private void OnPreRequestHandlerExecute(object sender, EventArgs args)
{
HttpApplication app = sender as HttpApplication;
if (app != null)
{
Page page = app.Context.Handler as Page;
string url = app.Request.Url.AbsolutePath;
if (false == url.EndsWith(".aspx", StringComparison.InvariantCultureIgnoreCase))
{
url += ".aspx";
}
var allowedAnonymous = authorSvc.GetAllowAnonymousResources();
if (page != null &&
false == allowedAnonymous.Contains(url, StringComparer.InvariantCultureIgnoreCase) &&
0 != string.Compare(FormsAuthentication.LoginUrl, url, true))
{
bool unauthenticated = app.User.Identity.IsAuthenticated == false;
if (unauthenticated)
{
page.Session.Abandon();
app.AbortResponse(401);
}
else
{
string authenName = page.User.Identity.Name;
string sessionOnwer = page.Session[Const.SessionOwnerKey] as string ?? string.Empty;
if (SingleSessionAuthen && 0 != string.Compare(authenName, sessionOnwer, true))
{
app.AbortResponse(401);
}
else
{
var deniedPages = authorSvc.GetDeniedResources(authenName);
string appUrl = app.Request.AppRelativeCurrentExecutionFilePath;
if ((deniedPages.Contains(url, StringComparer.InvariantCultureIgnoreCase) ||
deniedPages.Contains(appUrl, StringComparer.InvariantCultureIgnoreCase)))
{
app.AbortResponse(403);
}
else
{
page.InitComplete += (s, a) => { PreRenderPage.OnInitComplete(authorSvc, s, a); };
page.PreRender += (s, a) => { PreRenderPage.OnPreRender(authorSvc, s, a); };
page.Init += (s, a) =>
{
Page p = s as Page;
if (null != p)
{
p.ViewStateUserKey = KeySault + p.Session.SessionID;
}
};
}
}
}
}
}
}