Example #1
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            HttpCookie authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];

            if (authCookie != null)
            {
                // Get the forms authentication ticket.
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                var identity  = new GenericIdentity(authTicket.Name, "Forms");
                var principal = new AuthPrincipal(identity);

                // Get the custom user data encrypted in the ticket.
                string userData = ((FormsIdentity)(filterContext.HttpContext.User.Identity)).Ticket.UserData;

                // Deserialize the json data and set it on the custom principal.
                var serializer = new JavaScriptSerializer();
                principal.User = (UserDto)serializer.Deserialize(userData, typeof(UserDto));

                // Set the context user as the authPrincipal hence views can retrive user data.
                filterContext.HttpContext.User = principal;

                // Page level authentication
            }
            base.OnAuthorization(filterContext);
        }
Example #2
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            HttpCookie authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];

            if (authCookie != null)
            {
                // Get the forms authentication ticket.
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                var identity  = new GenericIdentity(authTicket.Name, "Forms");
                var principal = new AuthPrincipal(identity);

                // Get the custom user data encrypted in the ticket.
                if (filterContext.HttpContext.User.Identity is FormsIdentity)
                {
                    string userData = ((FormsIdentity)(filterContext.HttpContext.User.Identity)).Ticket.UserData;

                    // Deserialize the json data and set it on the custom principal.
                    var serializer = new JavaScriptSerializer();
                    principal.User = (UserDto)serializer.Deserialize(userData, typeof(UserDto));
                }
                else
                {
                    principal.User = (filterContext.HttpContext.User as dynamic).User;
                }

                // Page level authentication
                if (principal.User.Authority != Models.UserAuthority.Admin)
                {
                    filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary
                    {
                        { "action", "ErrorAdminRequired" },
                        { "controller", "ErrorPages" }
                    });
                }

                // Set the context user as the authPrincipal hence views can retrive user data.
                filterContext.HttpContext.User = principal;
            }
            base.OnAuthorization(filterContext);
        }