public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Session != null)
{
var user = filterContext.HttpContext.Session["user"]?.ToString();
if (!string.IsNullOrWhiteSpace(user))
{
return;
}
var cookie = filterContext.HttpContext.Request.Cookies?["user"];
if (!string.IsNullOrEmpty(cookie?.Value))
{
throw new UnauthorizedException();
}
var content = cookie?.Value.DecryptQueryString();
lclEntities db = new lclEntities();
if (!db.Users.Any(u => u.Account == content))
{
throw new UnauthorizedException();
}
}
}
