private SecurableAttribute GetSecurable(AuthorizationContext filterContext)
{
//Authorize by action if method applies securable attribute
object lSecurableMethodAttribute = (from a in filterContext.ActionDescriptor.GetCustomAttributes(false)
where a is SecurableAttribute
select a).FirstOrDefault();
SecurableAttribute lSecurableMethod = lSecurableMethodAttribute as SecurableAttribute;
if (lSecurableMethod != null)
{
return(lSecurableMethod);
}
ControllerBase lController = filterContext.Controller;
object lSecurableObject = (from a in lController.GetType().GetCustomAttributes(false)
where a is SecurableAttribute
select a).FirstOrDefault();
SecurableAttribute lSecurable = lSecurableObject as SecurableAttribute;
if (lSecurable == null)
{
string lExceptionMessage = string.Format("{0} is missing required attribute {1} which should be applied to the controller or the action being invoked",
lController.GetType().Name, typeof(SecurableAttribute).Name);
throw new NotImplementedException(lExceptionMessage);
}
return(lSecurable);
}
protected override void OnPreLoad(EventArgs e)
{
SecurableAttribute securableAttribute = this.GetType().GetCustomAttributes(true).SingleOrDefault(y => y.GetType() == typeof(SecurableAttribute)) as SecurableAttribute;
if (securableAttribute != null && securableAttribute.SecurableNames != null && !UserHasSecurable(securableAttribute.SecurableNames))
{
RedirectToLogin();
return;
}
base.OnPreLoad(e);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
// If the user is authenticated but does not yet exist in the system, redirect them to the "NewProfile" page
if (filterContext.HttpContext.User.Identity.IsAuthenticated &&
CheckPoint.Instance.User == null &&
filterContext.ActionDescriptor.ActionName != "NewProfile" &&
filterContext.ActionDescriptor.ActionName != "CompleteProfile")
{
filterContext.Result = new RedirectResult("/Account/NewProfile");
return;
}
// Stop if the action/controller allows anonymous access
if (this.AllowAnonymous(filterContext))
{
return;
}
SecurableAttribute lSecurable = this.GetSecurable(filterContext);
try
{
if (lSecurable != null && lSecurable.SecurableNames != null && lSecurable.SecurableNames.Length > 0)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
throw new AuthorizationException(UNKNOWN_USERNAME, lSecurable.SecurableNames);
}
string lUserName = filterContext.HttpContext.User.Identity.Name;
string lOrganizationName = CheckPoint.Instance.OrganizationName;
this.AssertAuthorized(lUserName, lOrganizationName, lSecurable.SecurableNames);
}
}
catch (AuthorizationException)
{
string url = string.Format(LOGIN_URL_FORMAT, filterContext.HttpContext.Request.Url.PathAndQuery);
filterContext.Result = new RedirectResult(url);
}
this.AuditLogin();
}
