protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
DynamicRoleRequirement requirement)
{
var httpContext = _contextAccessor.HttpContext;
var userId = httpContext.User.FindFirstValue(ClaimTypes.NameIdentifier);
if (string.IsNullOrEmpty(userId))
{
return;
}
var dbRoleValidationGuid = _memoryCache.GetOrCreate("RoleValidationGuid", p =>
{
p.AbsoluteExpiration = DateTimeOffset.MaxValue;
return(_utilities.DataBaseRoleValidationGuid());
});
//var allAreasName = _memoryCache.GetOrCreate("allAreasName",
// p =>
//{
// p.AbsoluteExpiration = DateTimeOffset.MaxValue;
// return _utilities.GetAllAreasNames();
//});
SplitUserRequestedUrl(httpContext, out var areaAndControllerAndActionName);
UnprotectRvgCookieData(httpContext, out var unprotectedRvgCookie);
if (!IsRvgCookieDataValid(unprotectedRvgCookie, userId, dbRoleValidationGuid))
{
var user = await _userManager.FindByIdAsync(userId);
if (user == null)
{
return;
}
AddOrUpdateRvgCookie(httpContext, dbRoleValidationGuid, userId);
await _signInManager.RefreshSignInAsync(user);
//Check in DataBase
// var userRolesId = _dbContext.UserRoles.AsNoTracking()
// .Where(r => r.UserId == userId)
// .Select(r => r.RoleId)
// .ToList();
// if (!userRolesId.Any()) return;
// var userHasClaims = _dbContext.RoleClaims.AsNoTracking().Any(rc =>
// userRolesId.Contains(rc.RoleId) && rc.ClaimType == areaAndControllerAndActionName);
// if (userHasClaims) context.Succeed(requirement);
// --> Instead We Can Use RoleBack Button in Access Denied
}
else if (httpContext.User.HasClaim(areaAndControllerAndActionName, true.ToString()))
{
context.Succeed(requirement);
}
return;
}
