protected void Application_Start()
{
//Set the data base initializer for the site. This will drop and re-create the database if any model changes are made.
Database.SetInitializer(new UserRolesContextInitializer());
//Force the context to initialize on app start... comment this line out after the site starts up for the first time!
using (var context = new UserRolesContext())
{
context.Database.Initialize(true);
}
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AuthConfig.RegisterAuth();
}
public ActionResult UpdateUserInfo(ManageNonPasswordModel model)
{
bool userExists = false;
if (ModelState.IsValid)
{
using (var context = new UserRolesContext())
{
var updateMe = context.UserProfiles.FirstOrDefault(x => x.UserId == model.UserId);
if (updateMe != null)
{
updateMe.FirstName = model.FirstName;
updateMe.LastName = model.LastName;
updateMe.PhoneNumber = model.PhoneNumber;
context.SaveChanges();
userExists = true;
}
}
if (userExists)
return RedirectToAction("Manage", new { Message = ManageMessageId.UdpateUserInfoSuccess });
}
return RedirectToAction("Manage", new { Message = ManageMessageId.UpdateUserInfoFailed });
}
//
// GET: /Account/Manage
public ActionResult Manage(ManageMessageId? message)
{
ViewBag.StatusMessage =
message == ManageMessageId.ChangePasswordSuccess ? "Your password has been changed."
: message == ManageMessageId.SetPasswordSuccess ? "Your password has been set."
: message == ManageMessageId.RemoveLoginSuccess ? "The external login was removed."
: message == ManageMessageId.UdpateUserInfoSuccess ? "User info updated successfully."
: message == ManageMessageId.UpdateUserInfoFailed ? "There was an error while trying to update user info"
: "";
ViewBag.HasLocalPassword = OAuthWebSecurity.HasLocalAccount(WebSecurity.GetUserId(User.Identity.Name));
var userId = WebSecurity.GetUserId(User.Identity.Name);
bool hasLocalAccount = OAuthWebSecurity.HasLocalAccount(userId);
var model = new LocalPasswordModel();
//Populate the user info stuff
if (hasLocalAccount)
{
using (var context = new UserRolesContext())
{
var user = context.UserProfiles.FirstOrDefault(x => x.UserId == userId);
model.UserInfo = new ManageNonPasswordModel
{
UserId = user.UserId,
FirstName = user.FirstName,
LastName = user.LastName,
PhoneNumber = user.PhoneNumber
};
}
}
ViewBag.ReturnUrl = Url.Action("Manage");
return View(model);
}
public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
{
string provider = null;
string providerUserId = null;
if (User.Identity.IsAuthenticated || !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId))
{
return RedirectToAction("Manage");
}
if (ModelState.IsValid)
{
// Insert a new user into the database
using (var db = new UserRolesContext())
{
UserProfile user = db.UserProfiles.FirstOrDefault(u => u.UserName.ToLower() == model.UserName.ToLower());
// Check if user already exists
if (user == null)
{
// Insert name into the profile table
db.UserProfiles.Add(new UserProfile { UserName = model.UserName });
db.SaveChanges();
OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.UserName);
OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("UserName", "User name already exists. Please enter a different user name.");
}
}
}
ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
ViewBag.ReturnUrl = returnUrl;
return View(model);
}
/// <summary>
/// Get a collection of permissions for each controller on the site that inherit from base controller.
/// </summary>
/// <returns></returns>
public static IEnumerable<CustomPermissionViewModel> GetAllControllerPermissions()
{
_urlLookupList.Clear();
var permissions = new List<CustomPermissionViewModel>();
var assembly = Assembly.GetCallingAssembly();
Type baseType = typeof(BaseController);
var controllers = assembly.GetTypes().Where(x => baseType.IsAssignableFrom(x) && x.Name != "BaseController");
foreach (var crtl in controllers)
{
var methods = crtl.GetMethods().Where(x => x.ReturnType == typeof(ActionResult));
var controllerName = crtl.Name.Replace("Controller", "");
foreach (var method in methods)
{
//Ignore if the method has an anonymous attribute
var anonymous =
method.CustomAttributes.FirstOrDefault(attr => attr.AttributeType.Name == "AllowAnonymousAttribute");
if (anonymous != null)
{
//Add an anonymous user to the controller and method
var permission = new CustomPermissionViewModel
{
ControllerName = controllerName,
ActionName = method.Name,
UserNames = new List<string>(new[] { Constants.ANONYMOUS_USER }),
Roles = new List<string>()
};
permissions.Add(permission);
//Keep a list of all the available URLs
_urlLookupList.Add(new UrlLookupHelper
{
ActionName = permission.ActionName,
ControllerName = permission.ControllerName,
Url = permission.Url
});
continue;
}
var permissionExists =
permissions.FirstOrDefault(
x => x.ActionName == method.Name && x.ControllerName == controllerName);
//Only add the new permission if there is not already a permission for the current controller / action
if (permissionExists == null)
{
var permission = new CustomPermissionViewModel
{
ControllerName = controllerName,
ActionName = method.Name,
UserNames = new List<string>(),
Roles = new List<string>()
};
using (var context = new UserRolesContext())
{
var row = context.Permissions.FirstOrDefault(x => x.Action == permission.ActionName
&& x.Controller == permission.ControllerName);
if (row != null)
{
permission.UserNames = (row.UserNames != null) ? row.UserNames.Split(new[] { ',' }).ToList() : new List<string>();
permission.Roles = (row.RoleNames != null) ? row.RoleNames.Split(new[] { ',' }).ToList() : new List<string>();
permission.CustomPermissionId = row.CustomPermissionId;
}
}
var urlHelper = new UrlHelper(HttpContext.Current.Request.RequestContext);
permission.Url = urlHelper.Action(permission.ActionName, permission.ControllerName);
permissions.Add(permission);
//Keep a list of all the available URLs
_urlLookupList.Add(new UrlLookupHelper
{
ActionName = permission.ActionName,
ControllerName = permission.ControllerName,
Url = permission.Url
});
}
}
}
return permissions;
}
/// <summary>
/// Update the permissions in the database
/// </summary>
/// <param name="permission">A CustomPermissionViewModel</param>
public static void UpdateSecurityPermission(CustomPermissionViewModel permission)
{
using (var context = new UserRolesContext())
{
//Get the appropriate action and controller for the updated URL...
var lookup = _urlLookupList.FirstOrDefault(x => x.Url == permission.Url);
var roleList = "";
var userList = "";
if (permission.Roles != null) permission.Roles.ForEach(role => roleList += (roleList == "") ? role : "," + role);
if (permission.UserNames != null) permission.UserNames.ForEach(userName => userList += (userList == "") ? userName : "******" + userName);
var updateMe =
context.Permissions.FirstOrDefault(x => x.CustomPermissionId == permission.CustomPermissionId);
if (updateMe != null)
{
updateMe.Controller = lookup.ControllerName;
updateMe.Action = lookup.ActionName;
updateMe.RoleNames = roleList;
updateMe.UserNames = userList;
}else
{
var addMe = new CustomPermission();
addMe.Action = lookup.ActionName;
addMe.Controller = lookup.ControllerName;
addMe.RoleNames = roleList;
addMe.UserNames = userList;
context.Permissions.Add(addMe);
}
context.SaveChanges();
}
}
