public bool CanEdit(string username, string password) { try { if (HttpContext.Current.Request.IsAuthenticated) { UserToken token = SiteSecurity.GetToken(User.Identity.Name); if (token.Role == "admin") { return(true); } } return(SiteSecurity.Login(username, password).Role == "admin"); } catch { return(false); } }
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { if (Request.IsAuthenticated == true) { string role = null; // Create the roles cookie if it doesn't exist yet for this session. if ((Request.Cookies["portalroles"] == null) || (Request.Cookies["portalroles"].Value == "")) { // Get roles from UserRoles table, and add to cookie UserToken token = SiteSecurity.GetToken(User.Identity.Name); if (token != null) { role = token.Role; // Create a cookie authentication ticket. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // version Context.User.Identity.Name, // user name DateTime.Now, // issue time DateTime.Now.AddHours(1), // expires every hour false, // don't persist cookie role // roles ); // Encrypt the ticket String cookieStr = FormsAuthentication.Encrypt(ticket); // Send the cookie to the client Response.Cookies["portalroles"].Value = cookieStr; Response.Cookies["portalroles"].Path = "/"; Response.Cookies["portalroles"].Expires = DateTime.Now.AddMinutes(1); } else { // This is hit for the case where the user // has a cookie that points to an out of date // user name. Basically we have to un-authenticate // and redirect... // // Log User Off from Cookie Authentication System FormsAuthentication.SignOut(); // Invalidate roles token Response.Cookies["portalroles"].Value = null; Response.Cookies["portalroles"].Expires = new System.DateTime(1999, 10, 12); Response.Cookies["portalroles"].Path = "/"; } } else { // Get roles from roles cookie FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies["portalroles"].Value); role = ticket.UserData; } // Add our own custom principal to the request containing the roles in the auth ticket Context.User = new GenericPrincipal(Context.User.Identity, new string[] { role }); } }