public static bool HasAdminPermission(this ControllerBase controller) { bool bFound = false; try { //Check if the requesting user has the specified application permission... bFound = new FreezeDownUser(controller.ControllerContext.HttpContext.User.Identity.Name).HasAdminPermission(); } catch { } return(bFound); }
public static bool HasRole(this ControllerBase controller, string role) { bool bFound = false; try { //Check if the requesting user has the specified role... bFound = new FreezeDownUser(controller.ControllerContext.HttpContext.User.Identity.Name).HasRole(role); } catch { } return(bFound); }
public static bool HasRoles(this ControllerBase controller, string roles) { bool bFound = false; try { //Check if the requesting user has any of the specified roles... //Make sure you separate the roles using ; (ie "Sales Manager;Sales Operator" bFound = new FreezeDownUser(controller.ControllerContext.HttpContext.User.Identity.Name).HasRoles(roles); } catch { } return(bFound); }
public static bool IsSysAdmin(this ControllerBase controller) { bool bIsSysAdmin = false; try { string UserName = GetUID(); //Check if the requesting user has the System Administrator privilege... //bIsSysAdmin = new FreezeDownUser(controller.ControllerContext.HttpContext.User.Identity.Name).IsSysAdmin; bIsSysAdmin = new FreezeDownUser(UserName).IsSysAdmin; } catch (Exception ex) { var x = ex.Message; } return(bIsSysAdmin); }
public override void OnAuthorization(AuthorizationContext filterContext) { string UserName = FreezeDown_ExtendedMethods.GetUID(); //Create permission string based on the requested controller name and action name in the format 'controllername-action' string requiredPermission = String.Format("{0}-{1}", filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName); //FreezeDownUser requestingUser = new FreezeDownUser(filterContext.RequestContext.HttpContext.User.Identity.Name); FreezeDownUser requestingUser = new FreezeDownUser(UserName); //Check if the requesting user has the permission to run the controller's action if (!requestingUser.HasPermission(requiredPermission) & !requestingUser.IsSysAdmin) { //User doesn't have the required permission and is not a SysAdmin, return our custom “401 Unauthorized” access error //Since we are setting filterContext.Result to contain an ActionResult page, the controller's action will not be run. //The custom “401 Unauthorized” access error will be returned to the browser in response to the initial request. filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "Unauthorized" } }); } //If the user has the permission to run the controller's action, then filterContext.Result will be uninitialized and //executing the controller's action is dependant on whether filterContext.Result is uninitialized. }