Beispiel #1
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            try
            {
                var request = filterContext.HttpContext.Request;

                if (SessionData.CurrentUser != null && SessionData.CurrentUser.Type == (decimal)Common.CommonData.CommonEnums.UserType.Customer)
                {
                    if (SessionData.CurrentUser.loginfirst == 0 && request.AppRelativeCurrentExecutionFilePath.Contains("CUSTOMER/QUAN-LY-CUSTOMER/GET-VIEW-TO-EDIT-CUSTOMER") == false &&
                        request.AppRelativeCurrentExecutionFilePath.Contains("ACCOUNT/DANG-XUAT") == false &&
                        request.AppRelativeCurrentExecutionFilePath.ToUpper().Contains("CUSTOMER/QUAN-LY-CUSTOMER") == false)
                    {
                        filterContext.Result = new RedirectResult("~/customer/quan-ly-customer/get-view-to-edit-customer/" + SessionData.CurrentUser.Id.ToString());
                    }
                }

                if (SessionData.CurrentUser != null)
                {
                    string language        = WebApps.CommonFunction.AppsCommon.GetCurrentLang();
                    string sessionLanguage = SessionData.CurrentUser.Language;
                    if (language != sessionLanguage)
                    {
                        SessionData.CurrentUser.Language = language;

                        var userBL = new BussinessFacade.ModuleUsersAndRoles.UserBL(SessionData.CurrentUser);
                        SessionData.CurrentUser.HtmlMenu = userBL.GetUserHtmlMenu(language);
                    }
                }

                // Only validate POSTs
                if (request.HttpMethod != WebRequestMethods.Http.Post)
                {
                    return;
                }
                if (postAuthorized)
                {
                    DeAuthorizedPost();
                    return;
                }

                // Ajax POSTs and normal form posts have to be treated differently when it comes
                // to validating the AntiForgeryToken
                if (request.IsAjaxRequest())
                {
                    var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName];
                    var cookieValue       = antiForgeryCookie?.Value;
                    AntiForgery.Validate(cookieValue, request.Headers["__RequestVerificationToken"]);
                }
                else
                {
                    new ValidateAntiForgeryTokenAttribute().OnAuthorization(filterContext);
                }
            }
            catch (Exception)
            {
                // Ignored
            }
        }
Beispiel #2
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            bool   _IsLoggedInAndHadRight = true;
            string _RedirectTo            = "/account/login";

            string _url = ((System.Web.Routing.Route)filterContext.RequestContext.RouteData.Route).Url.ToUpper();

            if (SessionData.CurrentUser != null && SessionData.CurrentUser.Type == (decimal)Common.CommonData.CommonEnums.UserType.Customer)
            {
                if (SessionData.CurrentUser.loginfirst == 0 && _url.Contains("CUSTOMER/QUAN-LY-CUSTOMER/GET-VIEW-TO-EDIT-CUSTOMER") == false &&
                    _url.Contains("ACCOUNT/DANG-XUAT") == false &&
                    _url.Contains("CUSTOMER/QUAN-LY-CUSTOMER") == false)
                {
                    filterContext.Result = new RedirectResult("~/customer/quan-ly-customer/get-view-to-edit-customer/" + SessionData.CurrentUser.Id.ToString());
                }
            }

            if (SessionData.CurrentUser == null && _url.ToLower().Contains("quan-ly-tin") == false &&
                _url.ToLower().Contains("wiki-view") == false && _url.ToLower().Contains("language") == false &&
                _url.ToLower().Contains("login") == false && _url.ToLower().Contains("dang-nhap") == false &&
                _url.ToLower().Contains("dang-nhap") == false && _url.ToLower().Contains("account") == false &&
                _url.ToLower().Contains("quen-mat-khau") == false)
            {
                _IsLoggedInAndHadRight = false;
            }
            else if (SessionData.CurrentUser != null)
            {
                string language        = WebApps.CommonFunction.AppsCommon.GetCurrentLang();
                string sessionLanguage = SessionData.CurrentUser.Language;
                if (language != sessionLanguage)
                {
                    SessionData.CurrentUser.Language = language;

                    var userBL = new BussinessFacade.ModuleUsersAndRoles.UserBL(SessionData.CurrentUser);
                    SessionData.CurrentUser.HtmlMenu = userBL.GetUserHtmlMenu(language);
                }
            }

            if (_IsLoggedInAndHadRight == false)
            {
                if (filterContext.HttpContext.Request.IsAjaxRequest() == true)
                {
                    filterContext.HttpContext.Response.StatusCode = 403;
                    filterContext.Result = new JsonResult {
                        Data = "Session_TimeOut"
                    };
                }
                else
                {
                    filterContext.Result = new RedirectResult(_RedirectTo);
                }
            }
            else
            {
                // Continue action
                base.OnActionExecuting(filterContext);
            }
        }