Ejemplo n.º 1
0
        public User MapUserDTO(UserDTO input)
        {
            User output = new User();

            output.IsActive = input.IsActive;
            output.IsAdmin = input.IsAdmin;
            output.UserId = input.UserId;
            output.Username = input.Username;

            return output;
        }
Ejemplo n.º 2
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            bool disableAuthentication = false;
            GenericIdentity identity;
            GenericPrincipal principal;
            string[] roles;

            #if DEBUG
            disableAuthentication = true;
            #endif

            if (disableAuthentication)
            {
                // Create a fake user and use this in debugging to disable authentication.
                identity = new GenericIdentity("alongoria");
                roles = new string[] { "admin" };
                principal = new GenericPrincipal(identity, roles);
                httpContext.User = principal;
            }
            else
            {
                HttpCookie authCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName];

                if (authCookie != null)
                {
                    FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                    string username = authTicket.Name;

                    // According to many articles and Ninject docs like:
                    // https://github.com/ninject/Ninject.Web.Mvc/wiki/Filters-and-Scoped,
                    // https://www.cuttingedge.it/blogs/steven/pivot/entry.php?id=98,
                    // https://stackoverflow.com/questions/29915192/unity-property-injection-on-authorizeattribute
                    // MVC caches filters, which means dependency injection with .InRequestScope() does not work.
                    // If we try to inject the _authorizationFilter with Ninject, there is a runtime error saying the DbContext has been disposed
                    // on the second and all subsequent requests (works fine on the first request).
                    using (_userService = new UserService())
                    {
                        User user = _userService.GetByUsername(username);

                        if (user == null)
                        {
                            // The user has a cookie, so they are in the Active Directory.
                            // But they aren't in our local database (new employee, probably), so add them.

                            User newUser = new User()
                            {
                                Username = username,
                                IsActive = true,
                                IsAdmin = false
                            };

                            HttpCookie initialsCookie = httpContext.Request.Cookies[Configuration.GetAppSetting("UserInitialsCookieName")];

                            if (initialsCookie != null && !string.IsNullOrWhiteSpace(initialsCookie.Value))
                            {
                                newUser.Initials = initialsCookie.Value;
                            }
                            else
                            {
                                if (username.Length > 1)
                                    newUser.Initials = username.Substring(0, 2);
                                else
                                    newUser.Initials = "xx";
                            }

                            _userService.Insert(newUser);
                            user = _userService.GetByUsername(username);

                            using (var log = new LoggerConfiguration().ReadFrom.AppSettings().CreateLogger())
                            {
                                log.Information("A new user was added to the application: {0}", username);
                            }
                        } // End inserting new User and pulling it from the db.
                        else
                        {
                            // If there's a cookie with initials, check its value to make sure our db value isn't out of date.

                            HttpCookie initialsCookie = httpContext.Request.Cookies[Configuration.GetAppSetting("UserInitialsCookieName")];
                            if (initialsCookie != null && !string.IsNullOrWhiteSpace(initialsCookie.Value))
                            {
                                if (!initialsCookie.Value.Equals(user.Initials, System.StringComparison.CurrentCultureIgnoreCase))
                                {
                                    user.Initials = initialsCookie.Value;
                                    _userService.Update(user);
                                }
                            }
                        }

                        if (!user.IsActive)
                        {
                            using (var log = new LoggerConfiguration().ReadFrom.AppSettings().CreateLogger())
                            {
                                log.Warning("A user whose account was disabled attempted to log on to the application: {0}", username);
                            }

                            throw new HttpException(500, string.Format("The {0} account has been disabled.", authTicket.Name));
                        }

                        if (user.IsAdmin)
                            roles = new string[] { "admin" };
                        else
                            roles = null;
                    }

                    identity = new GenericIdentity(username, "Forms");
                    principal = new GenericPrincipal(identity, roles);
                    httpContext.User = principal;
                }
            }

            // Now that we have set httpContext.User appropriately, do the authorization check which will make sure user is in the proper Role.
            return base.AuthorizeCore(httpContext);
        }