public UserDto LogIn([System.Web.Http.FromBody] LoginDto loginDto)
        {
            var user    = _authenticationDomain.LogInUser(loginDto.UserEmail, loginDto.Password);
            var userDto = _mapper.Map <Entity.User, UserDto>(user);

            return(userDto);
        }
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (actionContext.ControllerContext.Controller.GetType() == typeof(SecurityController))
            {
                return;
            }

            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response = actionContext.Request
                                         .CreateResponse(HttpStatusCode.Unauthorized);
                // If the request was unauthorized, add the WWW-Authenticate header
                // to the response which indicates that it require basic authentication
                if (actionContext.Response.StatusCode == HttpStatusCode.Unauthorized)
                {
                    actionContext.Response.Headers.Add("WWW-Authenticate",
                                                       string.Format("Basic realm=\"{0}\"", Realm));
                }
                return;
            }

            SetAuthenticationDomain();

            var    usernamePasswordArray = GetAuthenticationHeader(actionContext);
            string username = string.Empty, password = string.Empty;

            if (usernamePasswordArray.Length == 2)
            {
                username = usernamePasswordArray[0];
                password = usernamePasswordArray[1];
            }

            var user = _authenticationDomain.LogInUser(username, password);

            if (user != null)
            {
                var identity = new GenericIdentity(username);
                identity.AddClaims(GetUserClaims(user, user.Roles));

                IPrincipal principal = new GenericPrincipal(identity, null);

                if (!IsRolePermissionOk(user.Roles))
                {
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
                    return;
                }

                Thread.CurrentPrincipal = principal;
                if (HttpContext.Current != null)
                {
                    HttpContext.Current.User = principal;
                }
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
        }