public static ReturnValuesBool ValidateToken(string token, int userid, int businessid)
{
ReturnValuesBool rvb = new ReturnValuesBool();
rvb.StatusFlag = false;
using (SqlConnection conn = connect.getConnection())
{
using (SqlCommand cmd = new SqlCommand("ValidateToken", conn))//call Stored Procedure
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@token", token);
cmd.Parameters.AddWithValue("@businessId", businessid);
cmd.Parameters.AddWithValue("@userId", userid);
cmd.Parameters.Add("@returnvalue", System.Data.SqlDbType.Int);
cmd.Parameters["@returnvalue"].Direction = ParameterDirection.Output;
try
{
cmd.ExecuteNonQuery();
rvb.StatusCode = Convert.ToInt32(cmd.Parameters["@returnvalue"].Value);
if (rvb.StatusCode == 1)
{
rvb.StatusFlag = true;
}
else
{
if (rvb.StatusCode == 2)
{
rvb.StatusMessage = "Token has expired";
}
if (rvb.StatusCode == 0)
{
rvb.StatusMessage = "Another user loggedIn with your account";
}
rvb.StatusFlag = false;
}
}
catch (Exception ex)
{
CommonUtilityClass.ExceptionLog(ex);
}
}
}
return(rvb);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Contains("API-KEY") && actionContext.Request.Headers.Contains("BUSINESSID") && actionContext.Request.Headers.Contains("USERID"))
{
apikey = actionContext.Request.Headers.GetValues("API-KEY").FirstOrDefault();
userId = Convert.ToInt32(actionContext.Request.Headers.GetValues("USERID").FirstOrDefault());
businessId = Convert.ToInt32(actionContext.Request.Headers.GetValues("BUSINESSID").FirstOrDefault());
ReturnValuesBool rvb = Authentication.ValidateToken(apikey, userId, businessId);
if (!rvb.StatusFlag)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, new { StatusMessage = rvb.StatusMessage, StatusCode = 100 + rvb.StatusCode });
}
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { StatusMessage = "Incorrect Header specifications", StatusCode = 1000 });
}
}
