public override void OnActionExecuting(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized); } else { string authToken = actionContext.Request.Headers.Authorization.Parameter; //string decodedToken = string DeviceId = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); ; //will contain the decrypted authToken summonersRepository dataLayer = new summonersRepository(); Summoner summoner = dataLayer.ValidateUser(DeviceId); if (summoner == null) //not authorized { actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized); } else { HttpContext.Current.User = new GenericPrincipal(new ServiceUser(summoner), new string[] { }); base.OnActionExecuting(actionContext); } } }
public void Login() { // Ensure there's a return URL if (Request.QueryString["ReturnUrl"] == null) Response.Redirect(FormsAuthentication.LoginUrl + "?ReturnUrl=" + Server.UrlEncode(FormsAuthentication.DefaultUrl)); if (TempData.ContainsKey("allowLogin")) { // See if they've supplied credentials string authHeader = Request.Headers["Authorization"]; if ((authHeader != null) && (authHeader.StartsWith("Basic"))) { // Parse username and password out of the HTTP headers authHeader = authHeader.Substring("Basic".Length).Trim(); byte[] authHeaderBytes = Convert.FromBase64String(authHeader); authHeader = Encoding.UTF7.GetString(authHeaderBytes); string userName = authHeader.Split(':')[0]; string password = authHeader.Split(':')[1]; // Validate login attempt summonersRepository layer = new summonersRepository(); if (layer.ValidateAdmin(userName, password)) { FormsAuthentication.RedirectFromLoginPage(userName, false); return; } } } // Force the browser to pop up the login prompt Response.StatusCode = 401; Response.AppendHeader("WWW-Authenticate", "Basic"); TempData["allowLogin"] = true; // This gets shown if they click "Cancel" to the login prompt Response.Write("You must log in to access this URL."); }
public UserController() { this.accountRep = new summonersRepository(); this.logRep = new logsRepository(); this.errorRep = new errorsRepository(); }