Exemplo n.º 1
0
        public static bool ADValidateEnabled(Token t)
        {
            bool validated = false;

            try
            {
                //Get the Principal Context for AD
                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "AOC-resins.com");
                //Get the User Principal
                UserPrincipal principal = UserPrincipal.FindByIdentity(ctx, t.userName);
                //Is that user's account enabled
                validated = principal.Enabled.Value;
            }
            catch (Exception e)
            {
                validated = false;
            }

            if (!validated)
            {
                HallMonitor hm = new HallMonitor();
                hm.UserId         = t.userId;
                hm.Resource       = "Active Directory";
                hm.Action         = "ENABLED";
                hm.LogDescription = "User account has been disabled.  request for resources has been denied.";
                hm.LogActivity();
            }

            return(validated);
        }
Exemplo n.º 2
0
        public bool IsUserAuthorized(HttpActionContext actionContext)
        {
            var authHeader = FetchFromHeader(actionContext); //fetch authorization token from header

            if (authHeader != null)
            {
                Token userPayloadToken = TokenManager.extractPaylod(authHeader);


                if (userPayloadToken != null)
                {
                    //Make sure the user's account hasn't been disabled in the middle of a session
                    if (UserHelper.ADValidateEnabled(userPayloadToken))
                    {
                        //TODO: Determine whether the user has access to the requested resource

                        //Log the user activity
                        HallMonitor hm = new HallMonitor();

                        hm.UserId   = userPayloadToken.userId;
                        hm.Resource =
                            actionContext.Request.RequestUri.Segments[
                                actionContext.Request.RequestUri.Segments.Length - 1];
                        hm.Action = actionContext.Request.Method.Method;

                        hm.LogActivity();

                        #region comment

                        /*
                         *  For granular authorization
                         *  Get the Requested URI (what controller are we accessing)
                         *  and the Request Method (GET, POST, PUT, DELETE)
                         *
                         *  compare to the user's role and that role's accessibilities
                         *  if all is good (1 = 1) return true otherwise fall through and return false
                         */
                        #endregion
                        if (1 == 1)
                        {
                            return(true);
                        }
                    }
                    else
                    {
                        return(false);
                    }
                }
            }
            return(false);
        }