public ActionResult Login(FormCollection formCollection, string username, string password, string url = "")
{
User u = null;
try
{
u = UserSessionContext.Dologin(username, password);
}
catch (Exception ex)
{
return(Redirect($"/Admin/AdminHome/Login/?error={HttpUtility.UrlEncode(ex.ToMessage())}"));
}
if (u == null)
{
return(View());
}
if (UserSessionContext.CurrentUserIsSysAdmin(u.TokenSession) || string.IsNullOrEmpty(url))
{
return(Redirect("~/Admin"));
}
url = HttpUtility.UrlDecode(url);
if (url.Equals(UserSessionContext.UrlAdminLogin, StringComparison.OrdinalIgnoreCase))
{
return(Redirect("~/"));
}
return(Redirect(url));
}
public ActionResult Login(FormCollection formCollection, string username, string password, string url = "")
{
UserSessionContext.Dologin(username, password);
if (!string.IsNullOrEmpty(url))
{
return(Redirect(HttpUtility.UrlDecode(url)));
}
if (UserSessionContext.CurrentUserIsSysAdmin())
{
return(Redirect("~/Admin"));
}
if (UserSessionContext.CurrentUser() != null)
{
return(Redirect("~/"));
}
return(View());
}
public ActionResult Logout()
{
var currentUserIsSysAdmin = UserSessionContext.CurrentUserIsSysAdmin();
try
{
UserSessionContext.Dologout();
return(Redirect("~/"));
}
catch { }
if (currentUserIsSysAdmin)
{
return(Redirect(UserSessionContext.UrlAdminLogin));
}
return(Redirect("~/"));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (_allowAnonymous)
{
base.OnActionExecuting(filterContext);
return;
}
if (UserSessionContext.CurrentUserIsSysAdmin() == true)
{
base.OnActionExecuting(filterContext);
return;
}
HttpContextBase context = filterContext.HttpContext;
var url = context.Request.Url.ToString().ToLower();
var customerLoginUrl = UserSessionContext.UrlAdminLogin + "?url=" + HttpUtility.UrlEncode(url);
if (UserSessionContext.CurrentUser() == null)
{
filterContext.Result = new RedirectResult(customerLoginUrl);
}
else
{
// check url routing to match with rights
var controller = filterContext.RouteData.GetRequiredString("controller");
var action = filterContext.RouteData.GetRequiredString("action");
var keyName = $"/{controller}/{action}/";
var rights = UserSessionContext.CurrentUserRights();
var found = rights.FirstOrDefault(i => i.KeyName.Equals(keyName, StringComparison.OrdinalIgnoreCase));
if (found == null)
{
var xxx = UserSessionContext.ListAllRights();
Right x;
if (!xxx.TryGetValue(keyName.ToLower(), out x))
{
filterContext.Result = new RedirectResult(customerLoginUrl);
}
else
{
if (x.ReturnType.Equals(typeof(JsonResult).FullName, StringComparison.OrdinalIgnoreCase))
{
filterContext.Result = new JsonResult()
{
Data = new { Message = "Require logedin : " + url }
,
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
filterContext.Result = new RedirectResult(customerLoginUrl);
}
}
}
}
base.OnActionExecuting(filterContext);
}