Hello guys, welcome to the 24th session or the SP dotnet way VBA to in a previous session we created a user security class in which we created a one static login method. In this session we are going to create an attribute for the or basic authentication. Let's switch to Visual Studio. Right click and select Add a new class with your name vz ot attribute and click Add. We are going to action this class from the authorization filter attribute or toe arises and filter attribute which was present in a different namespace. So we need to include and we are going to override on auto method or third class.

Please do enter. We know that the each request contain the header. We already use the excerpt from which we can specify the return data for the or request. For the authentication, we need to use the authorize header. Let's first of all check whether the header is English or not India or excellent contain which is the parameter for that function. Insert context.request.headers.org authorizes and equal equal No.

If the header is not present, then we need to response the unauthorized status score. For that we need to write the excellent context dot response equal to x and context dot request. Create response which was present in another namespace. So, we need to import within a record we need to specify the status code that is on authorize other Otherwise Otherwise we need to obtain the token from the power hitter frame auth token equal to excellent context dot request dot headers door authorization door to parameter and we need to decode that token string decoded token equal to encoding for that arena to use the using system dot txt statement dot UTF eight dot get string and we need to pass the lower token in the form of the base 64. Therefore, we need to write the Convert Lord from May 64th string and pass do auth token and semicolon from which we can easily identify the username and the password pair.

However, it was in a single string therefore, we need to split into the two part. For that we need to write to string good reading co equal to decoded token dot split from semi colon after the split Including zero error content the two things the first will be username and the second will be a password. And now we need to check that the given username and password pair are match or not as per the database. For that we already created user security class, we just need to call its login method. So right if user security dot login and pass the two thing that are creating here, credential of zero, and credential of one and press enter. If the user match, then we need to generate the if the username and password match, then we need to store in the current principal of the tree.

For that we need to write the trade and import the it's an interface. Trade door to current principle equal to new genetic coding SEPA which was present in different ways for added a new genetic identity. For that, we need to pass the login username. So we are using the a credential of zero and five to rule that will be Anil, India lowercase and the semicolon. If the username and the password will not match, then the logged in user will be authorized. Therefore, we need to return the ITP status code for the unauthorized let's copy the admin that we are using previous if and paste it.

Now we need to use that basic author attribute on our controller, open the our controller and add the accent label, we are going to write the basic auth musical that attribute are created by the US. Let's run the our solution. Let's copy the URL and open in postman right here API slurs employee and click on DSN. You can see that it's written the a 401 unauthorized status code. This is why because we are not specify the authentication for the request from the authorizers and Deb select the basic auth from the drop down and write the username and password. I am already read the t statistic.

Now I am sending it You can see that we are successful add to the list of record However, those record are for the developers. Because we are traditionally used the because we as traditionally use the user name developer in the our case, that's why we are receiving the result for the Dow only. Let's modify. For this we need to write the trade which was a prison in different industries. So I added a lot current principal door identity dot name, which will return the logged in user name. Let's run the our solution.

Switch to postman. Click on the send button. You can see that it written the areas of all the T shirt on You can see there to return the result of the employed that are belong to the testing department. If we are sending data for the developer, then it will return the result for the variable only. If we are writing the wrong password, then again it generate the 401 unauthorized status. First of all, we need to create one class that action from the authorization filter attribute.

And we need to override the on authorization method of it. Within that we need to check whether the authorization header is present in the request or not. If it was not present, then user is unauthorized. If the present then we need to retrieve the token and decode it. And we need to check whether the given credential valid or not? If it was valid then we need to show in the current principle of the trade.

Otherwise we need to send the unauthorized status code. Thanks for watching. Have a nice day.