Esempio n. 1
0
        public static bool HasRole(this ControllerBase controller, string role)
        {
            bool bFound = false;

            try
            {
                //Check if the requesting user has the specified role...
                bFound = new FASMUser(HttpContext.Current.Session["user"].ToString()).HasRole(role);
            }
            catch { }
            return(bFound);
        }
Esempio n. 2
0
        public static bool HasPermission(this ControllerBase controller, string permission)
        {
            bool bFound = false;

            try
            {
                //Check if the requesting user has the specified application permission...
                bFound = new FASMUser(HttpContext.Current.Session["user"].ToString()).HasPermission(permission);
            }
            catch { }
            return(bFound);
        }
Esempio n. 3
0
        public static bool IsSysAdmin(this ControllerBase controller)
        {
            bool bIsSysAdmin = false;

            try
            {
                //Check if the requesting user has the System Administrator privilege...
                bIsSysAdmin = new FASMUser(HttpContext.Current.Session["user"].ToString()).IsSysAdmin;
            }
            catch { }
            return(bIsSysAdmin);
        }
Esempio n. 4
0
        public static bool HasRoles(this ControllerBase controller, string roles)
        {
            bool bFound = false;

            try
            {
                //Check if the requesting user has any of the specified roles...
                //Make sure you separate the roles using ; (ie "Sales Manager;Sales Operator"
                bFound = new FASMUser(HttpContext.Current.Session["user"].ToString()).HasRoles(roles);
            }
            catch { }
            return(bFound);
        }
Esempio n. 5
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);

            if (skipAuthorization)
            {
                return;
            }
            //if (filterContext.HttpContext.Request.IsAjaxRequest())
            //{
            //    if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            //    {
            //        filterContext.HttpContext.Response.StatusCode = 401;
            //        filterContext.Result = new HttpStatusCodeResult(401, "Please login to continue");
            //        filterContext.HttpContext.Response.End();
            //        //FormsAuthentication.SignOut();
            //    }
            //}

            if (HttpContext.Current.Session["user"] == null)
            {
                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                    { "action", "Login" }, { "controller", "Accounts" }
                });
            }
            else
            {
                //Create permission string based on the requested controller name and action name in the format 'controllername-action'
                string requiredPermission = String.Format("{0}-{1}", filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName);

                //Create an instance of our custom user authorization object passing requesting user's 'Windows Username' into constructor
                FASMUser requestingUser = new FASMUser(HttpContext.Current.Session["user"].ToString());
                //Check if the requesting user has the permission to run the controller's action
                if (!(requestingUser.HasPermission(requiredPermission))) //& !requestingUser.IsSysAdmin
                {
                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                        { "action", "Index" }, { "controller", "Unauthorized" }
                    });
                }
                //If the user has the permission to run the controller's action, then filterContext.Result will be uninitialized and
                //executing the controller's action is dependant on whether filterContext.Result is uninitialized.
            }
        }