public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var controller = (Controller)context.Controller;
var method = ((ControllerActionDescriptor)context.ActionDescriptor).MethodInfo;
var controllerLevelAuthorize = controller.GetType().GetCustomAttribute <UserRoleMiddlewareAttribute>();
var actionLevelAuthorize = method.GetCustomAttribute <UserRoleMiddlewareAttribute>();
if (controllerLevelAuthorize == null && actionLevelAuthorize == null)
{
await next();
}
else
{
var requestRole = controllerLevelAuthorize?.Role ?? actionLevelAuthorize.Role;
// Try to get username/password from session
var userInfo = _sessionUtility.GetUserInfo(context.HttpContext.Session);
var result = await _identityLogic.Validate(userInfo.Username, userInfo.Password, userInfo.Role, requestRole);
// Validate username/password
if (result)
{
await next();
}
else
{
// Redirect to not-authenticated
context.HttpContext.Response.Redirect(_simpleAuthorizeInfo.RedirectToUponNotAuthorized);
}
}
}