protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var context = httpContext;
var routeData = RouteTable.Routes.GetRouteData(context);
if (routeData == null) return false;
if (string.IsNullOrEmpty(context.User.Identity.Name)) return false;
if (context.User.Identity.IsAuthenticated)
{
var controllerName = routeData.GetRequiredString("controller");
var actionName = routeData.GetRequiredString("action");
var userName = context.User.Identity.Name;
var config = new ConfigAuthorized
{
Controller = controllerName.ToLower(),
Action = actionName.ToLower(),
Perfil = Security.GetPerfilByUserName(userName).ToLower()
};
if (!IsAuthorized(config))
{
context.Response.StatusCode = 530;
context.Response.TrySkipIisCustomErrors = true;
context.Response.End();
return false;
}
return true;
}
return false;
}
private static bool IsAuthorized(ConfigAuthorized config)
{
var context = HttpContext.Current;
XDocument xDoc = null;
if (context.Cache["ControllerActionsSecurity"] == null)
{
var path = HttpContext.Current.Server.MapPath(@"~/MenuActionSecurity.xml");
xDoc = XDocument.Load(path);
context.Cache.Insert("ControllerActionsSecurity", xDoc);
}
xDoc = (XDocument)context.Cache["ControllerActionsSecurity"];
var xElement = xDoc.Descendants("menuitem");
var elements = xElement.Elements();
var perfil = (from e in elements
where
((string) e.Attribute("controller")) == config.Controller &&
((string) e.Attribute("action")).Split(',').Contains(config.Action)
select e);
return perfil.Any(element => PerfilIsValid(element, config.Perfil));
}
