn 'username' Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null); // Sætter roles tíl null } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } }