/// <summary> /// override base class method, it will be called for every action method in the class. /// </summary> /// <param name="filterContext">filter Context</param> protected override void OnActionExecuting(ActionExecutingContext filterContext) { string permissionName = string.Empty; string actionName = filterContext.ActionDescriptor.ActionName; if (filterContext.ActionDescriptor.IsDefined(typeof(PageAccessAttribute), true)) { PageAccessAttribute pageAccessAttibute = (PageAccessAttribute)filterContext.ActionDescriptor.GetCustomAttributes(true).Where(x => x.GetType() == typeof(PageAccessAttribute)).FirstOrDefault(); permissionName = pageAccessAttibute.PermissionName; actionName = pageAccessAttibute.ActionName; } if (ProjectSession.UserId <= 0) { if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.HttpContext.Response.StatusCode = 403; filterContext.Result = new JsonResult { Data = Resources.Messages.SessionExpiredMessage, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } else { this.AddToastMessage(Resources.General.SessionExpired, Resources.Account.SessionTimeOut, MessageBoxType.Info, true); filterContext.Result = this.RedirectToAction(Actions.ActiveDirectoryLogin, Controllers.ActiveDirectory, new { returnUrl = ProjectConfiguration.CurrentRawUrl }); } } else if (ProjectSession.UserId > 0) { if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(SkipAuthorizationAttribute), true).Length > 0 || filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(SkipAuthorizationAttribute), true).Length > 0) { return; } // no need to check for manage profile and change password. if ((filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == Controllers.User && !(actionName == Actions.ChangePassword || actionName == Actions.MyProfile || actionName == Actions.UserProfile)) || filterContext.ActionDescriptor.ControllerDescriptor.ControllerName != Controllers.User) { this.GetPageAccessRight(filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, actionName); if (filterContext.HttpContext.Request.IsAjaxRequest()) { if (filterContext.HttpContext.Request.RequestType.ToLower() != "post") { if (!Rights.HasAccess(filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, actionName: actionName, permissionName: permissionName)) { filterContext.Result = this.RedirectToAction(Actions.AccessDenied, Controllers.Account); } } } else { if (!Rights.HasAccess(filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, actionName: actionName, permissionName: permissionName)) { filterContext.Result = this.RedirectToAction(Actions.AccessDenied, Controllers.Account); } } } } base.OnActionExecuting(filterContext); }