public override bool IsAuthorized(AuthFilterContext context)
{
Requires.NotNull("context", context);
var principal = Thread.CurrentPrincipal;
if (!principal.Identity.IsAuthenticated)
{
return(false);
}
if (_denyRolesSplit.Any())
{
var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
if (!currentUser.IsSuperUser && _denyRolesSplit.Any(currentUser.IsInRole))
{
return(false);
}
}
if (_staticRolesSplit.Any())
{
var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
if (!_staticRolesSplit.Any(currentUser.IsInRole))
{
return(false);
}
}
return(true);
}
public override bool IsAuthorized(AuthFilterContext context)
{
Requires.NotNull("context", context);
var principal = Thread.CurrentPrincipal;
if(!principal.Identity.IsAuthenticated)
{
return false;
}
if(_denyRolesSplit.Any())
{
var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
if (!currentUser.IsSuperUser && _denyRolesSplit.Any(currentUser.IsInRole))
{
return false;
}
}
if (_staticRolesSplit.Any())
{
var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
if (!_staticRolesSplit.Any(currentUser.IsInRole))
{
return false;
}
}
return true;
}
public override bool IsAuthorized(AuthFilterContext context)
{
if (SecurityLevel == SecurityAccessLevel.Anonymous)
{
return true;
}
User = HttpContextSource.Current.Request.IsAuthenticated ? UserController.Instance.GetCurrentUserInfo() : new UserInfo();
ContextSecurity security = new ContextSecurity(context.ActionContext.Request.FindModuleInfo());
switch (SecurityLevel)
{
case SecurityAccessLevel.Authenticated:
return User.UserID != -1;
case SecurityAccessLevel.Host:
return User.IsSuperUser;
case SecurityAccessLevel.Admin:
return security.IsAdmin;
case SecurityAccessLevel.Edit:
return security.CanEdit;
case SecurityAccessLevel.View:
return security.CanView;
case SecurityAccessLevel.Pilot:
return security.IsPilot;
case SecurityAccessLevel.Verifier:
return security.IsVerifier;
}
return false;
}
public override bool IsAuthorized(AuthFilterContext context)
{
var activeModule = FindModuleInfo(context.ActionContext.Request);
if (activeModule != null)
{
return ModulePermissionController.HasModuleAccess(AccessLevel, PermissionKey, activeModule);
}
return false;
}
/// <summary>
/// Co-ordinates check of authorization and handles Auth failure. Should rarely be overridden.
/// </summary>
/// <param name="actionContext"></param>
protected virtual void OnAuthorization(HttpActionContext actionContext)
{
Requires.NotNull("actionContext", actionContext);
const string failureMessage = "Authorization has been denied for this request.";
var authFilterContext = new AuthFilterContext(actionContext, failureMessage);
if (!IsAuthorized(authFilterContext))
{
authFilterContext.HandleUnauthorizedRequest();
}
}
public override bool IsAuthorized(AuthFilterContext context)
{
var module = FindModuleInfo(context.ActionContext.Request);
if (module != null)
{
return(ModuleIsSupported(module));
}
return(false);
}
public override bool IsAuthorized(AuthFilterContext context)
{
var module = FindModuleInfo(context.ActionContext.Request);
if (module != null)
{
return ModuleIsSupported(module);
}
return false;
}
public override bool IsAuthorized(AuthFilterContext context)
{
var activeModule = FindModuleInfo(context.ActionContext.Request);
if (activeModule != null)
{
return(ModulePermissionController.HasModuleAccess(AccessLevel, PermissionKey, activeModule));
}
return(false);
}
/// <summary>
/// Tests if the request passes the authorization requirements
/// </summary>
/// <param name="context">The auth filter context</param>
/// <returns>True when authorization is succesful</returns>
public override bool IsAuthorized(AuthFilterContext context)
{
var principal = Thread.CurrentPrincipal;
if (!principal.Identity.IsAuthenticated)
{
return false;
}
var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
return currentUser.IsSuperUser;
}
/// <summary>
/// Co-ordinates check of authorization and handles Auth failure. Should rarely be overridden.
/// </summary>
/// <param name="actionContext"></param>
protected virtual void OnAuthorization(HttpActionContext actionContext)
{
Requires.NotNull("actionContext", actionContext);
const string failureMessage = "Authorization has been denied for this request.";
var authFilterContext = new AuthFilterContext(actionContext, failureMessage);
if (!IsAuthorized(authFilterContext))
{
authFilterContext.HandleUnauthorizedRequest();
}
}
/// <summary>
/// Tests if the request passes the authorization requirements
/// </summary>
/// <param name="context">The auth filter context</param>
/// <returns>True when authorization is succesful</returns>
public override bool IsAuthorized(AuthFilterContext context)
{
var principal = Thread.CurrentPrincipal;
if (!principal.Identity.IsAuthenticated)
{
return(false);
}
var currentUser = TestablePortalController.Instance.GetCurrentPortalSettings().UserInfo;
return(currentUser.IsSuperUser);
}
/// <summary>
/// Called by framework at start of Auth process, check if auth should be skipped and handles auth failure. Should rarely need to be overridden.
