Untitled

[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Json, UriTemplate = "ConsultarCodigo/{cpfcnpj}")]
    public ConsultaPessoa GetPessoa(string cpfcnpj)
    {
        try
        {
            ConsultaPessoa consultaPessoa = new ConsultaPessoa();

            using (var conn = Connection.Conn)
            {
                IDbCommand comando = conn.CreateCommand();
                comando.CommandText = @"SELECT A.HANDLE,
                                               A.NOME
                                          FROM MS_PESSOA A
                                         WHERE A.CNPJCPFSEMMASCARA = '" + cpfcnpj + "'";

                using (IDataReader reader = comando.ExecuteReader())
                {
                    if (!reader.Read())
                    {
                        throw new Exception("Pessoa não encontrada");
                    }
                    consultaPessoa.codigo = Convert.ToInt32(reader.GetValue(0));
                    consultaPessoa.nome = reader.GetString(1);
                }

                return consultaPessoa;
            }

        }
        catch (Exception ex)
        {
            throw new WebFaultException<string>(ex.Message, System.Net.HttpStatusCode.BadRequest);
        }
    }

[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Json, UriTemplate = "ConsultarCodigo/{cpfcnpj}"), BasicAuthenticationAttribute]

public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
{
    public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        if (actionContext.Request.Headers.Authorization == null)
        {
            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
        }
        else
        {
            // Gets header parameters
            string authenticationString = actionContext.Request.Headers.Authorization.Parameter;
            string originalString = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationString));

            // Gets username and password
            string username = originalString.Split(':')[0];
            string password = originalString.Split(':')[1];

            // Validate username and password
            if (!ApiSecurity.VaidateUser(username, password))
            {
                // returns unauthorized error
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
        }

        base.OnAuthorization(actionContext);
    }
}