public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
var returnUrl = filterContext.HttpContext.Request.RawUrl;
LoggedUserInfo loggedUser = LoggedUserInfo.GetLoggedUserInfo();
if (loggedUser == null)
{
//if logged user info not avaliable
filterContext.Result = new RedirectResult(String.Concat("/login", "?ReturnUrl=", returnUrl));
}
else
{
//if logged user info avaliable
PostDbContext db = new PostDbContext();
string username = loggedUser.Username;
string passwordHash = loggedUser.PasswordHash;
int count = db.Users.Where(x => x.Username == username && x.Password == passwordHash).Count();
if (count != 1)
{
//if logged user password not match with orginal password
HttpContext.Current.Session.Abandon();
filterContext.Result = new RedirectResult(String.Concat("/login", "?ReturnUrl=", returnUrl));
}
}
}
public static void AddLoggedUserInfo(LoggedUserInfo item)
{
HttpContext.Current.Session["loggedUser"] = item;
}