public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string[] emailPasswordArray = decodedAuthenticationToken.Split(':');
string email = emailPasswordArray[0];
string password = emailPasswordArray[1];
if (EmployeeSecurity.Login(email, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(email), null);
}
else
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
// authenticationToken is username:password in UTF8
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string[] uandp = decodedToken.Split(':');
string username = uandp[0];
string password = uandp[1];
if (EmployeeSecurity.Login(username, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
// HttpActionContext has access to both request and response. so in basic authentication
// client send authentication in header. so we check for Authorization header of context.
// if it is null it means unauthorised request.
public override void OnAuthorization(HttpActionContext actionContext)
{
// as no authorization header present so it is considered as unauthorized.
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
// here we will get uname pass as base 64 encoded : username:pass
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
// we need to decode base 64 as it is in base64encoded. // this will return decoded string.
string DecodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
// now we have uid pass in format of colon so need to split with colon (UID:PASS)
string[] usernamepassARRAY = DecodedAuthenticationToken.Split(':');
string username = usernamepassARRAY[0];
string password = usernamepassARRAY[1];
if (EmployeeSecurity.Login(username, password))
{
// setting principle of current thread if login success.
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public IHttpActionResult Check(Employee employee)
{
string tokenValue = EmployeeSecurity.Login(employee.EmployeeUserName, employee.EmployeePassword);
if (tokenValue.Equals(" "))
{
log.Info("Employee Not Logged in Successfully");
return(NotFound());
}
else
{
log.Info("Employee Logged in Successfully");
return(Ok(tokenValue));
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers
.Authorization.Parameter;
string decodedAuthenticationToken = Encoding.UTF8.GetString(
Convert.FromBase64String(authenticationToken));
string[] usernamePasswordArray = decodedAuthenticationToken.Split(':');
string username = usernamePasswordArray[0];
string password = usernamePasswordArray[1];
EmployeeSecurity employeeSecurity = new EmployeeSecurity();
}
}
public bool Login(string username, string password)
{
return(EmployeeSecurity.Login(username, password));
}
