public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
VauctionPrincipal principal = (filterContext.HttpContext.User as VauctionPrincipal);
if (principal == null)
{
LogOutUser(filterContext); return;
}
VauctionIdentity identity = principal.UIdentity;
var user = filterContext.HttpContext.Session[SessionKeys.User] as SessionUser;
if (user == null || (string.Compare(user.IP, filterContext.HttpContext.Request.UserHostAddress, true) != 0 && user.IsBuyer))
{
LogOutUser(filterContext); return;
}
bool isNeedToCheckStatus = principal.IsNeedToCheckStatus(statusCheckTime);
if (isNeedToCheckStatus)
{
User usr = ProjectConfig.Config.DataProvider.GetInstance().UserRepository.GetUserAdministrator(identity.ID, identity.Name);
if (usr != null && user.Status != (byte)Consts.UserStatus.Active)
{
IFormsAuthenticationService formsService = new FormsAuthenticationService();
formsService.SignIn(usr.Login, identity.RememberMe, usr);
}
else
{
LogOutUser(filterContext);
return;
}
}
if (!String.IsNullOrEmpty(Roles))
{
string[] roles = Roles.Split(',');
bool res = false;
foreach (string role in roles)
{
if (res = (role.Equals(((Consts.UserTypes)user.UserType).ToString(), StringComparison.InvariantCulture)))
{
break;
}
}
if (!res)
{
filterContext.HttpContext.Response.Redirect("/Home/AccessDenyed");
}
}
}
else if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
NotAuthorized(filterContext);
}
}
public override bool Validate(string id)
{
try
{
HttpContext context = HttpContext.Current;
VauctionPrincipal principal = (context.User as VauctionPrincipal);
return(id == ((principal == null || !context.Request.IsAuthenticated) ? (new Guid(id)).ToString() : GetSessionID(principal.UIdentity.Name, principal.UIdentity.ID)));
}
catch
{
}
return(false);
}
public override bool Validate(string id)
{
try
{
HttpContext context = HttpContext.Current;
VauctionPrincipal principal = (context.User as VauctionPrincipal);
return(id == ((principal == null || !context.Request.IsAuthenticated) ? (new Guid(id)).ToString() : GetSessionID(context.Request.UserHostAddress, principal.UIdentity.ID, context.Request.Browser.Browser, context.Request.Browser.Version, context.Request.Browser.Platform)));
}
catch (Exception)
{
}
return(false);
}
protected virtual bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
if (!httpContext.User.Identity.IsAuthenticated)
{
return(false);
}
VauctionPrincipal principal = (httpContext.User as VauctionPrincipal);
if (principal == null)
{
return(false);
}
return(true);
}
public override string CreateSessionID(HttpContext context)
{
VauctionPrincipal principal = (context.User as VauctionPrincipal);
return((principal == null || !context.Request.IsAuthenticated) ? Guid.NewGuid().ToString() : GetSessionID(principal.UIdentity.Name, principal.UIdentity.ID));
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
VauctionPrincipal principal = (filterContext.HttpContext.User as VauctionPrincipal);
if (principal == null)
{
LogOutUser(filterContext); return;
}
VauctionIdentity identity = principal.UIdentity;
var user = AppHelper.CurrentUser;
if (user == null)
{
LogOutUser(filterContext); return;
}
//#region added 2013-03-15 -> cross session check
//VauctionIdentity videntity = principal.UIdentity;
//if (videntity.ID != user.ID)
//{
// Logger.LogInfo(String.Format("[SESSION-ERROR]: SessionID:{0} | CurrentUser:{1} | CrossedUser: {2} | IP: {3} | Local IP: {4}\n\t\t\tUser Agent: {5}", HttpContext.Current.Session.SessionID, videntity.ID, user.ID, Consts.UsersIPAddress, HttpContext.Current.Request.ServerVariables["LOCAL_ADDR"], HttpContext.Current.Request.UserAgent));
// LogOutUser(filterContext); return;
//}
//#endregion
bool isNeedToCheckStatus = principal.IsNeedToCheckStatus(statusCheckTime);
if (isNeedToCheckStatus)
{
User usr = ProjectConfig.Config.DataProvider.GetInstance().UserRepository.GetUserActiveAndApproved(identity.ID, identity.Name);
if (usr != null && user.Status != (byte)Consts.UserStatus.Active)
{
//IFormsAuthenticationService formsService = new FormsAuthenticationService();
//formsService.SignIn(identity.Name, identity.RememberMe, usr);
}
else
{
LogOutUser(filterContext);
return;
}
}
bool isbackend = false;
if (!String.IsNullOrEmpty(IsBackendUser) && Boolean.TryParse(IsBackendUser, out isbackend) && isbackend && !user.IsAdminType)
{
LogOutUser(filterContext);
return;
}
if (!String.IsNullOrEmpty(Roles))
{
string[] roles = Roles.Split(',');
bool res = false;
foreach (string role in roles)
{
if (res = (role.Equals(((Consts.UserTypes)user.UserType).ToString(), StringComparison.InvariantCulture)))
{
break;
}
}
if (!res)
{
NotAuthorized(filterContext);
}
}
}
else if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
NotAuthorized(filterContext);
}
}
public override string CreateSessionID(HttpContext context)
{
VauctionPrincipal principal = (context.User as VauctionPrincipal);
return((principal == null || !context.Request.IsAuthenticated) ? Guid.NewGuid().ToString() : GetSessionID(context.Request.UserHostAddress, principal.UIdentity.ID, context.Request.Browser.Browser, context.Request.Browser.Version, context.Request.Browser.Platform));
}