private void Application_BeginRequest(Object source, EventArgs e)
{
application = (HttpApplication)source;
context = application.Context;
var path = context.Request.Path;
var pathParts = path.Split('/');
var roleKey = "security:" + pathParts[1].ToLower();
var vals = WebConfigurationManager.AppSettings[roleKey];
if (vals.IsNullOrEmpty())
{
return;
}
var acceptedRoles = vals.Split(',');
var cookies = context.Request.Cookies;
var cookie = cookies.Get("UserID");
var userId = cookie != null ? cookie.Value : null;
if (!userId.IsNullOrEmpty())
{
StringBuilder sqlCheckUser = new StringBuilder();
sqlCheckUser.AppendFormat("EXEC [dbo].[spGetWebGroupForUser__cai] @WebUserId = {0}", userId);
DataAction action = new DataAction();
DataTable userResult = action.GetDataTable(sqlCheckUser.ToString());
bool hasRole = false;
if (userResult.Rows.Count > 0)
{
for (var i = 0; i < userResult.Rows.Count; i++)
{
string userRole = userResult.Rows[i][0].ToString();
foreach (string role in acceptedRoles)
{
if (role.ToLower().Equals(userRole.ToLower()))
{
hasRole = true;
break;
}
}
if (hasRole)
{
break;
}
}
}
if (!hasRole)
{
context.Response.Redirect(WebConfigurationManager.AppSettings["unauthorizedPage"]);
}
else
{
LogUserLoggedInEvent(path, userId /*, GetUserName(userId)*/);
}
}
else
{
HttpCookie c = new HttpCookie("ReturnToPage");
c.Expires = DateTime.Now.AddMinutes(15);
c.Value = context.Request.Url.ToString();
context.Response.SetCookie(c);
context.Response.Redirect(WebConfigurationManager.AppSettings["loginPage"]);
}
}
