protected override void OnAuthorization(AuthorizationContext filterContext)
{
var httpContext = filterContext.HttpContext;
if (httpContext.Request.RequestType == "GET" &&
!httpContext.Request.IsAjaxRequest() &&
filterContext.IsChildAction == false) // do no overwrite if we do child action.
{
HttpContext.Session["PrevUrl"] = HttpContext.Session["CurUrl"] ?? httpContext.Request.Url;
HttpContext.Session["CurUrl"] = httpContext.Request.Url;
}
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var actionName = filterContext.ActionDescriptor.ActionName;
var claims = (ClaimsIdentity)filterContext.HttpContext.User.Identity;
var model = new ActionFilterModel
{
ID = claims.Claims.First(m => m.Type == ClaimTypes.Role).Value,
Action = actionName,
Controller = controllerName + "Controller"
};
var res = new AuthorizationRepository();
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
if (res.CheckAuthorized(model))
{
return;
}
var result = new ViewResult {
ViewName = "NoAccess"
};
filterContext.Result = result;
}
else
{
filterContext.Result = new RedirectToRouteResult(
new System.Web.Routing.RouteValueDictionary {
{ "controller", "Anonymous" }, { "action", "Login" }
}
);
}
}