public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string encodedString = actionContext.Request.Headers.Authorization.Parameter;
string decodedString = Encoding.UTF8.GetString(Convert.FromBase64String(encodedString));
string[] arr = decodedString.Split(new char[] { ':' });
string username = arr[0];
string password = arr[1];
HROfficerRepository urepo = new HROfficerRepository();
if (username == urepo.Get(username).HR_name&& password == urepo.Get(username).HR_password)
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public ActionResult ConfirmChangePassword(string oldpass, string Pass, string cpass)
{
HROfficerRepository orepo = new HROfficerRepository();
LoginRepository lrepo = new LoginRepository();
HROfficer of = orepo.Get(Convert.ToInt32(Session["Id"]));
Logininfo log = lrepo.Get(Session["Name"].ToString());
if (Session["Password"].ToString() == oldpass)
{
if (Pass != cpass)
{
ViewData["Message"] = "Password Didn't match";
}
else
{
of.HR_password = Pass;
log.Login_Password = Pass;
orepo.Update(of);
lrepo.Update(log);
ViewData["Message"] = "Password Updated Successfully";
Session["Officer"] = of;
Session["Password"] = Pass;
}
}
else
{
ViewData["Message"] = "Wrong Password";
}
return(View("Empty"));
}