/// <summary>
/// Verifica que el usuario tenga permisos al módulo indicado
/// </summary>
/// <returns></returns>
//public static bool TestPermission(SSOModule module)
//{
// if (!module.IsProtected)
// return true;
// else
// {
// if (SSOHelper.CurrentIdentity.IsGlobalAdministrator || SSOHelper.CurrentIdentity.IsApplicationAdministrator)
// return true;
// else
// return SSOHelper.GetUserPermissions().Contains(module.Id);
// }
//}
public static bool TestPermissionByEfector(SSOModule module)
{
if (!module.IsProtected)
{
return(true);
}
else
{
if (SSOHelper.CurrentIdentity.IsGlobalAdministrator || SSOHelper.CurrentIdentity.IsApplicationAdministrator)
{
return(true);
}
else
{
return(SSOHelper.GetUserPermissionsByEfector().Contains(module.Id));
}
}
}
private bool RequireAccess(SSOModule module)
{
if (!module.IsProtected)
{
return(true);
}
else
{
if (SSOHelper.TestPermissionByEfector(module))
{
SSOHelper.CurrentIdentity.BeginAccess(module);
return(true);
}
else
{
return(false);
}
}
}
/// <summary>
/// Busca un módulo
/// </summary>
/// <param name="url">URL del módulo</param>
/// <returns></returns>
public static SSOModule FindModule(Uri url)
{
return(SSOModule.FindByURL(url));
}
internal static SSOModule FindByURL(Uri url)
{
/* Here's the basic pattern:
* - Check the cache for the value, return if its available
* - If the value is not in the cache, then implement a lock
* - Inside the lock, check the cache again, you might have been blocked
* - Perform the value look up and cache it
* - Release the lock
*/
string urlString = url.ToString();
SortedDictionary <string, SSOModule> urls = SSOHelper.MembershipProvider.UseCache ? HttpContext.Current.Cache["Salud.Security.SSO.URLs"] as SortedDictionary <string, SSOModule> : null;
if (urls != null && urls.ContainsKey(urlString))
{
return(urls[urlString]);
}
else
{
lock (cacheLock)
{
// Busca de nuevo (ver explicación más arriba)
urls = SSOHelper.MembershipProvider.UseCache ? HttpContext.Current.Cache["Salud.Security.SSO.URLs"] as SortedDictionary <string, SSOModule> : null;
if (urls != null && urls.ContainsKey(urlString))
{
return(urls[urlString]);
}
else
{
// Busca en el caché de módulos
List <SSOModule> modules = SSOHelper.MembershipProvider.UseCache ? HttpContext.Current.Cache["Salud.Security.SSO.Modules"] as List <SSOModule> : null;
if (modules == null)
{
using (Data.DataContext DataContext = SSOHelper.GetDataContext())
{
var query = from module in DataContext.SSO_Modules
join pages in DataContext.SSO_ModulePages on module.id equals pages.moduleId into joined
from page in joined.DefaultIfEmpty()
where module.SSO_Applications.url != null && module.SSO_Applications.url.Length > 0
orderby module.SSO_Applications.url + "/" + ((page == null) ? "" : page.page) descending /* Este orden permite que primero haga el matching en las URLS XX/YY/ZZ, luego en XX/YY, luego en XX, ... */
select new SSOModule(module.SSO_Applications, module.id, module.module, module.SSO_Applications.url + "/" + ((page == null) ? "" : page.page), module.name, module.description, module.@protected, module.interfase_image, module.interfase_priority, module.interfase_visible, module.groupId);
modules = query.ToList();
HttpContext.Current.Cache["Salud.Security.SSO.Modules"] = modules;
}
}
var result = modules.FirstOrDefault(r => r.MatchURL(url));
if (result == null)
{
// Busca un nivel más arriba (XX/YY/ZZ --> XX/YY)
string s = String.Format("{0}{1}{2}{3}", url.Scheme, Uri.SchemeDelimiter, url.Authority, url.AbsolutePath);
if (s.EndsWith("/"))
{
s = s.Substring(0, s.Length - 1);
}
s = s.Substring(0, s.LastIndexOf('/'));
if (Uri.IsWellFormedUriString(s, UriKind.Absolute))
{
result = SSOModule.FindByURL(new Uri(s));
}
}
if (urls == null)
{
urls = new SortedDictionary <string, SSOModule>();
}
urls.Add(urlString, result);
HttpContext.Current.Cache["Salud.Security.SSO.URLs"] = urls;
return(result);
}
}
}
}
private void Application_AuthenticateRequest(object sender, EventArgs e)
{
SSOHelper.Authenticate();
if (!((SSOHelper.MembershipProvider.AllowAnonymousAccessToImages && IsImage()) || (SSOHelper.MembershipProvider.AllowAnonymousAccessToScripts && IsScript())))
{
SSOModule module = SSOModule.FindByURL(HttpContext.Current.Request.Url);
if (module == null)
{
if (SSOHelper.MembershipProvider.AlwaysAuthenticate && (SSOHelper.CurrentIdentity == null || SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Inexistent))
{
SSOHelper.RedirectToSSOPage("Login.aspx", HttpContext.Current.Request.Url.ToString());
}
else
{
if (SSOHelper.CurrentIdentity == null || SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Inexistent)
{
HttpContext.Current.User = null;
}
else
if (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod)
{
SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity);
}
}
}
else
{
// Check if it needs to authenticate
if (SSOHelper.MembershipProvider.AlwaysAuthenticate || module.IsProtected)
{
if (SSOHelper.CurrentIdentity == null)
{
SSOHelper.RedirectToSSOPage("Login.aspx", HttpContext.Current.Request.Url.ToString());
}
else
{
switch (SSOHelper.CurrentIdentity.State)
{
case SSOIdentitySessionState.Ok:
if (RequireAccess(module))
{
// Access allowed --> Update timeout
if (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod)
{
SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity);
}
}
else
{
SSOHelper.RedirectToErrorPage(403, 0, null);
}
break;
case SSOIdentitySessionState.Locked:
SSOHelper.RedirectToSSOPage("LockSession.aspx", HttpContext.Current.Request.Url.ToString());
break;
case SSOIdentitySessionState.Inexistent:
SSOHelper.RedirectToSSOPage("Login.aspx?timeout=1", HttpContext.Current.Request.Url.ToString());
break;
case SSOIdentitySessionState.SecurityError:
SSOHelper.RedirectToErrorPage(403, 4, null);
break;
}
}
}
else
{
// Access allowed --> Update timeout
if (SSOHelper.CurrentIdentity != null && SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Ok && (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod))
{
SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity);
}
}
}
}
}
