public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "you must send user name + pwd in basic authentication"); return; } string basicAuthBase64Token = actionContext.Request.Headers.Authorization.Parameter; string decodedString = Encoding.UTF8.GetString(Convert.FromBase64String(basicAuthBase64Token)); // itay:12345 string[] authParams = decodedString.Split(':'); string username = authParams[0]; string pwd = authParams[1]; ILoginToken token = FlightCenterSystem.Login(username, pwd, out BaseFacade facade); // checked if facade/token is null // 1 examine the token //if (token is LoginToken<Administrator>) if (facade is AdminFacade) { // ok to go // check if actionContext.Request.RequestUri -- is admin ? } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "User is not admin. please try again"); } }
public void LoginAirline() { countryDAO.Add(new Country("Israel")); AirlineCompany airlineUser = airlineDAO.Add(new AirlineCompany("ELAL", "ELALUSERNAME", "ELALPASSWORD", countryDAO.GetCountryByName("Israel").ID)); FacadeBase facade; ILoginToken loginToken; centerSystem.Login("ELALUSERNAME", "ELALPASSWORD", out facade, out loginToken); Assert.IsTrue(loginToken is LoginToken <AirlineCompany>); Assert.IsTrue(facade is LoggedInAirlineFacadeMSSQL); }