public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Guid uniquId;
bool isPassValid = false;
var pass = ExtractPasswordFromRequest(filterContext);
MembershipUser mu = null;
if (string.IsNullOrWhiteSpace(pass))
{
throw new InvalidPasswordException("Password field not found");
}
else if (!string.IsNullOrEmpty(UniqueIdFieldName) && Guid.TryParse(filterContext.RequestContext.HttpContext.Request[UniqueIdFieldName], out uniquId))
{
using (var db = new ccEntities())
{
mu = db.MembershipUsers.SingleOrDefault(f => f.User.UniqueId == uniquId);
}
}
else if (filterContext.RequestContext.HttpContext.User != null && filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
{
using (var db = new ccEntities())
{
var username = filterContext.RequestContext.HttpContext.User.Identity.Name;
mu = db.MembershipUsers.Single(f => f.User.UserName == username);
}
}
if (mu != null)
{
isPassValid = mu.ValidatePassword(pass);
}
else
{
isPassValid = false;
}
if (!isPassValid)
{
throw new InvalidPasswordException();
}
}
