public async Task Invoke(HttpContext context)
{
string authHeader = context.Request.Headers["Authorization"];
if (authHeader != null && authHeader.StartsWith("Basic"))
{
//Extract credentials
string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
int seperatorIndex = usernamePassword.IndexOf(':');
var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
if (UserValidate.Login(username, password))
{
await _next.Invoke(context);
}
else
{
context.Response.StatusCode = 401; //Unauthorized
return;
}
}
else
{
// no authorization header
context.Response.StatusCode = 401; //Unauthorized
return;
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response =
actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
if (actionContext.Response.StatusCode == HttpStatusCode.Unauthorized)
{
actionContext.Response.Headers.Add("WWW-Authrnticate", string.Format("Basic realm=\"{0}\"", Realm));
}
}
else
{
string authenticationToken = actionContext.Request.Headers
.Authorization.Parameter;
string decodeAuthenticationToken =
Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string[] usernamePasswordArray = decodeAuthenticationToken.Split(':');
string username = usernamePasswordArray[0];
string password = usernamePasswordArray[1];
if (UserValidate.Login(username, password))
{
var identity = new GenericIdentity(username);
IPrincipal principal = new GenericPrincipal(identity, null);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
else
{
actionContext.Response = actionContext.Request.
CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public UserToken UserLogin(User userLogin)
{
var userFound = UserValidate.Login(userLogin.UserName, userLogin.Password);
if (userFound) //Si el usuario ya se encuentra registrado en la base de datos se le daran sus credenciales (Token)
{
var userInDB = UserValidate.GetUserDetails(userLogin.UserName, userLogin.Password);
string encodeString = $"{userLogin.UserName}:{userLogin.Password}";
UserToken userToken = new UserToken()
{
UserName = userInDB.UserName,
Role = userInDB.Roles,
Token = Convert.ToBase64String(Encoding.UTF8.GetBytes(encodeString))
};
return(userToken);
}
else
{
return(null);
}
}