public bool IsAuthorized(string authenticationToken, HttpActionEnumCombinationRule combineRule = HttpActionEnumCombinationRule.Any, PermissionType permission = PermissionType.Write, int[] actions = null) { if (string.IsNullOrWhiteSpace(authenticationToken)) { throw new AuthenticationException(AuthenticationType.User, "AuthenticationException.UnAuthorizedRequest"); } return(_userService.IsValidToken(authenticationToken)); }
public bool IsAuthorized(System.Web.HttpContextBase httpContext, HttpActionEnumCombinationRule combineRule = HttpActionEnumCombinationRule.Any, PermissionType permission = PermissionType.Write, int[] actions = null) { return(true); //if (WebSessionManager.Instance.CurrentUserId <= 0 || string.IsNullOrEmpty(WebSessionManager.Instance.CurrentDrugStoreCode)) //{ // retVal = false; //} //Get the current claims principal //var prinicpal = (ClaimsPrincipal)Thread.CurrentPrincipal; //Make sure they are authenticated //if (!prinicpal.Identity.IsAuthenticated) // return false; //allows if SuperUser. //if (prinicpal.IsInRole(MedMan.App_Start.Constants.Security.Roles.SuperUser.Value)) //{ // return true; //} //var roles = prinicpal.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray(); //Check if they are authorized //retVal = FunctionsService.Authorize(controller, action, nhaThuoc, checkRoles); //var request = httpContext.Request; //string controller = request.RequestContext.RouteData.Values["controller"].ToString(); //string action = request.RequestContext.RouteData.Values["action"].ToString(); var session = WebSessionManager.Instance; var currentUserId = session.CurrentUserId; if (currentUserId > 0) { //var drugStoreCode = session.CurrentDrugStoreCode; //var request = httpContext.Request; //// Generate an audit //var audit = new Audit() //{ // // Your Audit Identifier // AuditID = Guid.NewGuid(), // // Our Username (if available) // UserName = (request.IsAuthenticated) ? httpContext.User.Identity.Name : "Anonymous", // UserID = currentUserId, // DrugStoreCode = drugStoreCode, // // The IP Address of the Request // IPAddress = request.ServerVariables["HTTP_X_FORWARDED_FOR"] ?? request.UserHostAddress, // // The URL that was accessed // AreaAccessed = request.RawUrl, // // Creates our Timestamp // CreatedDateTime = DateTime.UtcNow //}; //HostingEnvironment.QueueBackgroundWorkItem(ct => AuditAction(audit, currentUserId, drugStoreCode)); } var user = session.CurrentUser; if (null == user) { return(false); } if (user.IsSystemAdmin() || actions == null || !actions.Any()) { return(true); } switch (combineRule) { case HttpActionEnumCombinationRule.Any: return(actions.Any(a => user.HasPermission(a))); case HttpActionEnumCombinationRule.All: return(actions.All(a => user.HasPermission(a))); case HttpActionEnumCombinationRule.NotAny: return(!actions.Any(a => user.HasPermission(a))); case HttpActionEnumCombinationRule.NotAll: return(!actions.All(a => user.HasPermission(a))); } return(false); }