/// <summary> /// Protected overriden method for authorizing user /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <param name="actionContext"></param> /// <returns></returns> protected override bool OnAuthorizeUser(string username, string password, HttpActionContext actionContext) { //var provider = actionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(IUserServices)) as IUserServices; var provider = new UserServices(); if (provider != null) { var userId = provider.Authenticate(username, password); if (userId > 0) { var basicAuthenticationIdentity = Thread.CurrentPrincipal.Identity as BasicAuthenticationIdentity; if (basicAuthenticationIdentity != null) { basicAuthenticationIdentity.UserId = userId; //Below code to store the userInfo var getUserInformation = new UserMethods().GetUserInformationBasedOnId(userId); basicAuthenticationIdentity.AddClaims(new List<Claim> { new Claim("UserName",getUserInformation.UserName), new Claim("Email",getUserInformation.Email), new Claim("UserId",Convert.ToString(getUserInformation.UserId)), new Claim("RoleId",Convert.ToString(Convert.ToInt32(getUserInformation.Role))), }); } return true; } } return false; }
public bool RemoveUser(int userId) { try { var loggedUserInfo = new UserInformation().GetCurrentUserInformation(); var userInformation = new UserMethods().GetUserInformationBasedOnId(userId); if (Convert.ToInt32(userInformation.Role) > Convert.ToInt32(loggedUserInfo.Role)) throw new UnAuthorize(); return new UserMethods().RemoveUser(userId); } catch (UnAuthorize ex) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent(string.Format("You are not authorize.")), ReasonPhrase = "UnAuthorize" }); } catch (Exception ex) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.ServiceUnavailable) { Content = new StringContent(string.Format("Service is currently unavailable.")), ReasonPhrase = "Service Unavailable " }); } }
public bool ModifyUserInformationAdmin(UserModel userInfo) { try { var loggedUserInfo = new UserInformation().GetCurrentUserInformation(); var userInformation = new UserMethods().GetUserInformationBasedOnId(userInfo.UserId); //Checking Role Privilege if ((new Business.UserMethods().IsEmailExist(userInfo.Email) && userInformation.Email != userInfo.Email)) throw new HttpResponseException(HttpStatusCode.BadRequest); return new Business.UserMethods().ModifyUserInformationAdmin(userInfo); } catch (HttpResponseException ex) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(string.Format("Email ID already exist")), ReasonPhrase = "Bad Request" }); } catch (Exception ex) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.ServiceUnavailable) { Content = new StringContent(string.Format("Service is currently unavailable.")), ReasonPhrase = "Service Unavailable " }); } }