public override void OnAuthorization(AuthorizationContext filterContext)
{
var isAuthencicated = false;
if (filterContext.HttpContext.Request.IsAuthenticated)
{
var authorizedRoles = AuthorizedRoles.Split(',');
if (authorizedRoles.Length > 0)
{
if (CurrentUser.Roles != null)
{
foreach (var role in CurrentUser.Roles)
{
if (authorizedRoles.Contains(role))
{
isAuthencicated = true;
}
}
}
}
else
{
isAuthencicated = true;
}
}
if (!isAuthencicated)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
{
controller = "Error",
action = "Index"
}));
}
base.OnAuthorization(filterContext);
}
/// <summary>
/// Checks whether user is authorized per project access.
/// </summary>
public bool IsAuthorizedPerProjectAccess()
{
// Keep current user
var cui = MembershipContext.AuthenticatedUser;
// Switch by create project option
switch (ProjectAccess.ToLowerCSafe())
{
// All users
case "all":
return(true);
// Authenticated users
case "authenticated":
if (!cui.IsPublic())
{
return(true);
}
break;
// Group members
case "groupmember":
if (CommunityGroupID > 0)
{
return(cui.IsGroupMember(CommunityGroupID));
}
break;
// Authorized roles
case "authorized":
// Check whether roles are defined
if (!String.IsNullOrEmpty(AuthorizedRoles))
{
// Check whether user is valid group member if current project is assigned to some group
if (CommunityGroupID > 0)
{
if (!cui.IsGroupMember(CommunityGroupID))
{
return(false);
}
}
// Keep site name
string siteName = SiteContext.CurrentSiteName;
// Split roles by semicolon
string[] roles = AuthorizedRoles.Split(';');
// Loop thru all roles and check if user is assigned at leat to one role
foreach (string role in roles)
{
// If user is in role, break current cycle and return true
if (cui.IsInRole(role, siteName))
{
return(true);
}
}
}
break;
// Nobody
case "nobody":
default:
return(false);
}
return(false);
}
/// <summary>
/// Called by the MVC framework before the action method executes.
/// </summary>
/// <param name="filterContext">The filter context.</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
if (OnlyAllowUnauthenticatedUsers)
{
return;
}
//use the current url for the redirect
string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
//send them off to the login page
string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(loginUrl, true);
return;
}
else //User is authenticated
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
var requestContext = new RequestContext(httpContext, new RouteData());
var u = new UrlHelper(requestContext);
if (OnlyAllowUnauthenticatedUsers)
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true);
return;
}
//Unauthorized roles
bool isUnAuthorized = false;
if (!string.IsNullOrEmpty(UnauthorizedRoles))
{
if (!(UnauthorizedRoles.Trim() == ""))
{
var roleSplit = UnauthorizedRoles.Split(',');
foreach (var role in roleSplit)
{
if (filterContext.HttpContext.User.IsInRole(role.Trim()))
{
isUnAuthorized = true;
break;
}
}
}
}
if (isUnAuthorized)
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true);
return;
}
//Authorized roles
bool isAuthorized = false;
if (!string.IsNullOrEmpty(AuthorizedRoles))
{
if (!(AuthorizedRoles.Trim() == ""))
{
var roleSplit = AuthorizedRoles.Split(',');
foreach (var role in roleSplit)
{
if (filterContext.HttpContext.User.IsInRole(role.Trim()))
{
isAuthorized = true;
break;
}
}
}
}
else
{
isAuthorized = true;
}
if (!isAuthorized)
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true);
return;
}
}
}
/// <summary>
/// Called by the MVC framework before the action method executes.
/// </summary>
/// <param name="filterContext">The filter context.</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
if (OnlyAllowUnauthenticatedUsers)
{
return;
}
//use the current url for the redirect
string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
//send them off to the login page
string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(loginUrl, true);
return;
}
else //User is authenticated
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
var requestContext = new RequestContext(httpContext, new RouteData());
var u = new UrlHelper(requestContext);
if (OnlyAllowUnauthenticatedUsers)
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true);
return;
}
if (!AuthorizeSuspended && !filterContext.HttpContext.User.IsInRole(RoleNames.ActiveUser))
{
//Is suspended
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("ShowSuspensionStatus", "Account"), true);
return;
}
if (!AuthorizeEmailNotConfirmed && filterContext.HttpContext.User.IsInRole(RoleNames.EmailNotConfirmed) && ConfigurationManager.AppSettings["RequireEmailConfirmation"] == "true")
{
//Email hasn't been confirmed
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("ShowEmailAddressVerificationStatus", "Account"), true);
return;
}
//Unauthorized roles
bool isUnAuthorized = false;
if (!string.IsNullOrEmpty(UnauthorizedRoles))
{
if (!(UnauthorizedRoles.Trim() == ""))
{
var roleSplit = UnauthorizedRoles.Split(',');
foreach (var role in roleSplit)
{
if (filterContext.HttpContext.User.IsInRole(role.Trim()))
{
isUnAuthorized = true;
break;
}
}
}
}
if (isUnAuthorized)
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true);
return;
}
//Authorized roles
bool isAuthorized = false;
if (!string.IsNullOrEmpty(AuthorizedRoles))
{
if (!(AuthorizedRoles.Trim() == ""))
{
var roleSplit = AuthorizedRoles.Split(',');
foreach (var role in roleSplit)
{
if (filterContext.HttpContext.User.IsInRole(role.Trim()))
{
isAuthorized = true;
break;
}
}
}
}
else
{
isAuthorized = true;
}
if (!isAuthorized)
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true);
return;
}
}
}