Exemplo n.º 1
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var isAuthorized = base.AuthorizeCore(httpContext);

            //Redirect("~/Account/NotAuthorized");

            //return false;

            //IIS lost the user session, however user still logged in via cookie
            if (isAuthorized)
            {
                var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
                FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

                //Wrong cookie
                if (HttpContext.Current.User.Identity.Name != ticket.Name)
                {
                    httpContext.Response.Redirect(RedirectUrl);
                    return(false);
                }
                //Check for "remember me" checkbox
                if (!ticket.IsPersistent)
                {
                    return(false);
                }
                var userData = string.Empty;
                try
                {
                    userData = ApplicationModel.Decrypt(ticket.UserData, "{3F4E0AA1-2D03-4210-942D-9C1F30F75E2C}");
                }
                catch (Exception ex)
                {
                    //invalid cookie data, tampering?
                    httpContext.Response.Redirect(RedirectUrl);
                    return(false);
                }

                if (userData.Length <= 4 || !userData.Substring(0, 4).IsNumeric())
                {
                    httpContext.Response.Redirect(RedirectUrl);
                    return(false);
                }

                var season   = userData.Substring(0, 4);
                var password = userData.Substring(4);

                //var x = new AuthenticationDomainService();
                //x.ValidateUser1(ticket.Name, password);

                User user = null;
                user = new User()
                {
                    Name = HttpContext.Current.User.Identity.Name
                };

                //	user = S.Security.Default.GetAuthenticatedUser(user);

                // var locale = "en-ZA";
                //PalBrokerDomainService.StoreUserMetadata(user, locale, season, "NOT_SILVERLIGHT");
            }

            if (!isAuthorized)
            {
                //return RedirectToAction("NotAuthorized", "Account", new { area = string.Empty });

                return(false);
            }

            return(true);
        }