protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
RegisterGlobalFilters(GlobalFilters.Filters);
RegisterRoutes(RouteTable.Routes);
AccountsRepositoryFactory.Initialize(new WebAccountsCache(Context.Cache));
Error += new EventHandler(MvcApplication_Error);
FederatedAuthentication.ServiceConfigurationCreated += OnServiceConfigurationCreated;
}
private AccountDetails GetAccessAccount(string accountId)
{
var accRepo = AccountsRepositoryFactory.GetAccountsRepository();
AccountDetails accessAccount;
if ((_requiredAccessLevel & StoreAccessLevel.Superuser) == StoreAccessLevel.Superuser)
{
accessAccount = accRepo.GetSuperUserAccount();
}
else
{
accessAccount = accRepo.GetAccountDetails(accountId);
}
return(accessAccount);
}
public void MonitorCallback(object state)
{
if (AccountsRepositoryFactory.GetAccountsRepository() == null)
{
//AccountsRepositoryFactory.Initialize(new NullAccountsCache());
Trace.TraceWarning("AccountsRepositoryFactory has not been initialized yet.");
return;
}
try
{
DateTime startTime = DateTime.UtcNow;
var storeSizes = new Dictionary <string, int>();
foreach (var store in BrightstarCluster.Instance.GetStores())
{
if (BrightstarCluster.Instance.GetLastModifiedDate(store).Subtract(startTime) <= _monitorPeriod)
{
int storeSize = BrightstarCluster.Instance.GetStoreSize(store);
storeSizes[store] = storeSize;
}
}
if (storeSizes.Count > 0)
{
var repo = AccountsRepositoryFactory.GetAccountsRepository();
if (repo != null)
{
repo.UpdateStoreSizes(storeSizes);
}
}
var newPeriod = TimeSpan.FromMinutes(BasePeriod * RoleEnvironment.CurrentRoleInstance.Role.Instances.Count);
if (!newPeriod.Equals(_monitorPeriod))
{
// Indicates that we have more or fewer roles instances so need to adjust the timer frequency accordingly
_monitorTimer.Change(newPeriod, newPeriod);
_monitorPeriod = newPeriod;
}
}
catch (Exception ex)
{
// Log exception in monitor loop
Trace.TraceError("Gateway: Exception caught in monitor loop: {0}", ex);
}
}
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
var user = filterContext.RequestContext.HttpContext.User.Identity as ClaimsIdentity;
var storeId = filterContext.RouteData.Values[_storeIdKey] as string;
if (user != null && storeId != null)
{
var userToken = AuthenticationHelper.GetAuthenticatedUserToken(user);
var repo = AccountsRepositoryFactory.GetAccountsRepository();
var userAccess = repo.GetUserAccessKey(userToken, storeId);
if (userAccess != null)
{
if ((userAccess.Access & _requiredAccessLevel) > 0)
{
filterContext.RequestContext.RouteData.Values.Add("_accessLevel", userAccess.Access);
filterContext.RequestContext.RouteData.Values.Add("_access", userAccess);
return;
}
}
}
filterContext.Result = new HttpUnauthorizedResult();
}
private bool ValidateAccessPrivileges(HttpRequestBase request, AccountDetails accessAccount)
{
if (_requiredAccessLevel == StoreAccessLevel.Superuser)
{
// Already validated signature against super user credentials
return(true);
}
var routeData = request.RequestContext.RouteData;
object tmp;
if (routeData.Values != null && routeData.Values.TryGetValue("subscription", out tmp))
{
var subscriptionId = tmp.ToString();
if (_requiredAccessLevel == StoreAccessLevel.Owner)
{
// Owner access is checked against the subscription - the access account must own the subscription being accessed.
return(accessAccount.Subscriptions.Any(s => s.Id.Equals(subscriptionId)));
}
if (routeData.Values.TryGetValue("storeId", out tmp))
{
var storeId = tmp.ToString();
var accRepo = AccountsRepositoryFactory.GetAccountsRepository();
var accessKey = accRepo.GetAccountAccessKey(accessAccount.AccountId, storeId);
if (accessKey != null && (accessKey.Access & _requiredAccessLevel) > 0)
{
routeData.Values["_accessLevel"] = accessKey.Access;
return(true);
}
}
else
{
// No store id - this should only be for listing stores
return(true);
}
}
return(false);
}
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
var user = filterContext.RequestContext.HttpContext.User.Identity as ClaimsIdentity;
if (user != null)
{
var userToken = AuthenticationHelper.GetAuthenticatedUserToken(user);
if (userToken != null)
{
var repo = AccountsRepositoryFactory.GetAccountsRepository();
var account = repo.GetAccountDetailsForUser(userToken);
if (account != null)
{
if (account.IsAdmin)
{
filterContext.RequestContext.RouteData.Values.Add("_userAccount", account);
return;
}
}
}
}
filterContext.Result = new HttpUnauthorizedResult();
}