private SecurableAttribute GetSecurable(AuthorizationContext filterContext) { //Authorize by action if method applies securable attribute object lSecurableMethodAttribute = (from a in filterContext.ActionDescriptor.GetCustomAttributes(false) where a is SecurableAttribute select a).FirstOrDefault(); SecurableAttribute lSecurableMethod = lSecurableMethodAttribute as SecurableAttribute; if (lSecurableMethod != null) { return(lSecurableMethod); } ControllerBase lController = filterContext.Controller; object lSecurableObject = (from a in lController.GetType().GetCustomAttributes(false) where a is SecurableAttribute select a).FirstOrDefault(); SecurableAttribute lSecurable = lSecurableObject as SecurableAttribute; if (lSecurable == null) { string lExceptionMessage = string.Format("{0} is missing required attribute {1} which should be applied to the controller or the action being invoked", lController.GetType().Name, typeof(SecurableAttribute).Name); throw new NotImplementedException(lExceptionMessage); } return(lSecurable); }
protected override void OnPreLoad(EventArgs e) { SecurableAttribute securableAttribute = this.GetType().GetCustomAttributes(true).SingleOrDefault(y => y.GetType() == typeof(SecurableAttribute)) as SecurableAttribute; if (securableAttribute != null && securableAttribute.SecurableNames != null && !UserHasSecurable(securableAttribute.SecurableNames)) { RedirectToLogin(); return; } base.OnPreLoad(e); }
public void OnAuthorization(AuthorizationContext filterContext) { // If the user is authenticated but does not yet exist in the system, redirect them to the "NewProfile" page if (filterContext.HttpContext.User.Identity.IsAuthenticated && CheckPoint.Instance.User == null && filterContext.ActionDescriptor.ActionName != "NewProfile" && filterContext.ActionDescriptor.ActionName != "CompleteProfile") { filterContext.Result = new RedirectResult("/Account/NewProfile"); return; } // Stop if the action/controller allows anonymous access if (this.AllowAnonymous(filterContext)) { return; } SecurableAttribute lSecurable = this.GetSecurable(filterContext); try { if (lSecurable != null && lSecurable.SecurableNames != null && lSecurable.SecurableNames.Length > 0) { if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { throw new AuthorizationException(UNKNOWN_USERNAME, lSecurable.SecurableNames); } string lUserName = filterContext.HttpContext.User.Identity.Name; string lOrganizationName = CheckPoint.Instance.OrganizationName; this.AssertAuthorized(lUserName, lOrganizationName, lSecurable.SecurableNames); } } catch (AuthorizationException) { string url = string.Format(LOGIN_URL_FORMAT, filterContext.HttpContext.Request.Url.PathAndQuery); filterContext.Result = new RedirectResult(url); } this.AuditLogin(); }