public override void OnAuthorization(AuthorizationContext filterContext) { var name = string.Empty; var redirect = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "user" }, { "area", "admin" }, { "returnUrl", filterContext.HttpContext.Request.Url } }); string requiredPermission = string.Format("{0}-{1}", filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName); if (SessionHelper.IsExist(AppSetting.AdminLogged)) { UserLogged logged = SessionHelper.GetSession(AppSetting.AdminLogged) as UserLogged; name = logged.Username; } else { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "user" }, { "area", "admin" }, { "returnUrl", filterContext.HttpContext.Request.Url } }); } AuthorizationUser authorizationUser = new AuthorizationUser(name); if (!authorizationUser.HasPermission(requiredPermission) & !authorizationUser.IsSysAdmin) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "user" }, { "area", "admin" }, { "returnUrl", filterContext.HttpContext.Request.Url } }); } }
public static bool IsSysAdmin(this ControllerBase controller) { bool bIsSysAdmin = false; try { //Check if the requesting user has the System Administrator privilege... bIsSysAdmin = new AuthorizationUser(controller.ControllerContext.HttpContext.User.Identity.Name).IsSysAdmin; } catch { } return(bIsSysAdmin); }
public static bool HasPermission(this ControllerBase controller, string permission) { bool bFound = false; try { //Check if the requesting user has the specified application permission... bFound = new AuthorizationUser(controller.ControllerContext.HttpContext.User.Identity.Name).HasPermission(permission); } catch { } return(bFound); }
public static bool HasRole(this ControllerBase controller, string role) { bool bFound = false; try { //Check if the requesting user has the specified role... bFound = new AuthorizationUser(controller.ControllerContext.HttpContext.User.Identity.Name).HasRole(role); } catch { } return(bFound); }
public static bool HasRoles(this ControllerBase controller, string roles) { bool bFound = false; try { //Check if the requesting user has any of the specified roles... //Make sure you separate the roles using ; (ie "Sales Manager;Sales Operator" bFound = new AuthorizationUser(controller.ControllerContext.HttpContext.User.Identity.Name).HasRoles(roles); } catch { } return(bFound); }