public override void OnFormsAuthenticate(HttpContextBase context) { //// Ignore resource files if (UrlUtilities.IsCommonResource(context.Request.RawUrl)) return; var session = new UserSession(); // Forms authentication if (!SystemConfiguration.Instance.SecuritySettings.UseWindowAuthentication) { //Need to explicitly set User on this context again although we already did it in line: DashboardSession session = new DashboardSession(); //Dont really know why but it seems FormsAuthenticationEventArgs.Context and HttpContext.Current are different to each other in this case context.User = session.Principal; return; } //********************************************************************** //** Use windows authentication instead of forms authentication // Has user allready been verified for this session? string username = context.Request.ServerVariables["LOGON_USER"]; if (string.IsNullOrEmpty(username)) { //Anonymous user //Need to explicitly set User on this context again although we already did it in line: DashboardSession session = new DashboardSession(); //Dont really know why but it seems FormsAuthenticationEventArgs.Context and HttpContext.Current are different to each other in this case context.User = new WindowsPrincipal(WindowsIdentity.GetAnonymous()); return; } if (!session.IsAuthenticated()) { var user = SecurityUtility.GetUserByUsername(username); if (user == null) { context.User = new WindowsPrincipal(WindowsIdentity.GetAnonymous()); return; } //attach the user to current Dashboard session session = new UserSession(user); context.User = session.Principal; } }
public static UserSession Logout() { var session = new UserSession(); session.DoLogout(); return session; }