public static string GetAuthToken(HttpRequestBase request, HttpContextBase httpContext)
        {
            // Retrieve the user's tenantID and access token since they are used to call the GraphAPI.
            //
            string accessToken = null;
            string tenantId = ClaimsPrincipal.Current.FindFirst(GraphConfiguration.TenantIdClaimType).Value;
            if (tenantId != null)
            {
               accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, GraphConfiguration.GraphResourceId);
            }
            if (accessToken == null)
            {
                //
                // If refresh is set to true, the user has clicked the link to be authorized again.
                //
                if (request.QueryString["reauth"] == "True")
                {
                    // Send an OpenID Connect sign-in request to get a new set of tokens.
                    // If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
                    // The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
                    //
                    httpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
                }
            }

            return accessToken;
        }
        //ver esse esquema de de segurança depois 
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var identity = (ClaimsIdentity)httpContext.User.Identity;

            var url = httpContext.Request.Url.AbsolutePath;
            var value = url.Split('/');
            string[] valueAction = new string[] {};
            if (value.Length == 2) valueAction = new[] {value[1]};
            else if (value.Length == 3) valueAction = new[] {value[1], value[2]};
            else if (value.Length >= 4) valueAction = new[] {value[1], value[2], value[3]};
            
            
            if (!string.IsNullOrWhiteSpace(Action))
            {
                valueAction[valueAction.Length - 1] = Action;   
            }
            url = string.Join("/", valueAction);
            
            var claim = identity.Claims.FirstOrDefault(k => (k.Type.Substring(0,4).Equals("Menu") && k.Value.Contains(url)) || (k.Type.Substring(0, 4).Equals("Inv") && k.Value.Contains(url)));

            if (claim == null) return false;

            var userManager = httpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
            var userId = httpContext.User.Identity.GetUserId();
            var user = userManager.FindById(userId);

            var permissao = user.Permissoes.FirstOrDefault(x => x.AspNetModulo is AspNetAction && ((AspNetAction)x.AspNetModulo).GetUrl() == url);

            if (permissao != null)
                identity.AddClaim(new Claim("AspNet.Identity.Permissao", ((int)permissao.AspNetTipoPermissaoId).ToString()));

            return true;

            
        }
Example #3
0
 protected ServiceBase(IDataFactory dataFactory, HttpContextBase httpContext)
 {
     DataFactory = dataFactory;
     CurrentUser = httpContext.GetOwinContext().GetUserManager<ApplicationUserManager>().FindById(System.Web.HttpContext.Current.User.Identity.GetUserId());
     //            CurrentUser = user ??
     //                           HttpContext.Current.GetOwinContext()
     //                               .GetUserManager<ApplicationUserManager>()
     //                               .FindById(System.Web.HttpContext.Current.User.Identity.GetUserId());
 }
Example #4
0
 protected override bool AuthorizeCore(HttpContextBase httpContext)
 {
     UserManager<ApplicationUser> UserManager = httpContext.GetOwinContext().GetUserManager<ApplicationManager>();
     ApplicationUser user = UserManager.FindByName(httpContext.User.Identity.Name);
     if ((user.Banned == true))
     {
         return false;
     }
     return base.AuthorizeCore(httpContext);
 }
Example #5
0
 public static Operator GetOperator(HttpContextBase _context)
 {
     var claimsIdentity = _context.GetOwinContext().Authentication.User.Identity as ClaimsIdentity;
     return new Operator()
     {
         UserId = claimsIdentity.GetClaimValue(ClaimTypes.NameIdentifier),
         UserName = claimsIdentity.GetClaimValue(ClaimTypes.Name),
         NickName = claimsIdentity.GetClaimValue(ClaimTypes.Surname),
         Ip = _context.Request.GetIpAddress()
     };
 }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if(!httpContext.User.Identity.IsAuthenticated)
                return false;

            bool isAuthorized = base.AuthorizeCore(httpContext);

            var userManager = httpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
            bool isConfirmed = userManager.IsEmailConfirmed(httpContext.User.Identity.GetUserId());

