예제 #1
0
        /// <summary>
        /// Stores the specified value using the given key within the session.
        /// </summary>
        /// <param name="key">The key.</param>
        /// <param name="value">The value.</param>
        /// <remarks>
        /// This member is thread-safe.
        /// </remarks>
        public static void SetSessionValue(SessionFacadeKey key, object value)
        {
            // Check if the session is available.
            if (HttpContext.Current.Session == null)
            {
                throw new SessionNotAvailableException("The session is not available.");
            }

            // If the session is hijacked, throw an exception.
            if (!IsClientValid())
            {
                throw new SecurityException(string.Format(CultureInfo.CurrentUICulture,
                                                          "The session was hijacked by '{0}'.", HttpContext.Current.Request.UserHostAddress));
            }

            // Store the value within the session.
            HttpContext.Current.Session[key.ToString()] = value;
        }
예제 #2
0
        /// <summary>
        /// Gets the value for the specified key out of the session.
        /// </summary>
        /// <typeparam name="T">The type of the value.</typeparam>
        /// <param name="key">The key of the value.</param>
        /// <returns>The value.</returns>
        /// <remarks>
        /// This member is thread-safe.
        /// </remarks>
        public static T GetSessionValue <T>(SessionFacadeKey key)
        {
            // Create a shortcut to the session.
            var session = HttpContext.Current.Session;

            // Check if the session is available. If not, throw an exception.
            if (session == null)
            {
                if (key == SessionFacadeKey.CurrentlyLoggedOnUser)
                {
                    return((T)CreateAnonymousUser());
                }

                throw new SessionNotAvailableException("The session is not available.");
            }

            // If the session is hijacked, throw an exception.
            if (!IsClientValid())
            {
                throw new SecurityException(string.Format(
                                                CultureInfo.CurrentUICulture, "The session was hijacked by '{0}'.",
                                                HttpContext.Current.Request.UserHostAddress));
            }

            // Some keys need special handling, so check them. If no special handling is required,
            // the default case tries to get the value from the session and returns it to the
            // caller.
            switch (key)
            {
            case SessionFacadeKey.CurrentlyLoggedOnUser:
                // In the case the currently logged on user is requested, it is not enough to
                // return the user to the caller, since this would be a simple IClaimsPrincipal
                // object. Instead, an instance that fulfills IUser is created. If no currently
                // logged on user exists, an anonymous user is returned.
                if (session[SessionFacadeKey.CurrentlyLoggedOnUser.ToString()] == null)
                {
                    // Check whether a user has just been logged in. If not, return an anonymous
                    // user.
                    if (!HttpContext.Current.User.Identity.IsAuthenticated)
                    {
                        // No user is logged on, so return the anonymous user.
                        return((T)CreateAnonymousUser());
                    }

                    // Obviously, a user has just logged in, but was not persisted to the
                    // session yet, so do it now.
                    session[SessionFacadeKey.CurrentlyLoggedOnUser.ToString()] =
                        HttpContext.Current.User;
                }

                // Get the currently logged on user.
                var principal =
                    session[SessionFacadeKey.CurrentlyLoggedOnUser.ToString()] as IClaimsPrincipal;

                // Wrap the user.
                var user = _container.Resolve <IUser>();
                user.SecurityId       = _container.Resolve <ISecurityId>();
                user.SecurityId.Value = GetClaimValue(principal, ClaimTypes.SecurityId).ToOrDefault <Guid>();
                user.FullName         = GetClaimValue(principal, ClaimTypes.Name);
                user.Login            = GetClaimValue(principal, ClaimTypes.Login);
                user.IsAdministrator  = true;

                // Return the user to the caller.
                return((T)user);

            default:
                // Get the object from the session.
                object value = session[key.ToString()];

                // If the value was not in the session, return a default value.
                if (value == null)
                {
                    return(default(T));
                }

                // Otherwise, return the value to the caller.
                return((T)value);
            }
        }