public static bool IsSysAdmin(this ControllerBase controller) { bool IsSysAdmin = false; try { //Check if the requesting user has the System Administrator privilege... IsSysAdmin = new UserAccessRules(controller.ControllerContext .HttpContext.User.Identity.Name).IsAdmin; } catch { } return(IsSysAdmin); }
public static List <int> HasPermission(this ControllerBase controller, int modulecode) { List <int> Found = new List <int>(); try { //Check if the requesting user has the specified application permission... Found = new UserAccessRules(controller.ControllerContext .HttpContext.User.Identity.Name).HasPermission(modulecode); } catch { } return(Found); }
public static bool HasRole(this ControllerBase controller, int role) { bool Found = false; try { //Check if the requesting user has the specified role... Found = new UserAccessRules(controller.ControllerContext .HttpContext.User.Identity.Name).HasRole(role); } catch { } return(Found); }
public static bool HasRoles(this ControllerBase controller, string roles) { bool bFound = false; try { //Check if the requesting user has any of the specified roles... //Make sure you separate the roles using ';' (ie "Sales Manager;Sales Operator") bFound = new UserAccessRules(controller.ControllerContext .HttpContext.User.Identity.Name).HasRoles(roles); } catch { } return(bFound); }
public override void OnAuthorization(AuthorizationContext filterContext) { int moduleCode = Convert.ToInt32(_moduleCode); int roleID = Convert.ToInt32(_roleID); /*Create permission string based on the requested controller * name and action name in the format 'controllername-action'*/ string requiredPermission = String.Format("{0}_{1}", filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName); /*Create an instance of our custom user authorisation object passing requesting * user's 'Windows Username' into constructor*/ UserAccessRules requestingUser = new UserAccessRules(filterContext.RequestContext .HttpContext.User.Identity.Name); if (HttpContext.Current.Session[PageConstants.SESSION_USER_ID] == null) { var context = filterContext.HttpContext; string redirectTo = "~/Account/Login"; if (!string.IsNullOrEmpty(context.Request.RawUrl)) { redirectTo = string.Format("~/Account/Login?ReturnUrl={0}", HttpUtility.UrlEncode(context.Request.RawUrl)); } filterContext.Controller.ViewBag.ShowPopup = true; filterContext.Controller.ViewBag.IsSuccess = false; filterContext.Controller.ViewBag.Message = "There was no activity since last 30 minutes. Your session is expired."; } else if (requestingUser.HasPermission(moduleCode) == null & !requestingUser.IsAdmin) { /*The custom '401 Unauthorized' access error will be returned to the * browser in response to the initial request.*/ filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "action", "UnAuthorizedUser" }, { "controller", "Account" } }); } }