public virtual void Auth(AuthorizingEventArgs authArgs)
{
authArgs.Authorized = SiteCredentialsManager.Instance.Settings.HasCredentials &&
(authArgs.LightCheck ||
FileStorageManager.Instance.UseLocalMode ||
IsAuthorized(
authArgs.AuthServer,
SiteCredentialsManager.Instance.Settings.Login,
SiteCredentialsManager.Instance.Settings.GetPassword()));
}
private void Authorize()
{
if (Authorizing == null)
{
return;
}
var args = new AuthorizingEventArgs(_authServer);
Authorizing(this, args);
Activated = args.Authorized;
}
public override void Auth(AuthorizingEventArgs authArgs)
{
base.Auth(authArgs);
if (authArgs.Authorized)
{
return;
}
if (SiteCredentialsManager.Instance.SettingsFile.ExistsLocal())
{
File.Delete(SiteCredentialsManager.Instance.SettingsFile.LocalPath);
}
FormStart.CloseProgress();
using (var form = AppManager.Instance.Settings.GrayConnectConfig.UseGrayConnect ?
(Form) new FormLoginGrayConnect() :
new FormLogin())
{
var formLogin = (IFormLogin)form;
formLogin.SetSiteUrl(authArgs.AuthServer);
formLogin.Logining += (o, e) =>
{
e.Accepted = IsAuthorized(authArgs.AuthServer, e.Login, e.Password);
if (e.Accepted)
{
SiteCredentialsManager.Instance.Settings.Login = e.Login;
SiteCredentialsManager.Instance.Settings.SetPassword(e.Password);
SiteCredentialsManager.Instance.Settings.Save();
}
};
authArgs.Authorized = form.ShowDialog() == DialogResult.OK;
}
FormStart.ShowProgress();
}
/// <summary>
/// Checks Roles, Users, Resource Names, and Page ACL depending on configuration
/// </summary>
/// <param name="httpContext">The Route Context</param>
/// <returns>If the request is authorized.</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
AuthorizingEventArgs AuthorizingArgs = new AuthorizingEventArgs()
{
CurrentUser = GetCurrentUser(httpContext),
FoundPage = GetTreeNode(httpContext),
Authorized = false
};
bool IsAuthorized = false;
// Start event, allow user to overwrite FoundPage
using (var KenticoAuthorizeAuthorizingTaskHandler = AuthorizeEvents.Authorizing.StartEvent(AuthorizingArgs))
{
if (!AuthorizingArgs.SkipDefaultValidation)
{
AuthorizingArgs.Authorized = CacheHelper.Cache(cs =>
{
bool Authorized = false;
List <string> CacheDependencies = new List <string>();
// Will remain true only if no other higher priority authorization items were specified
bool OnlyAuthenticatedCheck = true;
// Roles
if (!Authorized && !string.IsNullOrWhiteSpace(Roles))
{
OnlyAuthenticatedCheck = false;
CacheDependencies.Add("cms.role|all");
CacheDependencies.Add("cms.userrole|all");
CacheDependencies.Add("cms.membershiprole|all");
CacheDependencies.Add("cms.membershipuser|all");
foreach (string Role in Roles.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries))
{
if (AuthorizingArgs.CurrentUser.IsInRole(Role, SiteContext.CurrentSiteName, true, true))
{
Authorized = true;
break;
}
}
}
// Users
if (!Authorized && !string.IsNullOrWhiteSpace(Users))
{
OnlyAuthenticatedCheck = false;
foreach (string User in Users.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries))
{
if (User.ToLower().Trim() == AuthorizingArgs.CurrentUser.UserName.ToLower().Trim())
{
Authorized = true;
break;
}
}
}
// Explicit Permissions
if (!Authorized && !string.IsNullOrWhiteSpace(ResourceAndPermissionNames))
{
OnlyAuthenticatedCheck = false;
CacheDependencies.Add("cms.role|all");
CacheDependencies.Add("cms.userrole|all");
CacheDependencies.Add("cms.membershiprole|all");
CacheDependencies.Add("cms.membershipuser|all");
CacheDependencies.Add("cms.permission|all");
CacheDependencies.Add("cms.rolepermission|all");
foreach (string ResourcePermissionName in ResourceAndPermissionNames.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries))
{
string[] StringParts = ResourcePermissionName.Split('.');
string PermissionName = StringParts.Last();
string ResourceName = string.Join(".", StringParts.Take(StringParts.Length - 1));
if (UserSecurityHelper.IsAuthorizedPerResource(ResourceName, PermissionName, SiteContext.CurrentSiteName, AuthorizingArgs.CurrentUser))
{
Authorized = true;
break;
}
}
}
// Check page level security
if (!Authorized && CheckPageACL)
{
if (AuthorizingArgs.FoundPage != null)
{
OnlyAuthenticatedCheck = false;
CacheDependencies.Add("cms.role|all");
CacheDependencies.Add("cms.userrole|all");
CacheDependencies.Add("cms.membershiprole|all");
CacheDependencies.Add("cms.membershipuser|all");
CacheDependencies.Add("nodeid|" + AuthorizingArgs.FoundPage.NodeID);
CacheDependencies.Add("cms.acl|all");
CacheDependencies.Add("cms.aclitem|all");
if (TreeSecurityProvider.IsAuthorizedPerNode(AuthorizingArgs.FoundPage, NodePermissionToCheck, AuthorizingArgs.CurrentUser) != AuthorizationResultEnum.Denied)
{
Authorized = true;
}
}
}
// If there were no other authentication properties, check if this is purely an "just requires authentication" area
if (OnlyAuthenticatedCheck && (!UserAuthenticationRequired || !AuthorizingArgs.CurrentUser.IsPublic()))
{
Authorized = true;
}
if (cs.Cached)
{
cs.CacheDependency = CacheHelper.GetCacheDependency(CacheDependencies.Distinct().ToArray());
}
return(Authorized);
}, new CacheSettings(CacheAuthenticationResults ? CacheHelper.CacheMinutes(SiteContext.CurrentSiteName) : 0, "AuthorizeCore", AuthorizingArgs.CurrentUser.UserID, (AuthorizingArgs.FoundPage != null ? AuthorizingArgs.FoundPage.DocumentID : -1), SiteContext.CurrentSiteName, Users, Roles, ResourceAndPermissionNames, CheckPageACL, NodePermissionToCheck, CustomUnauthorizedRedirect, UserAuthenticationRequired));
}
IsAuthorized = AuthorizingArgs.Authorized;
}
return(IsAuthorized);
}
