public static bool ADValidateEnabled(Token t)
{
bool validated = false;
try
{
//Get the Principal Context for AD
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "AOC-resins.com");
//Get the User Principal
UserPrincipal principal = UserPrincipal.FindByIdentity(ctx, t.userName);
//Is that user's account enabled
validated = principal.Enabled.Value;
}
catch (Exception e)
{
validated = false;
}
if (!validated)
{
HallMonitor hm = new HallMonitor();
hm.UserId = t.userId;
hm.Resource = "Active Directory";
hm.Action = "ENABLED";
hm.LogDescription = "User account has been disabled. request for resources has been denied.";
hm.LogActivity();
}
return(validated);
}
public bool IsUserAuthorized(HttpActionContext actionContext)
{
var authHeader = FetchFromHeader(actionContext); //fetch authorization token from header
if (authHeader != null)
{
Token userPayloadToken = TokenManager.extractPaylod(authHeader);
if (userPayloadToken != null)
{
//Make sure the user's account hasn't been disabled in the middle of a session
if (UserHelper.ADValidateEnabled(userPayloadToken))
{
//TODO: Determine whether the user has access to the requested resource
//Log the user activity
HallMonitor hm = new HallMonitor();
hm.UserId = userPayloadToken.userId;
hm.Resource =
actionContext.Request.RequestUri.Segments[
actionContext.Request.RequestUri.Segments.Length - 1];
hm.Action = actionContext.Request.Method.Method;
hm.LogActivity();
#region comment
/*
* For granular authorization
* Get the Requested URI (what controller are we accessing)
* and the Request Method (GET, POST, PUT, DELETE)
*
* compare to the user's role and that role's accessibilities
* if all is good (1 = 1) return true otherwise fall through and return false
*/
#endregion
if (1 == 1)
{
return(true);
}
}
else
{
return(false);
}
}
}
return(false);
}