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(HttpActionContext actionContext)
{
Requires.NotNull("actionContext", actionContext);
if (SkipAuthorization(actionContext))
{
return;
}
const string failureMessage = "Authorization has been denied for this request.";
var authFilterContext = new AuthFilterContext(actionContext, failureMessage);
if (!IsAuthorized(authFilterContext))
{
authFilterContext.HandleUnauthorizedRequest();
}
}
protected string GetAntiForgeryCookieValue(AuthFilterContext context)
{
foreach (var cookieValue in context.ActionContext.Request.Headers.GetValues("Cookie"))
{
var nameIndex = cookieValue.IndexOf(AntiForgery.Instance.CookieName, StringComparison.InvariantCultureIgnoreCase);
if (nameIndex > -1)
{
var valueIndex = nameIndex + AntiForgery.Instance.CookieName.Length + 1;
var valueEndIndex = cookieValue.Substring(valueIndex).IndexOf(';');
return(valueEndIndex > -1 ? cookieValue.Substring(valueIndex, valueEndIndex) : cookieValue.Substring(valueIndex));
}
}
return("");
}
/// <summary>
/// Called by framework at start of Auth process, check if auth should be skipped and handles auth failure. Should rarely need to be overridden.
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(HttpActionContext actionContext)
{
Requires.NotNull("actionContext", actionContext);
if (SkipAuthorization(actionContext))
{
return;
}
const string failureMessage = "Authorization has been denied for this request.";
var authFilterContext = new AuthFilterContext(actionContext, failureMessage);
if (!IsAuthorized(authFilterContext))
{
authFilterContext.HandleUnauthorizedRequest();
}
}
public override bool IsAuthorized(AuthFilterContext context)
{
try
{
string cookieValue = GetAntiForgeryCookieValue(context);
var token = context.ActionContext.Request.Headers.GetValues("RequestVerificationToken").FirstOrDefault();
AntiForgery.Instance.Validate(cookieValue, token);
}
catch (Exception e)
{
context.AuthFailureMessage = e.Message;
return(false);
}
return(true);
}
public override bool IsAuthorized(AuthFilterContext context)
{
try
{
string cookieValue = GetAntiForgeryCookieValue(context);
var token = context.ActionContext.Request.Headers.GetValues("RequestVerificationToken").FirstOrDefault();
AntiForgery.Instance.Validate(cookieValue, token);
}
catch(Exception e)
{
context.AuthFailureMessage = e.Message;
return false;
}
return true;
}
public override bool IsAuthorized(AuthFilterContext context)
{
Requires.NotNull("context", context);
var identity = Thread.CurrentPrincipal.Identity;
if (!identity.IsAuthenticated)
{
return(false);
}
if (this._denyRolesSplit.Any())
{
var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
if (!currentUser.IsSuperUser && this._denyRolesSplit.Any(currentUser.IsInRole))
{
return(false);
}
}
if (this._staticRolesSplit.Any())
{
var currentUser = PortalController.Instance.GetCurrentPortalSettings().UserInfo;
if (!this._staticRolesSplit.Any(currentUser.IsInRole))
{
return(false);
}
}
// if the attribute opted in explicitly for specific authentication types, then
// use it; otherwise use the defaults according to settings in the web.config.
var currentAuthType = (identity.AuthenticationType ?? string.Empty).Trim();
if (currentAuthType.Length > 0)
{
if (this._authTypesSplit.Any())
{
return(this._authTypesSplit.Contains(currentAuthType));
}
return(DefaultAuthTypes.Contains(currentAuthType));
}
return(true);
}
public void LocatesCookie(string cookieFormat, string cookieName, string cookieValue)
{
//Arrange
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/");
request.Headers.Add("Cookie", string.Format(cookieFormat, cookieName, cookieValue));
request.Headers.Add("RequestVerificationToken", "anything_is_fine");
var config = new HttpConfiguration();
var controllerContext = new HttpControllerContext(config, new HttpRouteData(new HttpRoute()), request);
var actionContext = new HttpActionContext(controllerContext, new Mock<HttpActionDescriptor>().Object);
var authFilterContext = new AuthFilterContext(actionContext, "");
var mockAntiForgery = new Mock<IAntiForgery>();
mockAntiForgery.Setup(x => x.CookieName).Returns(cookieName);
AntiForgery.SetTestableInstance(mockAntiForgery.Object);
//Act
var vaft = new ValidateAntiForgeryTokenAttribute();
vaft.IsAuthorized(authFilterContext);
//Assert
mockAntiForgery.Verify(x => x.Validate(cookieValue, It.IsAny<string>()), Times.Once());
}
protected string GetAntiForgeryCookieValue(AuthFilterContext context)
{
foreach (var cookieValue in context.ActionContext.Request.Headers.GetValues("Cookie"))
{
var nameIndex = cookieValue.IndexOf(AntiForgery.Instance.CookieName, StringComparison.InvariantCultureIgnoreCase);
if(nameIndex > -1)
{
var valueIndex = nameIndex + AntiForgery.Instance.CookieName.Length + 1;
var valueEndIndex = cookieValue.Substring(valueIndex).IndexOf(';');
if (valueEndIndex > -1)
{
return cookieValue.Substring(valueIndex, valueEndIndex);
}
else
{
return cookieValue.Substring(valueIndex);
}
}
}
return "";
}
/// <summary> /// Tests if the request passes the authorization requirements /// </summary> /// <param name="context">The auth filter context</param> /// <returns>True when authorization is succesful</returns> public abstract bool IsAuthorized(AuthFilterContext context);
/// <summary> /// Tests if the request passes the authorization requirements /// </summary> /// <param name="context">The auth filter context</param> /// <returns>True when authorization is succesful</returns> public abstract bool IsAuthorized(AuthFilterContext context);
