예제 #1
0
    /// <summary>
    /// For REST pages only.
    /// Requires to be authenticated and be a user of the required type to
    /// gain access to this ressource, otherwise the response ends prematurely
    /// giving information about the REST URLs for log-in, sign-up and the
    /// requiredLevel of the page (user type).
    /// </summary>
    /// <param name="response"></param>
    /// <param name="type"></param>
    public static void RestRequiresUser(this HttpResponseBase response, LcData.UserInfo.UserType type = LcData.UserInfo.UserType.User)
    {
        var info = new
        {
            requiredLevel = type.ToString(),
            login         = LcUrl.LangPath + "rest/login",
            signup        = LcUrl.LangPath + "rest/signup"
        };

        if (WebMatrix.WebData.WebSecurity.IsAuthenticated)
        {
            if (type.HasFlag(LcData.UserInfo.UserType.User))
            {
                // valid
                return;
            }

            var user = LcData.UserInfo.GetUserRow();

            if (// Provider
                type.HasFlag(LcData.UserInfo.UserType.Provider) &&
                user.IsProvider == true ||
                // Admin
                type.HasFlag(LcData.UserInfo.UserType.Admin) &&
                user.IsAdmin == true)
            {
                // valid
                return;
            }

            // Forbidden
            response.StatusCode = 403;
        }
        else
        {
            // Unauthorized
            response.StatusCode = 401;
        }

        // IMPORTANT: Ugly Forms Authentication do redirects when a response 401/403 is sent,
        // so it overrides everything sent by the asp.net default behavior of redirect
        // to login pages.
        // Disabling authentication solve it, but too we lost forms authentication and we need it.
        // So, we double override that behavior in global.asax EndRequest
        // showing the expected JSON response by passing it in a header to global.asax,
        // its set in the body and cleared from the header.
        response.AddHeader("REST-Code", response.StatusCode.ToString());
        response.AddHeader("REST", Json.Encode(info));

        // This will work for 403 and when webforms authentication is disabled, otherwise
        // is done twice in global.asax to ensure is sent
        response.ContentType = "application/json";
        Json.Write(info, response.Output);
        response.End();
    }
예제 #2
0
    /// <summary>
    /// For REST pages only.
    /// Requires to be authenticated and be a user of the required type to
    /// gain access to this ressource, otherwise the response ends prematurely
    /// giving information about the REST URLs for log-in, sign-up and the
    /// requiredLevel of the page (user type).
    /// </summary>
    /// <param name="response"></param>
    /// <param name="type"></param>
    public static void RestRequiresUser(this HttpResponseBase response, LcData.UserInfo.UserType type = LcData.UserInfo.UserType.User)
    {
        var info = new
        {
            requiredLevel = type.ToString(),
            login         = LcUrl.LangPath + "rest/login",
            signup        = LcUrl.LangPath + "rest/signup"
        };

        if (WebMatrix.WebData.WebSecurity.IsAuthenticated)
        {
            if (type.HasFlag(LcData.UserInfo.UserType.LoggedUser))
            {
                // valid
                return;
            }

            var user = LcData.UserInfo.GetUserRow();

            if (// Provider
                type.HasFlag(LcData.UserInfo.UserType.Provider) &&
                user.IsProvider == true ||
                // Admin
                type.HasFlag(LcData.UserInfo.UserType.Admin) &&
                user.IsAdmin == true ||
                type.HasFlag(LcData.UserInfo.UserType.Client) &&
                user.IsCustomer == true)
            {
                // valid
                return;
            }

            // Forbidden
            response.StatusCode = 403;
        }
        else
        {
            // Unauthorized
            response.StatusCode = 401;
        }

        ThrowHttpAuthError(response, info);
    }
예제 #3
0
 public void RequiresUser(LcData.UserInfo.UserType userType)
 {
     this.WebPage.Response.RestRequiresUser(userType);
 }