/// <summary>
        /// Handles the PreSendRquestHeaders event of the context control.
        /// </summary>
        void HasSecureAccess(object sender, EventArgs e)
        {
            var httpApplication = (HttpApplication)sender;
            var response = new HttpResponseWrapper(httpApplication.Response);
            var request = new HttpRequestWrapper(httpApplication.Request);
            var context = new HttpContextWrapper(httpApplication.Context);

            if (true.Equals(context.Items["RequestWasNotAuthorized"]) && request.IsAjaxRequest())
            {
                response.StatusCode = 401;
                response.ClearContent();
            }
        }
 public override string GetVaryByCustomString(HttpContext context, string custom)
 {
     var customs = custom.Split(new[] {','}, StringSplitOptions.RemoveEmptyEntries);
     var cacheKey = string.Empty;
     foreach (var type in customs)
     {
         switch (type)
         {
             case VaryByCustom.User:
                 cacheKey += "ByUser_" + (context.User.Identity.IsAuthenticated ? context.User.Identity.Name : string.Empty);
                 break;
             case VaryByCustom.UserIsAuthenticated:
                 cacheKey += "ByUserIsAuthenticated_" + (context.User.Identity.IsAuthenticated ? "user" : "anon");
                 break;
             case VaryByCustom.Ajax:
                 var requestBase = new HttpRequestWrapper(context.Request);
                 cacheKey += "ByAjax_" + requestBase.IsAjaxRequest();
                 break;
         }
     }
     return cacheKey;
 }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var skipSessionExpirationCheck = filterContext.ActionDescriptor.IsDefined(typeof(IgnoreSessionExpireAttribute), true)
                                        || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(IgnoreSessionExpireAttribute), true);

            if (!skipSessionExpirationCheck)
            {
                HttpContext currentContext = HttpContext.Current;

                // check if session is supported
                if (currentContext.Session != null)
                {
                    // check if a new session id was generated
                    if (currentContext.Session.IsNewSession)
                    {
                        // If it says it is a new session, but an existing cookie exists, then it must have timed out
                        string sessionCookie = currentContext.Request.Headers["Cookie"];

                        if (sessionCookie != null && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0))
                        {
                            var req = new HttpRequestWrapper(System.Web.HttpContext.Current.Request);
                            if (req.IsAjaxRequest())
                            {
                                //do nothing as it is being handled in relevant ajax calls
                            }
                            else
                            {
                                //we can specify which action to be called in case session has expired
                                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "Controller", "ControllerName" }, { "Action", "ActionName" } });
                            }

                        }
                    }
                }
            }

            base.OnActionExecuting(filterContext);
        }
        public static void SuppressLoginRedirectsForApiCalls()
        {
            var app = HttpContext.Current.ApplicationInstance;
            app.PostMapRequestHandler += 
                delegate
                {
                    var ctx = HttpContext.Current;
                    var req = new HttpRequestWrapper(ctx.Request);
                    if (req.IsAjaxRequest())
                    {
                        ctx.Response.SuppressFormsAuthenticationRedirect = true;
                    }
                };

            var fam = FederatedAuthentication.WSFederationAuthenticationModule;
            if (fam != null)
            {
                fam.AuthorizationFailed +=
                    delegate(object sender, AuthorizationFailedEventArgs e)
                    {
                        var ctx = HttpContext.Current;
                        if (!ctx.Request.IsAuthenticated)
                        {
                            e.RedirectToIdentityProvider = !ctx.Response.SuppressFormsAuthenticationRedirect;
                        }
                    };
            }
        }
        public static void SuppressLoginRedirectsForApiCalls()
        {
            var app = HttpContext.Current.ApplicationInstance;
            app.PostMapRequestHandler += 
                delegate
                {
                    var ctx = HttpContext.Current;
                    var req = new HttpRequestWrapper(ctx.Request);
                    var isApi = (req.IsAjaxRequest() ||
                                 ctx.Handler.GetType().FullName == WebApiControllerName);
                    ctx.Response.SuppressFormsAuthenticationRedirect = isApi;
                };

            var sam = FederatedAuthentication.WSFederationAuthenticationModule;
            if (sam != null)
            {
                sam.AuthorizationFailed +=
                    delegate(object sender, AuthorizationFailedEventArgs e)
                    {
                        var ctx = HttpContext.Current;
                        e.RedirectToIdentityProvider = !ctx.Response.SuppressFormsAuthenticationRedirect;
                    };
            }
        }
Beispiel #6
0
 public static bool IsAjaxRequest(this HttpRequest request)
 {
     HttpRequestWrapper wrapped = new HttpRequestWrapper(request);
     bool isAjax = wrapped.IsAjaxRequest();
     return isAjax;
 }
 public static void SuppressLoginRedirectsForApiCalls()
 {
     var sam = FederatedAuthentication.WSFederationAuthenticationModule;
     if (sam != null)
     {
         sam.AuthorizationFailed +=
             delegate(object sender, AuthorizationFailedEventArgs e)
             {
                 var ctx = HttpContext.Current;
                 if (!ctx.User.Identity.IsAuthenticated)
                 {
                     var handler = ctx.Handler;
                     var req = new HttpRequestWrapper(ctx.Request);
                     var isApi = (req.IsAjaxRequest() ||
                                  (handler != null && 
                                   handler.GetType().FullName == WebApiControllerName));
                     e.RedirectToIdentityProvider = !isApi;
                 }
             };
     }
 }