private bool IsAuthorized(IPrincipal user, out IPrincipal authorizedUser) { bool isAuthorized = false; if (user != null && user.Identity.IsAuthenticated && user.Identity is System.Web.Security.FormsIdentity) { // we are authenticated, so let's check whether the cookie has the correct format WMUserPrincipal principal; try { principal = new WMUserPrincipal((FormsIdentity)user.Identity); authorizedUser = principal; } catch (Exception) { // this means we have a dodgy session cookie, so redirect authorizedUser = WMUserPrincipal.AnonymousInstance; return(false); } IWorkmateMembershipProvider provider = InstanceContainer.WorkmateMembershipProvider; if (principal.WMUserIdentity.LastRecordCheckUtc.AddSeconds(provider.LastRecordCheckWindowInSeconds) < DateTime.UtcNow) { IUserBasic userBasic = provider.GetUserBasic(principal.WMUserIdentity.UserId, true); if (userBasic != null) { this.UpdateAuthenticationCookie(userBasic); isAuthorized = true; } } else if (FormsAuthentication.SlidingExpiration) {// refresh the cookie if we have sliding expiration // check whether we should update the last activity date if (principal.WMUserIdentity.LastActivityUpdate.AddSeconds(provider.LastActivityUpdateWindowInSeconds) < DateTime.UtcNow) { // we have to update the lastactivity date... IUserBasic userBasic = provider.GetUserBasic(principal.WMUserIdentity.UserId, true); if (userBasic != null) { this.UpdateAuthenticationCookie(userBasic); isAuthorized = true; } } else { // refresh the cookie this.RefreshAuthenticationCookie(principal.WMUserIdentity); isAuthorized = true; } } } else { authorizedUser = WMUserPrincipal.AnonymousInstance; } return(isAuthorized); }
static WMUserPrincipal() { _AnonymousInstance = new WMUserPrincipal( WMUserIdentity.Create(UserBasic.GetAnonymousUserInstance() , false , DateTime.MinValue , DateTime.MinValue)); }