private AuthUserInformationModel BuildAuthUserInformationModel(DataTable userInfoTable)
{
// Get basic user information from the databases
AuthUserInformationModel userInfo = new AuthUserInformationModel();
userInfo.UserKey = userInfoTable.Rows[0]["User_Key"].ToString();
userInfo.OldUserKey = userInfoTable.Rows[0]["SecurityUser_Key"].ToString();
userInfo.Username = userInfoTable.Rows[0]["UserName"].ToString();
userInfo.FullName = userInfo.Username.Split('@')[0]; // TODO: This should be changed to use the real Full Name of the users
userInfo.RoleLookup = new Dictionary <string, int>();
// Lookup roles for this current user
SqlGenerator sqlGenLevels = new SqlGenerator(SqlGenerator.SqlTypes.Select, "UserRight", true);
sqlGenLevels.AddTable("SecurityObject", SqlGenerator.SqlJoins.Inner, "SecurityObject_Key");
sqlGenLevels.AddField("ObjectTitle", "SecurityObject");
sqlGenLevels.AddField("SecurityLevel", "UserRight");
sqlGenLevels.AddWhereParameter("UserRight", "SecurityUser_Key", userInfo.OldUserKey, SqlWhereComparison.SqlComparer.Equal);
// Loop through all of our role levels and assign them to our AuthUserInformationModel.RoleLookup dictionarys
using (SqlDataReader r = Adocls.FetchDataReader(sqlGenLevels, "UserDatabase"))
{
while (r.Read())
{
userInfo.RoleLookup.Add((string)r["ObjectTitle"], (byte)r["SecurityLevel"]);
}
}
return(userInfo);
}
public bool PerformAuthentication(string sessionKey)
{
bool validSession = false;
UserService userService = new UserService();
if (sessionKey != null)
{
if (userService.ValidateSessionKey(sessionKey))
{
// Read session info from database based on cookie value
// If wrapper to check if session existed and that the expiration of the session is still valid (>= DateTime.Now
// Load up user information from the user attached to the session
// Check to make sure user account is still valid (blocked? removed? etc ...)
// Load role/permission information for the user that has been loaded and build a combined "UserInformation" model for reference later
Dictionary <string, Guid> controllerGuids = (Dictionary <string, Guid>)HttpRuntime.Cache["ControllerGuids"];
Guid currentGuid = Guid.Empty;
AuthUserInformationModel userinfo = userService.GetAuthUserInformation(sessionKey);
userService.SetUserInformationForCurrentRequest(userinfo);
try
{
if (controllerGuids.ContainsKey(PermissionKey))
{
currentGuid = controllerGuids[PermissionKey];
SecurityModel security = service.LoadModel <SecurityModel>(conName: HttpContext.Current.Session["ConString"].ToString()).FirstOrDefault(u => u.ObjectGUID == currentGuid.ToString() && u.User_Key == userinfo.UserKey);
if (security?.SecurityLevel >= PermissionLevel)
{
validSession = true;
}
else if (PermissionLevel == -1)
{
validSession = true;
}
else
{
validSession = false;
}
}
else if (PermissionLevel == -1) //Allow for some screens to not require Security
{
validSession = true;
}
else
{
validSession = false;
}
}
catch (Exception)
{
validSession = true; //temporary
}
}
}
return(validSession);
}
public bool ValidateSecurityLevel(string viewName, int requiredMinLevel)
{
AuthUserInformationModel userInfo = GetUserInformationForCurrentRequest();
if (userInfo != null && userInfo.RoleLookup.ContainsKey(viewName))
{
if (userInfo.RoleLookup[viewName] >= requiredMinLevel)
{
return(true);
}
}
return(false);
}
//Fast menu iteration security check
public bool MenuService(string authkey = "")
{
Dictionary <string, Guid> controllerGuids = (Dictionary <string, Guid>)HttpRuntime.Cache["ControllerGuids"];
Guid currentGuid = Guid.Empty;
AuthUserInformationModel userModel = (AuthUserInformationModel)HttpRuntime.Cache["CurrentUser"];
try
{
if (controllerGuids.ContainsKey(authkey != "" ? authkey : PermissionKey) && userModel != null)
{
currentGuid = controllerGuids[authkey != "" ? authkey : PermissionKey];
SecurityModel security = service.LoadModel <SecurityModel>(conName: HttpContext.Current.Session["ConString"].ToString()).FirstOrDefault(u => u.ObjectGUID == currentGuid.ToString() && u.User_Key == userModel.UserKey);
if (security?.SecurityLevel >= PermissionLevel)
{
return(true);
}
else if (PermissionLevel == -1)
{
return(true);
}
else
{
return(false);
}
}
else if (PermissionLevel == -1) //Allow for some screens to not require Security
{
return(true);
}
else
{
return(false);
}
}
catch (Exception)
{
return(false); //something happened, menu item not available
}
}
public ActionResult ReportMain()
{
HttpCookie cookie = Request.Cookies["PageCookie"];
HttpCookie usercookie = Request.Cookies["UserCookie"];
if (Session["CurrentUserName"] != null)
{
if (cookie != null)
{
Response.Cookies.Remove("PageCookie");
Session.Remove("ModelType");
}
return(View());
}
else
{
_currentUser = _userService.GetUserInformationForCurrentRequest();
if (usercookie == null)
{
HttpCookie UserCookie = new HttpCookie("UserCookie");
UserCookie.Name = "UserCookie";
UserCookie.Value = _currentUser.Username;
UserCookie.Expires = DateTime.Now.AddDays(15);
Response.Cookies.Set(UserCookie);
}
try
{
if (!string.IsNullOrEmpty(cookie?.Value) && (usercookie?.Value == _currentUser.Username))
{
string[] val = cookie.Value.Split('/');
if (val.Length > 1)
{
return(RedirectToAction(val[1], val[0]));
}
else
{
return(RedirectToAction(val[0], val[0]));
}
}
else
{
HttpCookie UserCookie = new HttpCookie("UserCookie");
UserCookie.Name = "UserCookie";
UserCookie.Value = _currentUser.Username;
UserCookie.Expires = DateTime.Now.AddDays(15);
Response.Cookies.Set(UserCookie);
if (cookie != null)
{
Response.Cookies.Remove("PageCookie");
Session.Remove("ModelType");
}
return(View());
}
}
catch (Exception)
{
return(View());
}
}
}
public void SetUserInformationForCurrentRequest(AuthUserInformationModel userInfo)
{
HttpContext.Current.Items[C_SESSION_USER_INFO_KEY] = userInfo;
}
