/// <summary>
/// Authorizes the user
/// </summary>
/// <param name="e"></param>
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
try
{
Security.ValidateCurrentUser(new HttpContextWrapper(Context), true);
_hasValidated = true;
if (!Security.ValidateUserApp(CurrentApp))
{
var ex = new UserAuthorizationException(String.Format("The current user doesn't have access to the section/app '{0}'", CurrentApp));
LogHelper.Error <UmbracoEnsuredPage>(String.Format("Tried to access '{0}'", CurrentApp), ex);
throw ex;
}
}
catch
{
// Clear content as .NET transfers rendered content.
Response.Clear();
// Some umbraco pages should not be loaded on timeout, but instead reload the main application in the top window. Like the treeview for instance
if (RedirectToUmbraco)
{
Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?", true);
}
else
{
Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?redir=" + Server.UrlEncode(Request.RawUrl), true);
}
}
}
/// <summary>
/// Authorizes the user
/// </summary>
/// <param name="e"></param>
/// <remarks>
/// Checks if the page exists outside of the /umbraco route, in which case the request will not have been authenticated for the back office
/// so we'll force authentication.
/// </remarks>
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
//If this is not a back office request, then the module won't have authenticated it, in this case we
// need to do the auth manually and since this is an UmbracoEnsuredPage, this is the anticipated behavior
// TODO: When we implement Identity, this process might not work anymore, will be an interesting challenge
if (Context.Request.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath) == false)
{
var http = new HttpContextWrapper(Context);
var ticket = http.GetUmbracoAuthTicket();
http.AuthenticateCurrentRequest(ticket, true);
}
try
{
Security.ValidateCurrentUser(true);
_hasValidated = true;
if (!Security.ValidateUserApp(CurrentApp))
{
var ex = new UserAuthorizationException(String.Format("The current user doesn't have access to the section/app '{0}'", CurrentApp));
LogHelper.Error <UmbracoEnsuredPage>(String.Format("Tried to access '{0}'", CurrentApp), ex);
throw ex;
}
}
catch
{
// Clear content as .NET transfers rendered content.
Response.Clear();
// Some umbraco pages should not be loaded on timeout, but instead reload the main application in the top window. Like the treeview for instance
if (RedirectToUmbraco)
{
Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?t=" + Security.GetSessionId(), true);
}
else
{
Response.Redirect(SystemDirectories.Umbraco + "/logout.aspx?redir=" + Server.UrlEncode(Request.RawUrl) + "&t=" + Security.GetSessionId(), true);
}
}
}