            return isAuthorized && isConfirmed;
        }
 protected override bool AuthorizeCore(HttpContextBase httpContext)
 {
     bool authorizeCore = base.AuthorizeCore(httpContext);
     if (authorizeCore)
     {
         // logged in user's email is confirmed?
         string username = httpContext.User.Identity.Name;
         // fetch logged in user detail from database
         ApplicationUserManager userManager = httpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
         ApplicationUser user = userManager.FindByName(username);
         return user.EmailConfirmed;
     }
     return false;
 }
 /// <summary>
 /// 取当前用户的权限列表
 /// </summary>
 /// <param name="context"></param>
 /// <returns></returns>
 private IEnumerable<ApplicationPermission> GetUserPermissions(HttpContextBase context)
 {
     // 取登录名
     var username = context.User.Identity.Name;
     // 构建缓存key
     var key = string.Format("UserPermissions_{0}", username);
     // 从缓存中取权限
     var permissions = HttpContext.Current.Session[key] as IEnumerable<ApplicationPermission>;
     // 若没有,则从db中取并写入缓存
     if (permissions == null)
     {
         // 取roleManager
         var roleManager = context.GetOwinContext().Get<ApplicationRoleManager>();
         // 取用户权限集合
         permissions = roleManager.GetUserPermissions(username);
         // 写入缓存
         context.Session.Add(key, permissions);
     }
     return permissions;
 }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext == null)
                throw new ArgumentNullException("httpContext");

            var user = httpContext.User;
            if (!user.Identity.IsAuthenticated)
                return false;

            var dbContext = httpContext.GetOwinContext().Get<ApplicationDbContext>();
            var roleAccess = from ra in dbContext.RoleAccesses
                             let userId = dbContext.Users.FirstOrDefault(u => u.UserName == user.Identity.Name).Id
                             let roleIds = dbContext.Roles.Where(r => r.Users.Any(u => u.UserId == userId)).Select(r => r.Id)
                             where roleIds.Contains(ra.RoleId)
                             select ra;

            if (roleAccess.Any(ra =>
                ra.Controller.Equals(_requestControllerName, StringComparison.InvariantCultureIgnoreCase) &&
                ra.Action.Equals(_requestedActionName, StringComparison.InvariantCultureIgnoreCase)))
                return true;

            return false;
        }
		private static IAuthenticationManager GetAuthenticationManager(HttpContextBase context)
		{
			return context.GetOwinContext().Authentication;
		}
 // Methods
 protected override PermissionAuthorize GetPermissionAuthorize(HttpContextBase httpContext)
 {
     return new ApplicationPermissionAuthorize(httpContext.GetOwinContext().Get<ApplicationPermissionManager>());
 }
Example #12
0
 public void LoginUser(HttpContextBase context, User user)
 {
     IAuthenticationManager authManager = context.GetOwinContext().Authentication;
     authManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
     authManager.SignIn(new AuthenticationProperties { IsPersistent = true },
         userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie));
 }
Example #13
0
 /// <summary>
 ///
 /// </summary>
 /// <typeparam name="TTenant"></typeparam>
 /// <param name="httpContext"></param>
 /// <returns></returns>
 public static TTenant GetTenant <TTenant>(this HttpContextBase httpContext)
 {
     Ensure.Argument.NotNull(httpContext, nameof(httpContext));
     return(httpContext.GetOwinContext().Environment.GetTenant <TTenant>());
 }
        public static Pilot GetCurrentUserPilot(HttpContextBase context)
        {
            // Return Session Cache if set
            if (context.Items["CurrentUserPilot"] != null)
            {
                var ghostUserPilotSession = context.Items["CurrentUserPilot"] as Pilot;
                if (ghostUserPilotSession != null)
                {
                    return ghostUserPilotSession;
                }
            }

            if (!context.Request.IsAuthenticated) return new Pilot();

            var userManager = context.GetOwinContext().GetUserManager<ApplicationUserManager>();
            var user = userManager.FindById(context.User.Identity.GetUserId());
            Pilot ghost = new Pilot();
            if (user != null)
            {
                ghost = user.Pilot ?? new Pilot();
            }

            // Set Session Cache
            context.Items.Remove("CurrentUserPilot");
            context.Items.Add("CurrentUserPilot", ghost);

            // Return Current User Pilot
            return ghost;
        }
Example #15
0
 public static Task <bool> CheckAccessAsync(this HttpContextBase httpContext, ResourceAuthorizationContext authorizationContext)
 {
     return(httpContext.GetOwinContext().CheckAccessAsync(authorizationContext));
 }