Beispiel #1
0
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext.HttpContext.Session != null)
            {
                var user = filterContext.HttpContext.Session["user"]?.ToString();
                if (!string.IsNullOrWhiteSpace(user))
                {
                    return;
                }

                var cookie = filterContext.HttpContext.Request.Cookies?["user"];
                if (!string.IsNullOrEmpty(cookie?.Value))
                {
                    throw new UnauthorizedException();
                }
                var content = cookie?.Value.DecryptQueryString();


                lclEntities db = new lclEntities();
                if (!db.Users.Any(u => u.Account == content))
                {
                    throw new UnauthorizedException();
                }
            }
        }