Example #1
0
        public override bool IsAuthorized(AuthFilterContext context)
        {
            Requires.NotNull("context", context);

            var principal = Thread.CurrentPrincipal;

            if (!principal.Identity.IsAuthenticated)
            {
                return(false);
            }

            if (_denyRolesSplit.Any())
            {
                var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
                if (!currentUser.IsSuperUser && _denyRolesSplit.Any(currentUser.IsInRole))
                {
                    return(false);
                }
            }

            if (_staticRolesSplit.Any())
            {
                var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
                if (!_staticRolesSplit.Any(currentUser.IsInRole))
                {
                    return(false);
                }
            }

            return(true);
        }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            Requires.NotNull("context", context);

            var principal = Thread.CurrentPrincipal;
            if(!principal.Identity.IsAuthenticated)
            {
                return false;
            }

            if(_denyRolesSplit.Any())
            {
                var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
                if (!currentUser.IsSuperUser && _denyRolesSplit.Any(currentUser.IsInRole))
                {
                    return false;
                }
            }

            if (_staticRolesSplit.Any())
            {
                var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
                if (!_staticRolesSplit.Any(currentUser.IsInRole))
                {
                    return false;
                }
            }

            return true;
        }
 public override bool IsAuthorized(AuthFilterContext context)
 {
     if (SecurityLevel == SecurityAccessLevel.Anonymous)
     {
         return true;
     }
     User = HttpContextSource.Current.Request.IsAuthenticated ? UserController.Instance.GetCurrentUserInfo() : new UserInfo();
     ContextSecurity security = new ContextSecurity(context.ActionContext.Request.FindModuleInfo());
     switch (SecurityLevel)
     {
         case SecurityAccessLevel.Authenticated:
             return User.UserID != -1;
         case SecurityAccessLevel.Host:
             return User.IsSuperUser;
         case SecurityAccessLevel.Admin:
             return security.IsAdmin;
         case SecurityAccessLevel.Edit:
             return security.CanEdit;
         case SecurityAccessLevel.View:
             return security.CanView;
         case SecurityAccessLevel.Pilot:
             return security.IsPilot;
         case SecurityAccessLevel.Verifier:
             return security.IsVerifier;
     }
     return false;
 }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            var activeModule = FindModuleInfo(context.ActionContext.Request);

            if (activeModule != null)
            {
                return ModulePermissionController.HasModuleAccess(AccessLevel, PermissionKey, activeModule);
            }

            return false;
        }
Example #5
0
        /// <summary>
        /// Co-ordinates check of authorization and handles Auth failure.  Should rarely be overridden.
        /// </summary>
        /// <param name="actionContext"></param>
        protected virtual void OnAuthorization(HttpActionContext actionContext)
        {
            Requires.NotNull("actionContext", actionContext);

            const string failureMessage = "Authorization has been denied for this request.";
            var authFilterContext = new AuthFilterContext(actionContext, failureMessage);
            if (!IsAuthorized(authFilterContext))
            {
                authFilterContext.HandleUnauthorizedRequest();
            }
        }
Example #6
0
        public override bool IsAuthorized(AuthFilterContext context)
        {
            var module = FindModuleInfo(context.ActionContext.Request);

            if (module != null)
            {
                return(ModuleIsSupported(module));
            }

            return(false);
        }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            var module = FindModuleInfo(context.ActionContext.Request);

            if (module != null)
            {
                return ModuleIsSupported(module);
            }

            return false;
        }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            var activeModule = FindModuleInfo(context.ActionContext.Request);

            if (activeModule != null)
            {
                return(ModulePermissionController.HasModuleAccess(AccessLevel, PermissionKey, activeModule));
            }

            return(false);
        }
        /// <summary>
        /// Tests if the request passes the authorization requirements
        /// </summary>
        /// <param name="context">The auth filter context</param>
        /// <returns>True when authorization is succesful</returns>
        public override bool IsAuthorized(AuthFilterContext context)
        {
            var principal = Thread.CurrentPrincipal;
            if (!principal.Identity.IsAuthenticated)
            {
                return false;
            }

            var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
            return currentUser.IsSuperUser;
        }
Example #10
0
        /// <summary>
        /// Co-ordinates check of authorization and handles Auth failure.  Should rarely be overridden.
        /// </summary>
        /// <param name="actionContext"></param>
        protected virtual void OnAuthorization(HttpActionContext actionContext)
        {
            Requires.NotNull("actionContext", actionContext);

            const string failureMessage    = "Authorization has been denied for this request.";
            var          authFilterContext = new AuthFilterContext(actionContext, failureMessage);

            if (!IsAuthorized(authFilterContext))
            {
                authFilterContext.HandleUnauthorizedRequest();
            }
        }
Example #11
0
        /// <summary>
        /// Tests if the request passes the authorization requirements
        /// </summary>
        /// <param name="context">The auth filter context</param>
        /// <returns>True when authorization is succesful</returns>
        public override bool IsAuthorized(AuthFilterContext context)
        {
            var principal = Thread.CurrentPrincipal;

            if (!principal.Identity.IsAuthenticated)
            {
                return(false);
            }

            var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;

            return(currentUser.IsSuperUser);
        }
        /// <summary>
        /// Called by framework at start of Auth process, check if auth should be skipped and handles auth failure.  Should rarely need to be overridden.
        /// </summary>
        /// <param name="actionContext"></param>
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            Requires.NotNull("actionContext", actionContext);

            if (SkipAuthorization(actionContext))
            {
                return;
            }

