Ejemplo n.º 1
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }

            IPrincipal user = httpContext.User;

            if (!user.Identity.IsAuthenticated)
            {
                return(false);
            }

            //Compare the list of roles required against those in the users token. Is no intersection then return false (unauthorized)
            if (base.Roles != string.Empty)
            {
                var _rolesSplit = base.Roles.Split(',').ToList();
                var userRoles   = ClaimsHelper.GetUserRoles(WebUI.Common.Common.GetToken(System.Web.HttpContext.Current));
                if (_rolesSplit.Count > 0 && _rolesSplit.Intersect(userRoles).Count() == 0)
                {
                    return(false);
                }
            }

            return(true);
        }