protected override bool AuthorizeCore(HttpContextBase httpContext) { var context = httpContext; var routeData = RouteTable.Routes.GetRouteData(context); if (routeData == null) return false; if (string.IsNullOrEmpty(context.User.Identity.Name)) return false; if (context.User.Identity.IsAuthenticated) { var controllerName = routeData.GetRequiredString("controller"); var actionName = routeData.GetRequiredString("action"); var userName = context.User.Identity.Name; var config = new ConfigAuthorized { Controller = controllerName.ToLower(), Action = actionName.ToLower(), Perfil = Security.GetPerfilByUserName(userName).ToLower() }; if (!IsAuthorized(config)) { context.Response.StatusCode = 530; context.Response.TrySkipIisCustomErrors = true; context.Response.End(); return false; } return true; } return false; }
private static bool IsAuthorized(ConfigAuthorized config) { var context = HttpContext.Current; XDocument xDoc = null; if (context.Cache["ControllerActionsSecurity"] == null) { var path = HttpContext.Current.Server.MapPath(@"~/MenuActionSecurity.xml"); xDoc = XDocument.Load(path); context.Cache.Insert("ControllerActionsSecurity", xDoc); } xDoc = (XDocument)context.Cache["ControllerActionsSecurity"]; var xElement = xDoc.Descendants("menuitem"); var elements = xElement.Elements(); var perfil = (from e in elements where ((string) e.Attribute("controller")) == config.Controller && ((string) e.Attribute("action")).Split(',').Contains(config.Action) select e); return perfil.Any(element => PerfilIsValid(element, config.Perfil)); }