protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            var claims = ClaimsPrincipal.Current.Claims;

            if (!claims.Any())
            {
                return(false);
            }

            Claim claim = claims.Where(o => o.Type == ClaimTypes.System).FirstOrDefault();

            if (claim == null)
            {
                return(false);
            }

            //[TokenAuthorize(Users = "Admin")]
            if (!string.IsNullOrEmpty(Users))
            {
                //TODO
            }

            //[TokenAuthorize(Roles = "Edit")]
            if (string.IsNullOrEmpty(Roles))
            {
                //TODO
            }

            if (EnumHelper.ToEnum <SiteType>(claim.Value) == SiteType.Admin)
            {
                AdminNavigationHelper helper = new AdminNavigationHelper();
                if (!helper.IsValidAjaxRequest(actionContext.Request.RequestUri.AbsolutePath))
                {
                    _IsNoPermissionToAccess = true;
                    return(false);
                }
            }

            return(base.IsAuthorized(actionContext));
        }
Ejemplo n.º 2
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (!httpContext.Request.RequestContext.RouteData.DataTokens.Keys.Contains("area"))
            {
                return(true);
            }

            _Area = httpContext.Request.RequestContext.RouteData.DataTokens["area"].ToString();

            SessionHelper session = TypeHelper.GetInstance <SessionHelper>(_Area);

            if (session == null)
            {
                return(true);
            }

            _LoginUri = session.LoginUri;

            if (session.IsNullSession())
            {
                return(false);
            }


            if (httpContext.Request.IsAjaxRequest())
            {
                if (_Area == SiteType.Admin.ToString())
                {
                    AdminNavigationHelper helper = new AdminNavigationHelper();
                    if (!helper.IsValidAjaxRequest(httpContext.Request.Url.AbsolutePath))
                    {
                        _IsNoPermissionToAccess = true;
                        return(false);
                    }
                }
            }

            return(true);
        }