public VirtualHttpContextAccessor() { HttpContext = new VirtualHttpContext() { User = new ClaimsPrincipal(new VirtualIdentity()) }; }
public virtual bool GetIsAuthorized() { IController controller = null; RouteData routeData = null; VirtualHttpContext httpContext = null; var factory = ControllerBuilder.Current.GetControllerFactory(); if (_pathSet) { if (Path.StartsWith("~")) { var path = VirtualPathUtility.ToAppRelative(Path); if (Global.VirtualPathProvider.FileExists(path) || Global.VirtualPathProvider.DirectoryExists(path)) { // check hosting permissions if (UrlAuthorizationModule.CheckUrlAccessForPrincipal(path, HttpContext.Current.User, "GET")) { return(true); } } // get route date from path httpContext = new VirtualHttpContext(Path); routeData = RouteTable.Routes.GetRouteData(httpContext); if (routeData != null && routeData.Values.ContainsKey("controller")) { controller = factory.CreateController(new RequestContext(httpContext, routeData), routeData.Values["controller"].ToString()); } } else { return(true); } } else { routeData = new RouteData(); routeData.Values.Add("controller", ControllerName); routeData.Values.Add("action", Action); httpContext = new VirtualHttpContext(new UrlHelper(HttpContext.Current.Request.RequestContext).RouteUrl(routeData.Values)); controller = factory.CreateController(new RequestContext(httpContext, routeData), ControllerName); } // check mvc based authentication defined in attributes if (controller != null) { // check access based on standard authorization if (!UrlAuthorizationModule.CheckUrlAccessForPrincipal(httpContext.Request.AppRelativeCurrentExecutionFilePath, HttpContext.Current.User, "GET")) { return(false); } // check controller access var controllerContext = new ControllerContext(httpContext, routeData, controller as ControllerBase); var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); var actionDescriptor = controllerDescriptor.FindAction(controllerContext, controllerContext.RouteData.Values["action"]. ToString()); // check method access if (VirtualHttpContext.ActionIsAuthorized(controllerContext, actionDescriptor)) { return(true); } } return(false); }