/// <summary> /// Verifica que el usuario tenga permisos al módulo indicado /// </summary> /// <returns></returns> //public static bool TestPermission(SSOModule module) //{ // if (!module.IsProtected) // return true; // else // { // if (SSOHelper.CurrentIdentity.IsGlobalAdministrator || SSOHelper.CurrentIdentity.IsApplicationAdministrator) // return true; // else // return SSOHelper.GetUserPermissions().Contains(module.Id); // } //} public static bool TestPermissionByEfector(SSOModule module) { if (!module.IsProtected) { return(true); } else { if (SSOHelper.CurrentIdentity.IsGlobalAdministrator || SSOHelper.CurrentIdentity.IsApplicationAdministrator) { return(true); } else { return(SSOHelper.GetUserPermissionsByEfector().Contains(module.Id)); } } }
private bool RequireAccess(SSOModule module) { if (!module.IsProtected) { return(true); } else { if (SSOHelper.TestPermissionByEfector(module)) { SSOHelper.CurrentIdentity.BeginAccess(module); return(true); } else { return(false); } } }
/// <summary> /// Busca un módulo /// </summary> /// <param name="url">URL del módulo</param> /// <returns></returns> public static SSOModule FindModule(Uri url) { return(SSOModule.FindByURL(url)); }
internal static SSOModule FindByURL(Uri url) { /* Here's the basic pattern: * - Check the cache for the value, return if its available * - If the value is not in the cache, then implement a lock * - Inside the lock, check the cache again, you might have been blocked * - Perform the value look up and cache it * - Release the lock */ string urlString = url.ToString(); SortedDictionary <string, SSOModule> urls = SSOHelper.MembershipProvider.UseCache ? HttpContext.Current.Cache["Salud.Security.SSO.URLs"] as SortedDictionary <string, SSOModule> : null; if (urls != null && urls.ContainsKey(urlString)) { return(urls[urlString]); } else { lock (cacheLock) { // Busca de nuevo (ver explicación más arriba) urls = SSOHelper.MembershipProvider.UseCache ? HttpContext.Current.Cache["Salud.Security.SSO.URLs"] as SortedDictionary <string, SSOModule> : null; if (urls != null && urls.ContainsKey(urlString)) { return(urls[urlString]); } else { // Busca en el caché de módulos List <SSOModule> modules = SSOHelper.MembershipProvider.UseCache ? HttpContext.Current.Cache["Salud.Security.SSO.Modules"] as List <SSOModule> : null; if (modules == null) { using (Data.DataContext DataContext = SSOHelper.GetDataContext()) { var query = from module in DataContext.SSO_Modules join pages in DataContext.SSO_ModulePages on module.id equals pages.moduleId into joined from page in joined.DefaultIfEmpty() where module.SSO_Applications.url != null && module.SSO_Applications.url.Length > 0 orderby module.SSO_Applications.url + "/" + ((page == null) ? "" : page.page) descending /* Este orden permite que primero haga el matching en las URLS XX/YY/ZZ, luego en XX/YY, luego en XX, ... */ select new SSOModule(module.SSO_Applications, module.id, module.module, module.SSO_Applications.url + "/" + ((page == null) ? "" : page.page), module.name, module.description, module.@protected, module.interfase_image, module.interfase_priority, module.interfase_visible, module.groupId); modules = query.ToList(); HttpContext.Current.Cache["Salud.Security.SSO.Modules"] = modules; } } var result = modules.FirstOrDefault(r => r.MatchURL(url)); if (result == null) { // Busca un nivel más arriba (XX/YY/ZZ --> XX/YY) string s = String.Format("{0}{1}{2}{3}", url.Scheme, Uri.SchemeDelimiter, url.Authority, url.AbsolutePath); if (s.EndsWith("/")) { s = s.Substring(0, s.Length - 1); } s = s.Substring(0, s.LastIndexOf('/')); if (Uri.IsWellFormedUriString(s, UriKind.Absolute)) { result = SSOModule.FindByURL(new Uri(s)); } } if (urls == null) { urls = new SortedDictionary <string, SSOModule>(); } urls.Add(urlString, result); HttpContext.Current.Cache["Salud.Security.SSO.URLs"] = urls; return(result); } } } }
private void Application_AuthenticateRequest(object sender, EventArgs e) { SSOHelper.Authenticate(); if (!((SSOHelper.MembershipProvider.AllowAnonymousAccessToImages && IsImage()) || (SSOHelper.MembershipProvider.AllowAnonymousAccessToScripts && IsScript()))) { SSOModule module = SSOModule.FindByURL(HttpContext.Current.Request.Url); if (module == null) { if (SSOHelper.MembershipProvider.AlwaysAuthenticate && (SSOHelper.CurrentIdentity == null || SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Inexistent)) { SSOHelper.RedirectToSSOPage("Login.aspx", HttpContext.Current.Request.Url.ToString()); } else { if (SSOHelper.CurrentIdentity == null || SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Inexistent) { HttpContext.Current.User = null; } else if (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod) { SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity); } } } else { // Check if it needs to authenticate if (SSOHelper.MembershipProvider.AlwaysAuthenticate || module.IsProtected) { if (SSOHelper.CurrentIdentity == null) { SSOHelper.RedirectToSSOPage("Login.aspx", HttpContext.Current.Request.Url.ToString()); } else { switch (SSOHelper.CurrentIdentity.State) { case SSOIdentitySessionState.Ok: if (RequireAccess(module)) { // Access allowed --> Update timeout if (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod) { SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity); } } else { SSOHelper.RedirectToErrorPage(403, 0, null); } break; case SSOIdentitySessionState.Locked: SSOHelper.RedirectToSSOPage("LockSession.aspx", HttpContext.Current.Request.Url.ToString()); break; case SSOIdentitySessionState.Inexistent: SSOHelper.RedirectToSSOPage("Login.aspx?timeout=1", HttpContext.Current.Request.Url.ToString()); break; case SSOIdentitySessionState.SecurityError: SSOHelper.RedirectToErrorPage(403, 4, null); break; } } } else { // Access allowed --> Update timeout if (SSOHelper.CurrentIdentity != null && SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Ok && (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod)) { SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity); } } } } }