protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            // No need to create a new principal object if it already exists (child actions)
            if (filterContext.HttpContext.User is UserPrincipal)
            {
                base.OnAuthorization(filterContext);
                return;
            }

            User user = null;
            if (filterContext.HttpContext.User != null && filterContext.HttpContext.User.Identity.IsAuthenticated && filterContext.HttpContext.User.Identity.AuthenticationType == "Forms")
            {
                var userService = ObjectFactory.GetInstance<IUserService>();
                user = userService.GetByUsername(filterContext.HttpContext.User.Identity.Name);
                // Something happened to their account - log them out
                if (user == null || user.IsDeleted)
                {
                    // Since this is a rarity, I'm not going to force very controller to inject the userservice in the constructor
                    var authService = ObjectFactory.GetInstance<IUserAuthenticationService>();
                    authService.Logout();
                    filterContext.HttpContext.User = null;
                }
            }
            if (user == null)
            {
                user = new User();
            }

            var identity = filterContext.HttpContext.User != null ? filterContext.HttpContext.User.Identity : new GenericIdentity(user.Username ?? string.Empty);
            filterContext.HttpContext.User = new UserPrincipal(user, identity);

            Thread.CurrentPrincipal = filterContext.HttpContext.User;
            base.OnAuthorization(filterContext);
        }
        public override void Setup()
        {
            base.Setup();

            User = Generator.SetupUser(x =>
                {
                    x.Username = "******";
                    x.IsAdmin = true;
                });

            Controller = new HomeController(Db, Cache, Metrics);
            ControllerUtilities.SetupControllerContext(Controller, User);
        }
 public void SetLoginCookie(User user, bool rememberMe)
 {
     FormsAuthentication.SetAuthCookie(user.Username, rememberMe);
 }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            //If not authenticated, it might be a request from flash in Firefox, so get the auth token passed in to create Identity
            if (!httpContext.Request.IsAuthenticated)
            {
                var token = httpContext.Request.Params[TokenKey];
                if (token != null)
                {
                    var ticket = FormsAuthentication.Decrypt(token);
                    if (ticket != null)
                    {
                        var identity = new FormsIdentity(ticket);
                        httpContext.User = new GenericPrincipal(identity, null);	//this doesn't need to be a UserPrincipal, because that will happen below
                    }
                }
            }

            if (!httpContext.Request.IsAuthenticated)
                return false;

            // If it's not a UserPrincipal, we need to create it (b/c this happens before BaseController.OnAuthorization)
            if (!(httpContext.User is UserPrincipal))
            {
                User user = null;
                if (httpContext.User.Identity.IsAuthenticated && httpContext.User.Identity.AuthenticationType == "Forms")
                {
                    using (var db = ObjectFactory.GetInstance<SqlConnection>())
                    {
                        db.Open();
                        var userService = new UserService(db, Cache);
                        user = userService.GetByUsername(httpContext.User.Identity.Name);
                    }
                    if (user == null || user.IsDeleted)
                        return false;
                }
                else
                {
                    user = new User();
                }

                var identity = httpContext.User != null ? httpContext.User.Identity : new GenericIdentity(user.Username ?? string.Empty);
                httpContext.User = new UserPrincipal(user, identity);

                Thread.CurrentPrincipal = httpContext.User;
            }

            var userObject = httpContext.User as UserPrincipal;

            return !RequireAdmin || userObject.IsAdmin;
        }
 public UserPrincipal(User user, IIdentity identity)
 {
     UserObject = user;
     Identity = identity;
 }
 public PasswordRetrieval(User user, Guid token)
     : this(user)
 {
     Token = token;
 }
 public PasswordRetrieval(User user)
 {
     UserId = user.Id;
 }