// POST /api/login
/// <summary>
/// Authentication end point to provide client application credentials
/// </summary>
/// <param name="credentials"></param>
/// <returns>HTTP Status 200 if credentials accepted or HTTP Status 401 if unathorized</returns>
public HttpResponseMessage Post(Credentials credentials)
{
HttpResponseMessage message;
//TODO: please use a real and secure authentication scheme!!
if (credentials.Password == "Bad")
{
message = new HttpResponseMessage(HttpStatusCode.Unauthorized);
message.Content = new StringContent("Credentials were bad, bad, bad!");
}
else
{
credentials.Password = "******";
message = new HttpResponseMessage(HttpStatusCode.OK);
message.Content = new ObjectContent<Credentials>(
credentials,
GlobalConfiguration.Configuration.Formatters.JsonFormatter);
//For demo purposes only: don't this at home!!!
var authCookie = Cookies.CreateAuthCookie();
const string setCookie = "{0}={1}; expires={2:ddd, dd MMM yyyy} {3:HH:mm:ss} GMT; path=/";
message.Headers.Add("Set-Cookie", string.Format(
setCookie,
authCookie.Name,
authCookie.Value,
DateTime.Now,
DateTime.UtcNow.AddMinutes(10)));
}
return message;
}
public ActionResult SignedIn(Credentials credentials)
{
//TODO: please use a real and secure authentication scheme!!
credentials.Password = null;
var authCookie = Cookies.CreateAuthCookie();
HttpContext.Response.AppendCookie(authCookie);
return View(credentials);
}