public static void UpdateGenericIdentity(Utilizador utilizador) { string[] roles = null; switch (utilizador.Role) { case "Admin": roles = new string[] { "Admin", "User" }; break; case "User": roles = new string[] { "User" }; break; default: break; } GenericIdentity identity = new GenericIdentity(utilizador.Email); identity.AddClaim(new Claim(ClaimTypes.Email, utilizador.Email)); identity.AddClaim(new Claim(ClaimTypes.Name, utilizador.Nome)); identity.AddClaim(new Claim(ClaimTypes.Role, utilizador.Role)); identity.AddClaim(new Claim(ClaimTypes.Sid, Convert.ToString(utilizador.Id))); IPrincipal principal = new GenericPrincipal(identity, roles); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } }
public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string token = actionContext.Request.Headers.Authorization.Parameter; string decodedToken = Authentication.DencodingToken(token); Authentication user = new Authentication { Email = decodedToken.Split(':')[0], Password = decodedToken.Split(':')[1] }; Utilizador utilizador = Authentication.Login(user); if (utilizador != null) { Authentication.UpdateGenericIdentity(utilizador); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } }
public static Utilizador CreateNewUser(Authentication user) { Utilizador utilizador = null; try { using (SqlConnection conn = new SqlConnection(CONNECTION_STRING)) { conn.Open(); SqlCommand cmd = new SqlCommand("INSERT INTO Utilizadores (Nome, Username, Email, Password, Role) " + "VALUES (@nome, @username, @email, @password, @role)", conn); cmd.Parameters.AddWithValue("@nome", user.Nome); cmd.Parameters.AddWithValue("@username", user.Username); cmd.Parameters.AddWithValue("@email", user.Email); cmd.Parameters.AddWithValue("@password", Authentication.ComputeSha256Hash(user.Password)); cmd.Parameters.AddWithValue("@role", "User"); int rows = cmd.ExecuteNonQuery(); if (rows == -1) { return(null); } return(GetUtilizadorByEmail(user.Email)); } } catch (Exception exception) { return(null); } }
public static Utilizador Login(Authentication user) { Utilizador utilizador = null; using (SqlConnection conn = new SqlConnection(CONNECTION_STRING)) { conn.Open(); SqlCommand cmd = null; if (user.Email != null && user.Username == null) { cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Email = @email AND Password = @password", conn); cmd.Parameters.AddWithValue("@email", user.Email); } if (user.Email == null && user.Username != null) { cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Username = @username AND Password = @password", conn); cmd.Parameters.AddWithValue("@username", user.Username); } if (user.Email != null && user.Username != null) { cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Username = @username AND Email = @email AND Password = @password", conn); cmd.Parameters.AddWithValue("@username", user.Username); cmd.Parameters.AddWithValue("@email", user.Email); } if (cmd == null) { return(null); } cmd.Parameters.AddWithValue("@password", Authentication.ComputeSha256Hash(user.Password)); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { utilizador = new Utilizador { Id = (int)reader["Id"], Username = (string)reader["Username"], Email = (string)reader["Email"], Nome = (string)reader["Nome"], Role = (string)reader["Role"] }; } } conn.Close(); } return(utilizador); }
public static List <SensorPessoal> GetSensoresByUsername(string username) { List <SensorPessoal> sensores = null; try { sensores = new List <SensorPessoal>(); using (SqlConnection conn = new SqlConnection(CONNECTION_STRING)) { conn.Open(); Utilizador utilizador = Models.Utilizador.GetUtilizadorByUsername(username); SqlCommand cmd = new SqlCommand("SELECT * FROM SensoresPessoais WHERE UtilizadorID = @id", conn); cmd.Parameters.AddWithValue("@id", utilizador.Id); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { SensorPessoal sensorPessoal = new SensorPessoal() { Id = (int)reader["Id"], Temperatura = (decimal)reader["Temperatura"], Humidade = (decimal)reader["Humidade"], Data = (DateTime)reader["Data"], Valido = (bool)reader["Valido"], Local = (string)reader["Local"], Utilizador = Models.Utilizador.GetUtilizadorById((int)reader["UtilizadorID"]).Username }; if (reader["ValidatedBy"] != DBNull.Value) { sensorPessoal.Validated = new SensorPessoalValidatedBy() { ValidatedBy = Models.Utilizador.GetUtilizadorById((int)reader["ValidatedBy"]).Username, DateValidatedBy = (DateTime)reader["DateValidatedBy"] }; } sensores.Add(sensorPessoal); } } conn.Close(); } return(sensores); } catch (Exception execption) { return(null); } }
public static List <Utilizador> GetAllUtilizadores() { List <Utilizador> utilizadores = null; try { utilizadores = new List <Utilizador>(); using (SqlConnection conn = new SqlConnection(CONNECTION_STRING)) { conn.Open(); SqlCommand cmd = new SqlCommand("SELECT * FROM Utilizadores", conn); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { Utilizador utilizador = new Utilizador() { Id = (int)reader["Id"], Username = (string)reader["Username"], Email = (string)reader["Email"], Nome = (string)reader["Nome"], Role = (string)reader["Role"] }; utilizadores.Add(utilizador); } } conn.Close(); } return(utilizadores); } catch (Exception exception) { return(null); } }
public static Utilizador GetUtilizadorById(int id) { Utilizador utilizador = null; try { using (SqlConnection conn = new SqlConnection(CONNECTION_STRING)) { conn.Open(); SqlCommand cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Id = @id", conn); cmd.Parameters.AddWithValue("@id", id); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { utilizador = new Utilizador() { Id = (int)reader["Id"], Username = (string)reader["Username"], Email = (string)reader["Email"], Nome = (string)reader["Nome"], Role = (string)reader["Role"] }; } } conn.Close(); } } catch { return(null); } return(utilizador); }