/// <summary> /// Returns the user to check. Default is to use the HttpContext's User Identity as the username /// </summary> /// <param name="httpContext">The HttpContext of the request</param> /// <returns>The UserInfo, should return the Public user if they are not logged in.</returns> public async Task <UserInfo> GetCurrentUserInfoAsync() { UserInfo foundUser = null; var site = SiteContextSafe(); // Create GetUser Event Arguments GetUserEventArgs userArgs = new GetUserEventArgs() { HttpContext = _httpContext }; var customUser = await _authorizationContextCustomizer.GetCustomUserAsync(userArgs, AuthorizationEventType.Before); if (customUser != null) { return(customUser); } // Grab Username and find the user string username = !string.IsNullOrWhiteSpace(userArgs.FoundUserName) ? userArgs.FoundUserName : DataHelper.GetNotEmpty((_httpContext.User != null && _httpContext.User.Identity != null ? _httpContext.User.Identity.Name : "public"), "public"); foundUser = await _progressiveCache.LoadAsync(async cs => { var userObj = await _userInfoProvider.GetAsync(username); if (userObj == null || !userObj.Enabled) { userObj = await _userInfoProvider.GetAsync("public"); } if (cs.Cached) { cs.CacheDependency = CacheHelper.GetCacheDependency("cms.user|byid|" + userObj.UserID); } return(userObj); }, new CacheSettings(60, "KenticoAuthorizeGetCurrentUser", username)); userArgs.FoundUser = foundUser; customUser = await _authorizationContextCustomizer.GetCustomUserAsync(userArgs, AuthorizationEventType.Before); if (customUser != null) { foundUser = customUser; } return(foundUser); }
public async Task <bool> IsAuthorizedAsync(UserContext user, AuthorizationConfiguration authConfig, TreeNode currentPage = null, string pageTemplateIdentifier = null) { bool authorized = false; // Will remain true only if no other higher priority authorization items were specified bool OnlyAuthenticatedCheck = true; // Global admin if (!authorized && user.IsGlobalAdmin) { authorized = true; OnlyAuthenticatedCheck = false; } // Roles if (!authorized && authConfig.Roles.Any()) { OnlyAuthenticatedCheck = false; authorized = (user.Roles.Intersect(authConfig.Roles, StringComparer.InvariantCultureIgnoreCase).Any()); } // Users no longer there if (!authorized && authConfig.Users.Any()) { OnlyAuthenticatedCheck = false; authorized = authConfig.Users.Contains(user.UserName, StringComparer.InvariantCultureIgnoreCase); } // Explicit Permissions if (!authorized && authConfig.ResourceAndPermissionNames.Any()) { OnlyAuthenticatedCheck = false; authorized = authConfig.ResourceAndPermissionNames.Intersect(user.Permissions, StringComparer.InvariantCultureIgnoreCase).Any(); } // Check page level security if (!authorized && authConfig.CheckPageACL && currentPage != null) { // Need basic user from username var userInfo = await _progressiveCache.LoadAsync(async cs => { if (cs.Cached) { cs.CacheDependency = CacheHelper.GetCacheDependency($"{UserInfo.OBJECT_TYPE}|byname|{user.UserName}"); } var userResult = (await _userInfoProvider.GetAsync(user.UserName)); return(userResult); }, new CacheSettings(30, "GetUserInfoForAuthorization", user.UserName)); // Kentico has own caching so okay to call uncached if (TreeSecurityProvider.IsAuthorizedPerNode(currentPage, authConfig.NodePermissionToCheck, userInfo) != AuthorizationResultEnum.Denied) { authorized = true; } } // If there were no other authentication properties, check if this is purely an "just requires authentication" area if (OnlyAuthenticatedCheck && (!authConfig.UserAuthenticationRequired || user.IsAuthenticated)) { authorized = true; } return(authorized); }