protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
var context = new HttpContextWrapper(HttpContext.Current);
if (!string.IsNullOrEmpty(AuthSettings.EnableAuth) &&
AuthSettings.EnableAuth.Equals(false.ToString(), StringComparison.OrdinalIgnoreCase))
{
context.User = new TryWebsitesPrincipal(new TryWebsitesIdentity("*****@*****.**", null, "Local"));
return;
}
if (!SecurityManager.TryAuthenticateSessionCookie(context))
{
// Support requests from non-browsers with bearer headers
if (context.IsClientPortalBackendRequest() && !context.IsBrowserRequest() &&
SecurityManager.TryAuthenticateBearer(context))
{
return;
}
if (SecurityManager.HasToken(context))
{
// This is a login
SecurityManager.AuthenticateRequest(context);
return;
}
var route = RouteTable.Routes.GetRouteData(context);
// If the route is not registered in the WebAPI RouteTable
// then it's not an API route, which means it's a resource (*.js, *.css, *.cshtml), not authenticated.
// If the route doesn't have authenticated value assume true
var isAuthenticated = route != null && ((route.Values["authenticated"] == null || (bool)route.Values["authenticated"]) && !(route.Values["action"] != null && String.Equals(route.Values["action"].ToString(), "All", StringComparison.OrdinalIgnoreCase)));
if (isAuthenticated)
{
SecurityManager.AuthenticateRequest(context);
}
else if (context.IsBrowserRequest())
{
SecurityManager.HandleAnonymousUser(context);
}
}
}
