protected override bool IsAuthorized(HttpActionContext actionContext)
{
var headers = actionContext.Request.Headers;
if (!headers.Contains(AuthorizationConstants.UsernameKey) || !headers.Contains(AuthorizationConstants.PasswordKey))
{
// No credentials provided
return(false);
}
var username = headers.GetValues(AuthorizationConstants.UsernameKey).First();
var password = headers.GetValues(AuthorizationConstants.PasswordKey).First();
var(isAuthorized, foundUser) = LoginService.AuthorizeUser(username, password);
if (!isAuthorized)
{
return(false);
}
actionContext.Request.Properties[AuthorizationConstants.UserInformationKey] = foundUser;
return(true);
}
