public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request .CreateResponse(HttpStatusCode.Unauthorized); } else { string authenticationToken = actionContext.Request.Headers .Authorization.Parameter; string decodedAuthenticationToken = Encoding.UTF8.GetString( Convert.FromBase64String(authenticationToken)); string[] usernamePasswordArray = decodedAuthenticationToken.Split(':'); string username = usernamePasswordArray[0]; string password = usernamePasswordArray[1]; if (EmployeeSecurity.Login(username, password)) { Thread.CurrentPrincipal = new GenericPrincipal( new GenericIdentity(username), null); } else { actionContext.Response = actionContext.Request .CreateResponse(HttpStatusCode.Unauthorized); } } }
public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request .CreateResponse(HttpStatusCode.Unauthorized); } else { string authenticationToken = actionContext.Request.Headers.Authorization.Parameter; //since username:password is Base64 encoded when passed to the service, we need to decoded //the authentication token and then split by comma. string decodedAuthenticationToken = Encoding.UTF8.GetString( Convert.FromBase64String(authenticationToken)); string[] usernamePasswordArray = decodedAuthenticationToken.Split(':'); string username = usernamePasswordArray[0]; string password = usernamePasswordArray[1]; //Login success: if (EmployeeSecurity.Login(username, password)) { Thread.CurrentPrincipal = new GenericPrincipal( new GenericIdentity(username), null); } else { //Login fail: actionContext.Response = actionContext.Request .CreateResponse(HttpStatusCode.Unauthorized); } } }