public override void OnFormsAuthenticate(HttpContextBase context)
{
//// Ignore resource files
if (UrlUtilities.IsCommonResource(context.Request.RawUrl)) return;
var session = new UserSession();
// Forms authentication
if (!SystemConfiguration.Instance.SecuritySettings.UseWindowAuthentication)
{
//Need to explicitly set User on this context again although we already did it in line: DashboardSession session = new DashboardSession();
//Dont really know why but it seems FormsAuthenticationEventArgs.Context and HttpContext.Current are different to each other in this case
context.User = session.Principal;
return;
}
//**********************************************************************
//** Use windows authentication instead of forms authentication
// Has user allready been verified for this session?
string username = context.Request.ServerVariables["LOGON_USER"];
if (string.IsNullOrEmpty(username))
{
//Anonymous user
//Need to explicitly set User on this context again although we already did it in line: DashboardSession session = new DashboardSession();
//Dont really know why but it seems FormsAuthenticationEventArgs.Context and HttpContext.Current are different to each other in this case
context.User = new WindowsPrincipal(WindowsIdentity.GetAnonymous());
return;
}
if (!session.IsAuthenticated())
{
var user = SecurityUtility.GetUserByUsername(username);
if (user == null)
{
context.User = new WindowsPrincipal(WindowsIdentity.GetAnonymous());
return;
}
//attach the user to current Dashboard session
session = new UserSession(user);
context.User = session.Principal;
}
}
public static UserSession Logout()
{
var session = new UserSession();
session.DoLogout();
return session;
}