private bool AllowAnonymousAccess(HttpApplication app) { // for non-RestNet requests - aspx, images, etc. bypass security by always allowing if (!IsRestNetRequest(app)) { return(true); } IPrincipal prevUser = app.Context.User; IPrincipal prevPrincipal = _userPrincipal; try { // Create temporary anonymous user so all our security methods work RestNetUser user = new RestNetUser("Anonymous", string.Empty, "Restnet.RestNetUser", false, new string[] { }); _userPrincipal = new GenericPrincipal(user, new string[] { }); app.Context.User = _userPrincipal; string resourceName = app.Context.Request.QueryString["resourceName"]; if (resourceName == null) { resourceName = GetResourceNameFromUrl(app.Request); } bool allowAnonymous = RestNet.AuthUtils.UserHasRightsToThisMethod(resourceName, app.Context.Request.HttpMethod, new HttpContextWrapper(app.Context)); return(allowAnonymous); } catch { throw; } finally { // restore previous user _userPrincipal = prevPrincipal; app.Context.User = prevUser; } }
public static bool IsUserInRole(string securityType, string roleKey, System.Web.HttpContextBase context) { // anonymous user if (context.User == null) { return(false); } switch (securityType) { case "role": return(ResourceBase.IsUserInRole(context.User, roleKey) || context.User.IsInRole(roleKey)); case "group": RestNetUser rUser = (RestNetUser)context.User.Identity; return(rUser.isInRole(roleKey)); case "none": return(true); default: throw ErrorHandler.HttpConfigurationError("The RestNetSecurityType setting in web.config contains an unknown value. Valid values are 'role', 'group', or 'none'"); } }