Exemple #1
0
        /*void IActionFilter.OnActionExecuting(ActionExecutingContext filterContext)
        {
            int userId = (int)WebSecurity.CurrentUserId;
            using (var db = new UsersContext())
            {
                string s = db.getSessionId(userId);

                if ((filterContext.HttpContext.Session.SessionID != db.getSessionId(userId)) || db.getSessionId(userId) == null)
                {
                    WebSecurity.Logout();
                    filterContext.Result = new RedirectResult("/Home/Index");
                }
            }
        }*/
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            //WebSecurity.InitializeDatabaseConnection("connString", "UserProfile", "UserId", "UserName", autoCreateTables: true);

            bool isAuthorized = base.AuthorizeCore(httpContext);

            if (isAuthorized)
            {
                int userId = (int)WebSecurity.CurrentUserId;
                using (var db = new UsersContext())
                {
                    if ((httpContext.Session.SessionID != db.getSessionId(userId))
                        || db.getSessionId(userId) == null)
                    {
                        WebSecurity.Logout();
                        isAuthorized = false;
                        httpContext.Response.Redirect("/Home/Index");
                    }
                }
            }

            return isAuthorized;
        }