// POST api/login public HttpResponseMessage Post(AuthenticationModel value) { try { /* Test if credentials are accepted. */ Authentication.AuthResponse resp = Authentication.Login(value) ; switch (resp) { case Authentication.AuthResponse.Ok: return new HttpResponseMessage(HttpStatusCode.Accepted); case Authentication.AuthResponse.AccountNotEnabled: return new HttpResponseMessage(HttpStatusCode.NotModified); case Authentication.AuthResponse.InvalidCredentials: return new HttpResponseMessage(HttpStatusCode.Unauthorized); default: return new HttpResponseMessage(HttpStatusCode.BadRequest); } } catch { return new HttpResponseMessage(HttpStatusCode.InternalServerError); } }
// POST api/register public HttpResponseMessage Post(AuthenticationModel value) { try { using (var ctx = new Entities()) { UserAccount ua = ctx.UserAccounts.Where(i => i.Email == value.Email).FirstOrDefault(); /* Check if user isn't registered yet. */ if (ua == null) { /* Create the new user and salt the password. */ ua = new UserAccount() { Email = value.Email, RegisterDate = DateTime.Now }; ua.Password = Authentication.MakePassword(ua, value.Password); ctx.UserAccounts.Add(ua); /* Save changes. */ if (ctx.SaveChanges() != 0) { Mail.SendRegisterTokenMail(ua); return new HttpResponseMessage(HttpStatusCode.Created); } else { return new HttpResponseMessage(HttpStatusCode.InternalServerError); } } return new HttpResponseMessage(HttpStatusCode.Conflict); } } catch { return new HttpResponseMessage(HttpStatusCode.InternalServerError); } }
/// <summary> /// Validates user login. /// </summary> /// <param name="model"></param> /// <returns></returns> public static AuthResponse Login(AuthenticationModel model) { using (var ctx = new Entities()) { /* Find user by email address. */ UserAccount user = ctx.UserAccounts.Where(i => i.Email == model.Email).FirstOrDefault(); /* Validate user password if it exists. */ if (user != null) { if (ValidatePassword(user, model.Password)) { if (true == user.Enabled) { /* Sets authentication ticket. */ var ticket = MakeAuthCookie(user, model.RememberMe); HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, ticket); HttpContext.Current.Response.Cookies.Set(ck); return AuthResponse.Ok; } else { return AuthResponse.AccountNotEnabled; } } } } return AuthResponse.InvalidCredentials; }