/// <summary>
/// Returns the user to check. Default is to use the HttpContext's User Identity as the username
/// </summary>
/// <param name="httpContext">The HttpContext of the request</param>
/// <returns>The UserInfo, should return the Public user if they are not logged in.</returns>
public async Task <UserInfo> GetCurrentUserInfoAsync()
{
UserInfo foundUser = null;
var site = SiteContextSafe();
// Create GetUser Event Arguments
GetUserEventArgs userArgs = new GetUserEventArgs()
{
HttpContext = _httpContext
};
var customUser = await _authorizationContextCustomizer.GetCustomUserAsync(userArgs, AuthorizationEventType.Before);
if (customUser != null)
{
return(customUser);
}
// Grab Username and find the user
string username = !string.IsNullOrWhiteSpace(userArgs.FoundUserName) ? userArgs.FoundUserName : DataHelper.GetNotEmpty((_httpContext.User != null && _httpContext.User.Identity != null ? _httpContext.User.Identity.Name : "public"), "public");
foundUser = await _progressiveCache.LoadAsync(async cs =>
{
var userObj = await _userInfoProvider.GetAsync(username);
if (userObj == null || !userObj.Enabled)
{
userObj = await _userInfoProvider.GetAsync("public");
}
if (cs.Cached)
{
cs.CacheDependency = CacheHelper.GetCacheDependency("cms.user|byid|" + userObj.UserID);
}
return(userObj);
}, new CacheSettings(60, "KenticoAuthorizeGetCurrentUser", username));
userArgs.FoundUser = foundUser;
customUser = await _authorizationContextCustomizer.GetCustomUserAsync(userArgs, AuthorizationEventType.Before);
if (customUser != null)
{
foundUser = customUser;
}
return(foundUser);
}
public async Task <bool> IsAuthorizedAsync(UserContext user, AuthorizationConfiguration authConfig, TreeNode currentPage = null, string pageTemplateIdentifier = null)
{
bool authorized = false;
// Will remain true only if no other higher priority authorization items were specified
bool OnlyAuthenticatedCheck = true;
// Global admin
if (!authorized && user.IsGlobalAdmin)
{
authorized = true;
OnlyAuthenticatedCheck = false;
}
// Roles
if (!authorized && authConfig.Roles.Any())
{
OnlyAuthenticatedCheck = false;
authorized = (user.Roles.Intersect(authConfig.Roles, StringComparer.InvariantCultureIgnoreCase).Any());
}
// Users no longer there
if (!authorized && authConfig.Users.Any())
{
OnlyAuthenticatedCheck = false;
authorized = authConfig.Users.Contains(user.UserName, StringComparer.InvariantCultureIgnoreCase);
}
// Explicit Permissions
if (!authorized && authConfig.ResourceAndPermissionNames.Any())
{
OnlyAuthenticatedCheck = false;
authorized = authConfig.ResourceAndPermissionNames.Intersect(user.Permissions, StringComparer.InvariantCultureIgnoreCase).Any();
}
// Check page level security
if (!authorized && authConfig.CheckPageACL && currentPage != null)
{
// Need basic user from username
var userInfo = await _progressiveCache.LoadAsync(async cs =>
{
if (cs.Cached)
{
cs.CacheDependency = CacheHelper.GetCacheDependency($"{UserInfo.OBJECT_TYPE}|byname|{user.UserName}");
}
var userResult = (await _userInfoProvider.GetAsync(user.UserName));
return(userResult);
}, new CacheSettings(30, "GetUserInfoForAuthorization", user.UserName));
// Kentico has own caching so okay to call uncached
if (TreeSecurityProvider.IsAuthorizedPerNode(currentPage, authConfig.NodePermissionToCheck, userInfo) != AuthorizationResultEnum.Denied)
{
authorized = true;
}
}
// If there were no other authentication properties, check if this is purely an "just requires authentication" area
if (OnlyAuthenticatedCheck && (!authConfig.UserAuthenticationRequired || user.IsAuthenticated))
{
authorized = true;
}
return(authorized);
}
