private bool IsAuthorized(IPrincipal user, out IPrincipal authorizedUser)
{
bool isAuthorized = false;
if (user != null &&
user.Identity.IsAuthenticated &&
user.Identity is System.Web.Security.FormsIdentity)
{
// we are authenticated, so let's check whether the cookie has the correct format
WMUserPrincipal principal;
try
{
principal = new WMUserPrincipal((FormsIdentity)user.Identity);
authorizedUser = principal;
}
catch (Exception)
{
// this means we have a dodgy session cookie, so redirect
authorizedUser = WMUserPrincipal.AnonymousInstance;
return(false);
}
IWorkmateMembershipProvider provider = InstanceContainer.WorkmateMembershipProvider;
if (principal.WMUserIdentity.LastRecordCheckUtc.AddSeconds(provider.LastRecordCheckWindowInSeconds) < DateTime.UtcNow)
{
IUserBasic userBasic = provider.GetUserBasic(principal.WMUserIdentity.UserId, true);
if (userBasic != null)
{
this.UpdateAuthenticationCookie(userBasic);
isAuthorized = true;
}
}
else if (FormsAuthentication.SlidingExpiration)
{// refresh the cookie if we have sliding expiration
// check whether we should update the last activity date
if (principal.WMUserIdentity.LastActivityUpdate.AddSeconds(provider.LastActivityUpdateWindowInSeconds) < DateTime.UtcNow)
{
// we have to update the lastactivity date...
IUserBasic userBasic = provider.GetUserBasic(principal.WMUserIdentity.UserId, true);
if (userBasic != null)
{
this.UpdateAuthenticationCookie(userBasic);
isAuthorized = true;
}
}
else
{
// refresh the cookie
this.RefreshAuthenticationCookie(principal.WMUserIdentity);
isAuthorized = true;
}
}
}
else
{
authorizedUser = WMUserPrincipal.AnonymousInstance;
}
return(isAuthorized);
}
static WMUserPrincipal()
{
_AnonymousInstance = new WMUserPrincipal(
WMUserIdentity.Create(UserBasic.GetAnonymousUserInstance()
, false
, DateTime.MinValue
, DateTime.MinValue));
}