Exemplo n.º 1
0
        //validate that a user when logged will not try to use another tenant
        protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {
            //Since this method is called on every request
            //we want to fail as early as possible
            if (!Request.IsAuthenticated)
            {
                return;                          //Check issues when not authenticated and doing logoff on old page
            }
            //ignore static resources
            var matchesStaticResource = RegexStaticResource.IsMatch(Context.Request.FilePath);

            if (matchesStaticResource)
            {
                return;
            }

            //Forms auth ticket
            var formsId = Context.User.Identity as FormsIdentity;

            if (formsId == null)
            {
                return;
            }

            //redirect by authorization exception to login page
            if (Request.Url.AbsolutePath.Contains(FormsAuthentication.LoginUrl))
            {
                return;
            }

            var currentTenant = TenantHelper.GetCurrentTenantFormUrl(this.Context);

            if (TenantHelper.ValidateTenant(currentTenant, formsId))
            {
                return;
            }

            //The user is attempting to access a different tenant
            //than the one they logged into so sign them out
            //an and redirect to the home page of the new tenant
            //where they can sign back in (if they are authorized!)

            FormsAuthentication.SignOut();
            HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), new string[] { });
            this.Response.Redirect("/" + currentTenant + "/" + Areas.UserManagementUI.AreaPortableName.AreaName);
        }