public override void OnAuthorization(HttpActionContext actionContext)
{
var authHeader = actionContext.Request.Headers.Authorization;
API_PUCCOINSContext db = new API_PUCCOINSContext();
bool isValid;
if (authHeader != null)
{
var authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
var decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
var usernamePasswordArray = decodedAuthenticationToken.Split(':');
var email = usernamePasswordArray[0];
var password = CriptografiaMD5.GerarHashMd5(usernamePasswordArray[1]);
// Replace this with your own system of security / means of validating credentials
//var isValid = userName == "joao.silva" && password == "1234";
UsuarioLogin usuario = db.Usuarios.Select(b => new UsuarioLogin()
{
Id = b.Id,
Email = b.Email,
Senha = b.Senha
}).SingleOrDefault(a => a.Email == email && a.Senha == password);
if (usuario == null)
{
isValid = false;
}
else
{
isValid = true;
}
if (isValid)
{
var principal = new GenericPrincipal(new GenericIdentity(usuario.Id.ToString()), null);
Thread.CurrentPrincipal = principal;
return;
}
}
HandleUnathorized(actionContext);
}
private bool UserAuthorized(string roles, string id)
{
API_PUCCOINSContext db = new API_PUCCOINSContext();
string[] vetRoles = roles.Split(',');
int idUser = Convert.ToInt32(id);
//TODO: Modificar regra de negocio de cargo
var usuario = db.Usuarios.Include("Permissao").Where(a => a.Id == idUser).FirstOrDefault();
foreach (string role in vetRoles)
{
if (role.Equals(usuario.Permissao.Descricao))
{
return(true);
}
}
return(false);
}
