protected override bool AuthorizeCore(HttpContextBase httpContext) { var routeValues = HttpContext.Current.Request.RequestContext.RouteData.Values; controller = (string)routeValues["controller"]; action = (string)routeValues["action"]; bool Authorize = false; if (HttpContext.Current.Session == null || HttpContext.Current.Session["UserId"] == null) { return(Authorize); } if (!long.TryParse(HttpContext.Current.Session["UserId"].ToString(), out userId)) { userId = 0; } if (HttpContext.Current.Session == null || HttpContext.Current.Session["UserId"] == null || userId == 0 || string.IsNullOrEmpty(controller) || string.IsNullOrEmpty(action)) { //do nothing } else { BasicAuthorizer _BA = new BasicAuthorizer(); var _UserAuthorization = new UserAuthorizationParam() { UserId = userId, AssetItem = controller, PermittedAction = action, }; if (_BA.IsAuthorized(_UserAuthorization)) { Authorize = true; } } return(Authorize); }
public bool IsAuthorized(UserAuthorizationParam UserAuthor) { bool IsPermitted = false; using (var db = new UKareEntities()) { var aUser = db.Users.Where(p => p.Id == UserAuthor.UserId).FirstOrDefault(); if (aUser != null) { var userRoleId = aUser.RoleId; var userPermissions = db.Permissions.Where(p => p.RoleId == userRoleId).ToList(); IsPermitted = userPermissions.Any(up => up.ActionName.Equals(UserAuthor.PermittedAction, StringComparison.InvariantCultureIgnoreCase) && up.ActionName.Equals(UserAuthor.PermittedAction, StringComparison.InvariantCultureIgnoreCase)); return(IsPermitted); } } return(IsPermitted); }