veektorh
7/11/2019 - 6:43 PM

basicAuth.cs

//Add Security Class  - (this is will be used by basicauthentication class to authenticate users)
//Add a BasicAuthenticationAttribute Class
//Add BasicAuthentication FIlter Attribute to controller/Method - [BasicAuthentication]
//Calling From MVC- client.DefaultRequestHeaders.Add("Authorization", "Basic " + base64string);

==========================================================================================================================================
//Security Class

public static class EmployeeSecurity
    {
        public static bool Login(string username , string password)
        {
            using (var db = new TestDbContext())
            {
                return db.Users.Any(a => a.Username.Equals(username,StringComparison.OrdinalIgnoreCase)
                && a.Password.Equals(password, StringComparison.OrdinalIgnoreCase));
            }
        }
    }

	
==========================================================================================================================================
BasicAuthenticationAttribute Class

public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
            else
            {
                var authorizationToken = actionContext.Request.Headers.Authorization.Parameter;
                var decodedAuthorizationToken = Encoding.UTF8.GetString(
                                                Convert.FromBase64String(authorizationToken));

                var username = decodedAuthorizationToken.Split(':')[0];
                var password = decodedAuthorizationToken.Split(':')[1];

                if (EmployeeSecurity.Login(username,password))
                {
                    Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username),null );
                }
                else
                {
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                }
            }
        }
    }
	

=====================================================================================================================================
Controller

		[BasicAuthentication]
        public IHttpActionResult Get()
        {
            var username = Thread.CurrentPrincipal.Identity.Name;

            if (username.Equals("victor"))
            {
                var maleEmployees = db.Employees.Where(a => a.Gender == "Male").ToList();
                return Ok(maleEmployees);
            }
            else if (username.Equals("chidi"))
            {
                var femaleEmployees = db.Employees.Where(a => a.Gender == "Female").ToList();
                return Ok(femaleEmployees);
            }

            return BadRequest("invalid data");
            
        }