public IHttpActionResult GetSensitiveData(int id, string u, string p) { // authentication 1st level (user have to logged in) if (!fwBll.CanPerformAction(ControllerContext.GetAuthUserId(), moduleCode, Library.DTO.ModuleAction.CanRead)) { return(InternalServerError(new Exception(Properties.Resources.NOT_AUTHORIZED))); } // authentication 2nd level (verify account again) try { IdentityUser user = null; using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); user = _repo.FindUser(u, p); } if (user == null) { throw new Exception("Not authorized!"); } else { if (ControllerContext.GetAuthUserId() != fwBll.GetUserID(user.UserName)) { throw new Exception("Not authorized!"); } } } catch { return(Ok(new Library.DTO.ReturnData <object>() { Data = null, Message = new Library.DTO.Notification() { Type = Library.DTO.NotificationType.Error, Message = "Not authorized!" } })); } // everything is ok, go ahead and return sensitive data System.Collections.Hashtable input = new System.Collections.Hashtable { ["id"] = id }; object data = executor.CustomFunction(ControllerContext.GetAuthUserId(), "getsensitivedata", input, out Library.DTO.Notification notification); return(Ok(new Library.DTO.ReturnData <object>() { Data = data, Message = notification })); }
public IHttpActionResult GetFreeToSale(string id) // id: asp net id string { try { IdentityUser user = null; using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); user = _repo.FinByIdentifier(id); if (!fwBll.CanPerformAction(fwBll.GetUserID(user.UserName), moduleCode, Library.DTO.ModuleAction.CanRead)) { user = null; } } if (user == null) { throw new Exception("Not authorized!"); } //// validate setting for wex connection //if(!System.Configuration.ConfigurationManager.AppSettings.AllKeys.Contains("wex_api_url")) // throw new Exception("Api url is missing!"); //if (!System.Configuration.ConfigurationManager.AppSettings.AllKeys.Contains("wex_api_username")) // throw new Exception("Api username is missing!"); //if (!System.Configuration.ConfigurationManager.AppSettings.AllKeys.Contains("wex_api_password")) // throw new Exception("Api password is missing!"); //string jsonText = getWEXJsonData(); string jsonText = string.Empty; Library.DTO.Notification notification; Hashtable param = new Hashtable(); param["wexdata"] = jsonText; object result = executor.CustomFunction(-1, "getfreetosale", param, out notification); return(Ok(result)); } catch (Exception ex) { return(Ok(Library.Helper.GetInnerException(ex).Message)); } }