public IHttpActionResult GetSensitiveData(int id, string u, string p)
        {
            // authentication 1st level (user have to logged in)
            if (!fwBll.CanPerformAction(ControllerContext.GetAuthUserId(), moduleCode, Library.DTO.ModuleAction.CanRead))
            {
                return(InternalServerError(new Exception(Properties.Resources.NOT_AUTHORIZED)));
            }

            // authentication 2nd level (verify account again)
            try
            {
                IdentityUser user = null;
                using (AuthRepository _repo = new AuthRepository())
                {
                    //_repo.RetrieveHash();
                    user = _repo.FindUser(u, p);
                }
                if (user == null)
                {
                    throw new Exception("Not authorized!");
                }
                else
                {
                    if (ControllerContext.GetAuthUserId() != fwBll.GetUserID(user.UserName))
                    {
                        throw new Exception("Not authorized!");
                    }
                }
            }
            catch
            {
                return(Ok(new Library.DTO.ReturnData <object>()
                {
                    Data = null, Message = new Library.DTO.Notification()
                    {
                        Type = Library.DTO.NotificationType.Error, Message = "Not authorized!"
                    }
                }));
            }

            // everything is ok, go ahead and return sensitive data
            System.Collections.Hashtable input = new System.Collections.Hashtable
            {
                ["id"] = id
            };
            object data = executor.CustomFunction(ControllerContext.GetAuthUserId(), "getsensitivedata", input, out Library.DTO.Notification notification);

            return(Ok(new Library.DTO.ReturnData <object>()
            {
                Data = data, Message = notification
            }));
        }
示例#2
0
        public IHttpActionResult GetFreeToSale(string id) // id: asp net id string
        {
            try
            {
                IdentityUser user = null;
                using (AuthRepository _repo = new AuthRepository())
                {
                    //_repo.RetrieveHash();
                    user = _repo.FinByIdentifier(id);
                    if (!fwBll.CanPerformAction(fwBll.GetUserID(user.UserName), moduleCode, Library.DTO.ModuleAction.CanRead))
                    {
                        user = null;
                    }
                }
                if (user == null)
                {
                    throw new Exception("Not authorized!");
                }

                //// validate setting for wex connection
                //if(!System.Configuration.ConfigurationManager.AppSettings.AllKeys.Contains("wex_api_url"))
                //    throw new Exception("Api url is missing!");

                //if (!System.Configuration.ConfigurationManager.AppSettings.AllKeys.Contains("wex_api_username"))
                //    throw new Exception("Api username is missing!");

                //if (!System.Configuration.ConfigurationManager.AppSettings.AllKeys.Contains("wex_api_password"))
                //    throw new Exception("Api password is missing!");

                //string jsonText = getWEXJsonData();
                string jsonText = string.Empty;
                Library.DTO.Notification notification;
                Hashtable param = new Hashtable();
                param["wexdata"] = jsonText;
                object result = executor.CustomFunction(-1, "getfreetosale", param, out notification);
                return(Ok(result));
            }
            catch (Exception ex)
            {
                return(Ok(Library.Helper.GetInnerException(ex).Message));
            }
        }