protected override bool AuthorizeCore(HttpContextBase httpContext) { if (SecurityExtensions.hasLogin(httpContext.User)) { return(true); } return(false); }
// public override void OnAuthorization(AuthorizationContext filterContext) { var OUser = filterContext.HttpContext.User; int idPerfilLogado = OUser.idPerfil(); // if (idPerfilLogado == PerfilAcessoConst.DESENVOLVEDOR) { return; } //Se houver filtro de anônimo na action if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any()) { return; } //Se houver filtro de anônimo na controller if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any()) { return; } //Caso seja uma action filha liberar o acesso if (filterContext.IsChildAction) { base.OnAuthorization(filterContext); return; } string areaName = UtilString.notNull(filterContext.RouteData.DataTokens["area"]); string controllerName = filterContext.RouteData.Values["controller"].ToString(); string actionName = filterContext.RouteData.Values["action"].ToString(); string method = filterContext.HttpContext.Request.HttpMethod; if (controllerName.StartsWith("login") || controllerName.StartsWith("erro")) { base.OnAuthorization(filterContext); return; } if (!SecurityExtensions.hasLogin(OUser)) { base.OnAuthorization(filterContext); if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "area", "Erros" }, { "controller", "Erro" }, { "action", "login-expirado" }, { "ReturnUrl", filterContext.HttpContext.Request.RawUrl } }); return; } filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "area", "permissao" }, { "controller", "login" }, { "action", "index" }, { "ReturnUrl", filterContext.HttpContext.Request.RawUrl } }); return; } if (!filterContext.HttpContext.Request.IsAjaxRequest() && OUser.flagAlterarSenha() == "S" && (controllerName != "usuariosistemaacesso" && actionName != "alterar-senha")) { base.OnAuthorization(filterContext); filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "area", "permissao" }, { "controller", "usuariosistemaacesso" }, { "action", "alterar-senha" }, { "ReturnUrl", filterContext.HttpContext.Request.RawUrl } }); return; } bool flagAutorizado = SecurityConfig.getInstance.verificarAutorizacao(filterContext.HttpContext); if (!flagAutorizado) { UtilLog.accessDenied(areaName, controllerName, actionName); base.OnAuthorization(filterContext); filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "area", "Erros" }, { "controller", "erro" }, { "action", "error403" }, { "ReturnUrl", filterContext.HttpContext.Request.RawUrl } }); } }