private AuthUserInformationModel BuildAuthUserInformationModel(DataTable userInfoTable) { // Get basic user information from the databases AuthUserInformationModel userInfo = new AuthUserInformationModel(); userInfo.UserKey = userInfoTable.Rows[0]["User_Key"].ToString(); userInfo.OldUserKey = userInfoTable.Rows[0]["SecurityUser_Key"].ToString(); userInfo.Username = userInfoTable.Rows[0]["UserName"].ToString(); userInfo.FullName = userInfo.Username.Split('@')[0]; // TODO: This should be changed to use the real Full Name of the users userInfo.RoleLookup = new Dictionary <string, int>(); // Lookup roles for this current user SqlGenerator sqlGenLevels = new SqlGenerator(SqlGenerator.SqlTypes.Select, "UserRight", true); sqlGenLevels.AddTable("SecurityObject", SqlGenerator.SqlJoins.Inner, "SecurityObject_Key"); sqlGenLevels.AddField("ObjectTitle", "SecurityObject"); sqlGenLevels.AddField("SecurityLevel", "UserRight"); sqlGenLevels.AddWhereParameter("UserRight", "SecurityUser_Key", userInfo.OldUserKey, SqlWhereComparison.SqlComparer.Equal); // Loop through all of our role levels and assign them to our AuthUserInformationModel.RoleLookup dictionarys using (SqlDataReader r = Adocls.FetchDataReader(sqlGenLevels, "UserDatabase")) { while (r.Read()) { userInfo.RoleLookup.Add((string)r["ObjectTitle"], (byte)r["SecurityLevel"]); } } return(userInfo); }
public bool PerformAuthentication(string sessionKey) { bool validSession = false; UserService userService = new UserService(); if (sessionKey != null) { if (userService.ValidateSessionKey(sessionKey)) { // Read session info from database based on cookie value // If wrapper to check if session existed and that the expiration of the session is still valid (>= DateTime.Now // Load up user information from the user attached to the session // Check to make sure user account is still valid (blocked? removed? etc ...) // Load role/permission information for the user that has been loaded and build a combined "UserInformation" model for reference later Dictionary <string, Guid> controllerGuids = (Dictionary <string, Guid>)HttpRuntime.Cache["ControllerGuids"]; Guid currentGuid = Guid.Empty; AuthUserInformationModel userinfo = userService.GetAuthUserInformation(sessionKey); userService.SetUserInformationForCurrentRequest(userinfo); try { if (controllerGuids.ContainsKey(PermissionKey)) { currentGuid = controllerGuids[PermissionKey]; SecurityModel security = service.LoadModel <SecurityModel>(conName: HttpContext.Current.Session["ConString"].ToString()).FirstOrDefault(u => u.ObjectGUID == currentGuid.ToString() && u.User_Key == userinfo.UserKey); if (security?.SecurityLevel >= PermissionLevel) { validSession = true; } else if (PermissionLevel == -1) { validSession = true; } else { validSession = false; } } else if (PermissionLevel == -1) //Allow for some screens to not require Security { validSession = true; } else { validSession = false; } } catch (Exception) { validSession = true; //temporary } } } return(validSession); }
public bool ValidateSecurityLevel(string viewName, int requiredMinLevel) { AuthUserInformationModel userInfo = GetUserInformationForCurrentRequest(); if (userInfo != null && userInfo.RoleLookup.ContainsKey(viewName)) { if (userInfo.RoleLookup[viewName] >= requiredMinLevel) { return(true); } } return(false); }
//Fast menu iteration security check public bool MenuService(string authkey = "") { Dictionary <string, Guid> controllerGuids = (Dictionary <string, Guid>)HttpRuntime.Cache["ControllerGuids"]; Guid currentGuid = Guid.Empty; AuthUserInformationModel userModel = (AuthUserInformationModel)HttpRuntime.Cache["CurrentUser"]; try { if (controllerGuids.ContainsKey(authkey != "" ? authkey : PermissionKey) && userModel != null) { currentGuid = controllerGuids[authkey != "" ? authkey : PermissionKey]; SecurityModel security = service.LoadModel <SecurityModel>(conName: HttpContext.Current.Session["ConString"].ToString()).FirstOrDefault(u => u.ObjectGUID == currentGuid.ToString() && u.User_Key == userModel.UserKey); if (security?.SecurityLevel >= PermissionLevel) { return(true); } else if (PermissionLevel == -1) { return(true); } else { return(false); } } else if (PermissionLevel == -1) //Allow for some screens to not require Security { return(true); } else { return(false); } } catch (Exception) { return(false); //something happened, menu item not available } }
public ActionResult ReportMain() { HttpCookie cookie = Request.Cookies["PageCookie"]; HttpCookie usercookie = Request.Cookies["UserCookie"]; if (Session["CurrentUserName"] != null) { if (cookie != null) { Response.Cookies.Remove("PageCookie"); Session.Remove("ModelType"); } return(View()); } else { _currentUser = _userService.GetUserInformationForCurrentRequest(); if (usercookie == null) { HttpCookie UserCookie = new HttpCookie("UserCookie"); UserCookie.Name = "UserCookie"; UserCookie.Value = _currentUser.Username; UserCookie.Expires = DateTime.Now.AddDays(15); Response.Cookies.Set(UserCookie); } try { if (!string.IsNullOrEmpty(cookie?.Value) && (usercookie?.Value == _currentUser.Username)) { string[] val = cookie.Value.Split('/'); if (val.Length > 1) { return(RedirectToAction(val[1], val[0])); } else { return(RedirectToAction(val[0], val[0])); } } else { HttpCookie UserCookie = new HttpCookie("UserCookie"); UserCookie.Name = "UserCookie"; UserCookie.Value = _currentUser.Username; UserCookie.Expires = DateTime.Now.AddDays(15); Response.Cookies.Set(UserCookie); if (cookie != null) { Response.Cookies.Remove("PageCookie"); Session.Remove("ModelType"); } return(View()); } } catch (Exception) { return(View()); } } }
public void SetUserInformationForCurrentRequest(AuthUserInformationModel userInfo) { HttpContext.Current.Items[C_SESSION_USER_INFO_KEY] = userInfo; }