            const string failureMessage = "Authorization has been denied for this request.";
            var authFilterContext = new AuthFilterContext(actionContext, failureMessage);
            if (!IsAuthorized(authFilterContext))
            {
                authFilterContext.HandleUnauthorizedRequest();
            }
        }
Example #13
0
        protected string GetAntiForgeryCookieValue(AuthFilterContext context)
        {
            foreach (var cookieValue in context.ActionContext.Request.Headers.GetValues("Cookie"))
            {
                var nameIndex = cookieValue.IndexOf(AntiForgery.Instance.CookieName, StringComparison.InvariantCultureIgnoreCase);

                if (nameIndex > -1)
                {
                    var valueIndex    = nameIndex + AntiForgery.Instance.CookieName.Length + 1;
                    var valueEndIndex = cookieValue.Substring(valueIndex).IndexOf(';');
                    return(valueEndIndex > -1 ? cookieValue.Substring(valueIndex, valueEndIndex) : cookieValue.Substring(valueIndex));
                }
            }

            return("");
        }
        /// <summary>
        /// Called by framework at start of Auth process, check if auth should be skipped and handles auth failure.  Should rarely need to be overridden.
        /// </summary>
        /// <param name="actionContext"></param>
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            Requires.NotNull("actionContext", actionContext);

            if (SkipAuthorization(actionContext))
            {
                return;
            }

            const string failureMessage    = "Authorization has been denied for this request.";
            var          authFilterContext = new AuthFilterContext(actionContext, failureMessage);

            if (!IsAuthorized(authFilterContext))
            {
                authFilterContext.HandleUnauthorizedRequest();
            }
        }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            try
            {
                string cookieValue = GetAntiForgeryCookieValue(context);
                var    token       = context.ActionContext.Request.Headers.GetValues("RequestVerificationToken").FirstOrDefault();

                AntiForgery.Instance.Validate(cookieValue, token);
            }
            catch (Exception e)
            {
                context.AuthFailureMessage = e.Message;
                return(false);
            }

            return(true);
        }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            try
            {
                string cookieValue = GetAntiForgeryCookieValue(context);
                var token = context.ActionContext.Request.Headers.GetValues("RequestVerificationToken").FirstOrDefault();

                AntiForgery.Instance.Validate(cookieValue, token);
            }
            catch(Exception e)
            {
                context.AuthFailureMessage = e.Message;
                return false;
            }

            return true;
        }
        public override bool IsAuthorized(AuthFilterContext context)
        {
            Requires.NotNull("context", context);

            var identity = Thread.CurrentPrincipal.Identity;

            if (!identity.IsAuthenticated)
            {
                return(false);
            }

            if (this._denyRolesSplit.Any())
            {
                var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
                if (!currentUser.IsSuperUser && this._denyRolesSplit.Any(currentUser.IsInRole))
                {
                    return(false);
                }
            }

            if (this._staticRolesSplit.Any())
            {
                var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
                if (!this._staticRolesSplit.Any(currentUser.IsInRole))
                {
                    return(false);
                }
            }

            // if the attribute opted in explicitly for specific authentication types, then
            // use it; otherwise use the defaults according to settings in the web.config.
            var currentAuthType = (identity.AuthenticationType ?? string.Empty).Trim();

            if (currentAuthType.Length > 0)
            {
                if (this._authTypesSplit.Any())
                {
                    return(this._authTypesSplit.Contains(currentAuthType));
                }

                return(DefaultAuthTypes.Contains(currentAuthType));
            }

            return(true);
        }
        public void LocatesCookie(string cookieFormat, string cookieName, string cookieValue)
        {
            //Arrange
            var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/");
            request.Headers.Add("Cookie", string.Format(cookieFormat, cookieName, cookieValue));
            request.Headers.Add("RequestVerificationToken", "anything_is_fine");
            var config = new HttpConfiguration();
            var controllerContext = new HttpControllerContext(config, new HttpRouteData(new HttpRoute()), request);
            var actionContext = new HttpActionContext(controllerContext, new Mock<HttpActionDescriptor>().Object);
            var authFilterContext = new AuthFilterContext(actionContext, "");
            var mockAntiForgery = new Mock<IAntiForgery>();
            mockAntiForgery.Setup(x => x.CookieName).Returns(cookieName);
            AntiForgery.SetTestableInstance(mockAntiForgery.Object);

            //Act
            var vaft = new ValidateAntiForgeryTokenAttribute();
            vaft.IsAuthorized(authFilterContext);

            //Assert
            mockAntiForgery.Verify(x => x.Validate(cookieValue, It.IsAny<string>()), Times.Once());
        }
        protected string GetAntiForgeryCookieValue(AuthFilterContext context)
        {
            foreach (var cookieValue in context.ActionContext.Request.Headers.GetValues("Cookie"))
            {
                var nameIndex = cookieValue.IndexOf(AntiForgery.Instance.CookieName, StringComparison.InvariantCultureIgnoreCase);

                if(nameIndex > -1)
                {
                    var valueIndex = nameIndex + AntiForgery.Instance.CookieName.Length + 1;
                    var valueEndIndex = cookieValue.Substring(valueIndex).IndexOf(';');

                    if (valueEndIndex > -1)
                    {
                        return cookieValue.Substring(valueIndex, valueEndIndex);
                    }
                    else
                    {
                        return cookieValue.Substring(valueIndex);
                    }
                }
            }
            
            return "";
        }
 /// <summary>
 /// Tests if the request passes the authorization requirements
 /// </summary>
 /// <param name="context">The auth filter context</param>
 /// <returns>True when authorization is succesful</returns>
 public abstract bool IsAuthorized(AuthFilterContext context);
 /// <summary>
 /// Tests if the request passes the authorization requirements
 /// </summary>
 /// <param name="context">The auth filter context</param>
 /// <returns>True when authorization is succesful</returns>
 public abstract bool IsAuthorized(AuthFilterContext context);