public override bool OnAuthorizeUser(string userName, string password, HttpActionContext context) { //TODO: Do database lookup here and validate username and password if (userName == "rickybobby" && password == "Password1!") { BasicAuthenticationIdentity basicIdentity = Thread.CurrentPrincipal.Identity as BasicAuthenticationIdentity; if (basicIdentity != null) { //these could come from your database basicIdentity.UserId = 2; basicIdentity.FullName = "Ricky Bobby"; } return(true); } //username and password did not match return(false); }
public override void OnAuthorization(HttpActionContext actionContext) { BasicAuthenticationIdentity identity = FetchHeader(actionContext); if (identity == null) { ChallengeAuthRequest(actionContext); return; } //TODO: If you have roles ad them here? GenericPrincipal gp = new GenericPrincipal(identity, null); Thread.CurrentPrincipal = gp; //thread connects you and the server. It monitors this whole process and checking user identity. if (!OnAuthorizeUser(identity.UserName, identity.Password, actionContext)) { ChallengeAuthRequest(actionContext); return; } base.OnAuthorization(actionContext); }