Example #1
0
        public void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
        {
            var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                string encTicket = authCookie.Value;
                if (!String.IsNullOrEmpty(encTicket))
                {
                    var ticket = FormsAuthentication.Decrypt(encTicket);
                    var id = new CustomIdentity(ticket);

                    //var userRoles = Roles.GetRolesForUser(id.Name); //get role
                    var userRoles = new string[] { };
                    var prin = new GenericPrincipal(id, userRoles);
                    HttpContext.Current.User = prin;

                }
            }
        }
Example #2
0
        /// <summary>
        /// 
        /// </summary>
        /// <param name="filterContext"></param>
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
         
            if (cookie != null)
            {
                FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

                var customidentity = new CustomIdentity(ticket);
                if (customidentity == null || !customidentity.IsInRole(Role))
                {
                    //ContentResult Content = new ContentResult();
                    //Content.Content = "<script type='text/javascript'>alert('Auth verify Failed!');history.go(-1);</script>";
                    //filterContext.Result = Content;
                    //throw new HttpException(401, null);
    

                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                    {
                        controller = "Error",
                        name = customidentity.Name,
                        action = "AccessDenied"

                    }));
                }


                string viewBagUsername = filterContext.Controller.ViewBag.UserName;

                if (!string.IsNullOrEmpty(viewBagUsername))
                {
                    string currentUsername = customidentity.Name;
                    if (viewBagUsername.ToLower() != currentUsername.ToLower())
                    {
                        //if (customidentity.Roles[0] == "User")
                        //{
                        //    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                        //    {
                        //        action = "AccessDenied",
                        //        controller = "Error"


                        //    }));
                        //}
                        //else if (customidentity.Roles[0] == "PowerUser")
                        //{
                        //    string[] users = null;
                        //    //new ProxyHelper<IMember>().Use(code =>
                        //    //{
                        //    //    users = code.GetOrgUsersByUsername(currentUsername);

                        //    //}, Constants.MEMBER_ENDPOINT);

                        //    MemberService.MemberClient memberService = new MemberService.MemberClient();
                        //    users = memberService.GetOrgUsersByUsername(currentUsername);

                        //    if(!Helpers.HasInVale(users,viewBagUsername))
                        //    {
                        //         filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                        //    {
                        //        action = "AccessDenied",
                        //        controller = "Error"


                        //    }));
                        //    }
                            
                        //}
                        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                        {
                            
                            controller = "Error",
                            name = customidentity.Name,
                            action = "AccessDenied"

                        }));
                    }
                }
                
            }
        }