//OR: Application_PostAuthenticateRequest
protected void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs e)
{
if (FormsAuthentication.CookiesSupported == true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
try
{
//Discover user's name
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string roles = string.Empty;
//using (userDbEntities entities = new userDbEntities())
//{
// User user = entities.Users.SingleOrDefault(u => u.username == username);
// roles = user.Roles;
//}
////let us extract the roles from our own custom cookie
var context = new EAFormDBContext();
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));
var RoleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(context));
//Query UserManager to discover role(s) for this user to store in IPrincipal
ApplicationUser appUser = UserManager.FindByName(username);
if (appUser == null)
{
//They've logged in BUT are not in any of our lists
Elmah.ErrorSignal.FromCurrentContext().Raise(new Exception("Logged in user does not have a role. User name = " + username));
}
else
{
var delim = "";
foreach (var role in appUser.Roles)
{
roles += delim + role.Role.Name;
delim = ";";
}
}
//Set the Pricipal with roles
e.User = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
}
catch (Exception ex)
{
Elmah.ErrorSignal.FromCurrentContext().Raise(ex);
}
}
}
}
public static bool IsInRole(string roles)
{
string[] rolesArray = roles.Split(',');
var context = new EAFormDBContext();
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));
ApplicationUser appUser = UserManager.FindByName(HttpContext.Current.User.Identity.GetUserName());
if (appUser != null)
{
foreach (var roleObj in appUser.Roles)
{
if (rolesArray.Contains(roleObj.Role.Name))
return true;
//if (roleObj.Role.Name == role)
// return true;
}
}
return false;
}
//We had to override this method because the .NET CAS client does not
//support the "User.IsInRole" method
//
//TO DO: remove this functionality and go back to User.IsInRole once the CAS
//client has been written to support this. This is inefficient because it queries the DB
//everytime.
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
IPrincipal user = httpContext.User;
if (!user.Identity.IsAuthenticated)
{
return false;
}
var _usersSplit = SplitString(this.Users);
var _rolesSplit = SplitString(this.Roles);
if (_usersSplit.Length > 0 && !_usersSplit.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase))
{
return false;
}
if (_rolesSplit.Length > 0)
{
var context = new EAFormDBContext();
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));
ApplicationUser appUser = UserManager.FindByName(user.Identity.Name); //(HttpContext.Current.User.Identity.GetUserName());
if (appUser != null)
{
foreach (var roleObj in appUser.Roles)
{
foreach (var passedInRole in _rolesSplit)
if (roleObj.Role.Name == passedInRole)
return true;
}
}
return false;
}
return true;
}
public override bool IsValid(object value)
{
IPrincipal user = HttpContext.Current.User;
var RolesArray = Roles.Split(',');
if (RolesArray.Length > 0)
{
var context = new EAFormDBContext();
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));
ApplicationUser appUser = UserManager.FindByName(user.Identity.Name);
if (appUser == null || appUser.Roles == null)
return false;
foreach (var roleObj in appUser.Roles)
{
foreach (var passedInRole in RolesArray)
if (roleObj.Role.Name == passedInRole)
return true;
}
return false;
}
return false;
}