Example #1
0
        private void OnPreRequestHandlerExecute(object sender, EventArgs args)
        {
            HttpApplication app = sender as HttpApplication;

            if (app != null)
            {
                Page   page = app.Context.Handler as Page;
                string url  = app.Request.Url.AbsolutePath;
                if (false == url.EndsWith(".aspx", StringComparison.InvariantCultureIgnoreCase))
                {
                    url += ".aspx";
                }

                var allowedAnonymous = authorSvc.GetAllowAnonymousResources();

                if (page != null &&
                    false == allowedAnonymous.Contains(url, StringComparer.InvariantCultureIgnoreCase) &&
                    0 != string.Compare(FormsAuthentication.LoginUrl, url, true))
                {
                    bool unauthenticated = app.User.Identity.IsAuthenticated == false;
                    if (unauthenticated)
                    {
                        page.Session.Abandon();
                        app.AbortResponse(401);
                    }
                    else
                    {
                        string authenName   = page.User.Identity.Name;
                        string sessionOnwer = page.Session[Const.SessionOwnerKey] as string ?? string.Empty;
                        if (SingleSessionAuthen && 0 != string.Compare(authenName, sessionOnwer, true))
                        {
                            app.AbortResponse(401);
                        }
                        else
                        {
                            var    deniedPages = authorSvc.GetDeniedResources(authenName);
                            string appUrl      = app.Request.AppRelativeCurrentExecutionFilePath;
                            if ((deniedPages.Contains(url, StringComparer.InvariantCultureIgnoreCase) ||
                                 deniedPages.Contains(appUrl, StringComparer.InvariantCultureIgnoreCase)))
                            {
                                app.AbortResponse(403);
                            }
                            else
                            {
                                page.InitComplete += (s, a) => { PreRenderPage.OnInitComplete(authorSvc, s, a); };
                                page.PreRender    += (s, a) => { PreRenderPage.OnPreRender(authorSvc, s, a); };
                                page.Init         += (s, a) =>
                                {
                                    Page p = s as Page;
                                    if (null != p)
                                    {
                                        p.ViewStateUserKey = KeySault + p.Session.SessionID;
                                    }
                                };
                            }
                        }
                    }
                }
            }
        }