/// <summary>
/// For REST pages only.
/// Requires to be authenticated and be a user of the required type to
/// gain access to this ressource, otherwise the response ends prematurely
/// giving information about the REST URLs for log-in, sign-up and the
/// requiredLevel of the page (user type).
/// </summary>
/// <param name="response"></param>
/// <param name="type"></param>
public static void RestRequiresUser(this HttpResponseBase response, LcData.UserInfo.UserType type = LcData.UserInfo.UserType.User)
{
var info = new
{
requiredLevel = type.ToString(),
login = LcUrl.LangPath + "rest/login",
signup = LcUrl.LangPath + "rest/signup"
};
if (WebMatrix.WebData.WebSecurity.IsAuthenticated)
{
if (type.HasFlag(LcData.UserInfo.UserType.User))
{
// valid
return;
}
var user = LcData.UserInfo.GetUserRow();
if (// Provider
type.HasFlag(LcData.UserInfo.UserType.Provider) &&
user.IsProvider == true ||
// Admin
type.HasFlag(LcData.UserInfo.UserType.Admin) &&
user.IsAdmin == true)
{
// valid
return;
}
// Forbidden
response.StatusCode = 403;
}
else
{
// Unauthorized
response.StatusCode = 401;
}
// IMPORTANT: Ugly Forms Authentication do redirects when a response 401/403 is sent,
// so it overrides everything sent by the asp.net default behavior of redirect
// to login pages.
// Disabling authentication solve it, but too we lost forms authentication and we need it.
// So, we double override that behavior in global.asax EndRequest
// showing the expected JSON response by passing it in a header to global.asax,
// its set in the body and cleared from the header.
response.AddHeader("REST-Code", response.StatusCode.ToString());
response.AddHeader("REST", Json.Encode(info));
// This will work for 403 and when webforms authentication is disabled, otherwise
// is done twice in global.asax to ensure is sent
response.ContentType = "application/json";
Json.Write(info, response.Output);
response.End();
}
/// <summary>
/// For REST pages only.
/// Requires to be authenticated and be a user of the required type to
/// gain access to this ressource, otherwise the response ends prematurely
/// giving information about the REST URLs for log-in, sign-up and the
/// requiredLevel of the page (user type).
/// </summary>
/// <param name="response"></param>
/// <param name="type"></param>
public static void RestRequiresUser(this HttpResponseBase response, LcData.UserInfo.UserType type = LcData.UserInfo.UserType.User)
{
var info = new
{
requiredLevel = type.ToString(),
login = LcUrl.LangPath + "rest/login",
signup = LcUrl.LangPath + "rest/signup"
};
if (WebMatrix.WebData.WebSecurity.IsAuthenticated)
{
if (type.HasFlag(LcData.UserInfo.UserType.LoggedUser))
{
// valid
return;
}
var user = LcData.UserInfo.GetUserRow();
if (// Provider
type.HasFlag(LcData.UserInfo.UserType.Provider) &&
user.IsProvider == true ||
// Admin
type.HasFlag(LcData.UserInfo.UserType.Admin) &&
user.IsAdmin == true ||
type.HasFlag(LcData.UserInfo.UserType.Client) &&
user.IsCustomer == true)
{
// valid
return;
}
// Forbidden
response.StatusCode = 403;
}
else
{
// Unauthorized
response.StatusCode = 401;
}
ThrowHttpAuthError(response, info);
}
public void RequiresUser(LcData.UserInfo.UserType userType)
{
this.WebPage.Response.RestRequiresUser(userType);
}