private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
try
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
return;
}
var encTicket = authCookie.Value;
if (String.IsNullOrEmpty(encTicket))
{
return;
}
var ticket = FormsAuthentication.Decrypt(encTicket);
var securityUtilities = new SecurityUtilities();
var identity = securityUtilities.FormsAuthTicketToIdentity(ticket);
var principal = new GenericPrincipal(identity, identity.Roles);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
catch (Exception ex)
{
}
}
public void OnAuthorization(AuthorizationContext filterContext)
{
try
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
var encTicket = authCookie?.Value;
if (String.IsNullOrEmpty(encTicket))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "controller", "Account" },
{ "action", "SignIn" }
});
return;
}
var ticket = FormsAuthentication.Decrypt(encTicket);
var securityUtilities = new SecurityUtilities();
var identity = securityUtilities.FormsAuthTicketToIdentity(ticket);
var principal = new GenericPrincipal(identity, identity.Roles);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
catch
{
// ignored
}
}
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
try
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
return;
}
var encTicket = authCookie.Value;
if (String.IsNullOrEmpty(encTicket))
{
return;
}
var ticket = FormsAuthentication.Decrypt(encTicket); // bileti çöz.
var securityUtilities = new SecurityUtilities();
var identity = securityUtilities.FormsAuthTicketToIdentity(ticket); // Çözülmüþ ticket'dan identity oluþturuyoruz.
var principal = new GenericPrincipal(identity, identity.Roles); // principal oluþturuyoruz.
HttpContext.Current.User = principal; // Web'de kullaným için.
Thread.CurrentPrincipal = principal; // Back-end' de kullaným için.
}
catch (Exception)
{
}
}
//erişebilir oldugu zamn
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
try
{
//FormsAuthentication.FormsCookieName isminle bir cookie oluşturacagımız soylemsıtık
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
//bos sa dondur
if (authCookie == null)
{
return;
}
var encticket = authCookie.Value;
//bos sa dondur
if (String.IsNullOrEmpty(encticket))
{
return;
}
var ticket = FormsAuthentication.Decrypt(encticket);
var securityUrlities = new SecurityUtilities();
var identity = securityUrlities.FormsAuthTicketToIdentity(ticket);
var principal = new GenericPrincipal(identity, identity.Roles);
//backend ve fronted tarafında erişim işlemleri için
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
catch (Exception)
{
}
}
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
//Web için gerekli olan cookie de ki bilgileri alıp role karşılaştırması ile principal oluşturduk artık kullanıcımızın bilgilerine erişebiliriz.
try
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
return;
}
var encTicket = authCookie.Value;
if (String.IsNullOrEmpty(encTicket))
{
return;
}
var ticket = FormsAuthentication.Decrypt(encTicket);
var securityUtilities = new SecurityUtilities();
var identity = securityUtilities.FormsAuthTicketToIdentity(ticket);
var principal = new GenericPrincipal(identity, identity.Roles);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
catch (Exception)
{
}
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
// ... log stuff before execution
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated == false)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" },
{ "action", "Index" }
});
return;
}
try
{
var authCookie = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
return;
}
var encTicket = authCookie.Value;
if (string.IsNullOrEmpty(encTicket))
{
return;
}
var ticket = FormsAuthentication.Decrypt(encTicket);
var securityUtilies = new SecurityUtilities();
var identity = securityUtilies.FormsAuthTicketToIdentity(ticket);
var principal = new GenericPrincipal(identity, identity.Roles);
if (!string.IsNullOrEmpty(identity.Name) && !string.IsNullOrEmpty(identity.Email))
{
IUserService userService = IstanceFactory.GetIstance <IUserService>();
var result = userService.GetByUserForId(identity.Id);
if (result != null)
{
_BaseUser = new User
{
FirstName = result.FirstName,
LastName = result.LastName,
Email = identity.Email,
Id = result.Id
};
ViewBag.UserFirstName = _BaseUser.FirstName;
ViewBag.UserLastName = _BaseUser.LastName;
}
}
}
catch (Exception)
{
}
}
////herhangi bir sayfaya istek(request geldiğinde) çalışır
//kişinin authantikasyon bilgilerine erişebildiği zamana karşılık gelir
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
try
{
//AuthenticationHelper classında cookieye değer atamıştık.bunu burda kullanıyoruz.---> HttpContext.Current.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
return;
}
var encTicket = authCookie.Value;//şifreli veri
if (String.IsNullOrEmpty(encTicket))
{
return;
}
//şifreli veriyi çözüyoruz
var ticket = FormsAuthentication.Decrypt(encTicket);
//şifreli ticket verisini önce çözüyoruz daha sonra SecurityUtilities helper classı yardımıyla Identity classına atama(doldurma) işlemi yapıyoruz
var securityUtlities = new SecurityUtilities();
var identity = securityUtlities.FormsAuthTicketToIdentity(ticket);
var principal = new GenericPrincipal(identity, identity.Roles);
//System.Threading.Thread.CurrentPrincipal.IsInRole(roles[i])
//SecuredOperationAspect classında yukarıdaki gibi bir kullanım yapmıştık.Bunu aşağıda dolduruyoruz
//Mvc arayüzünde kullanabilmek için
HttpContext.Current.User = principal; //web uygulamalarında(MVC,ASP.NET GİBİ) kullanabilmek için böyle bir atama yapıyoruz.
//Backendde kullabilmek için (Business katmanında kullanabiliriz)
Thread.CurrentPrincipal = principal; //backend içinse böyle bir atama yapıyoruz.Örneğin masaüstü yazılım yada mobile uyglama gibi sistemlerde authentication işlemlerde kullanabilmek için.
}
catch (Exception)
{
}
}
//Kiþinin authentication bilgilerinin ulaþýlabilir olduðu zamana denk gelen metot
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
//sisteme hata verdirmeye çalýþan hackleme iþlemleri vs için defensive programing
try
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
{
return;
}
var encTicket = authCookie.Value;
if (string.IsNullOrEmpty(encTicket))
{
return;
}
var ticket = FormsAuthentication.Decrypt(encTicket);
//Þimdi bu ticketi alýp securityutilitiesi kullanarak identitye çevirmemiz lazým
var securityUtilities = new SecurityUtilities();
var identity = securityUtilities.FormsAuthTicketToIdentity(ticket);
//Kullanýýcý için bir id oluþturma?
var principal = new GenericPrincipal(identity, identity.Roles);
//Mvc için User
HttpContext.Current.User = principal;
//Backendde bunu kullanabilsin diye(mesela business için)
Thread.CurrentPrincipal = principal;
}
catch (Exception)
{
throw;
}
}
