protected override void OnAuthorization(AuthorizationContext filterContext)
{
// No need to create a new principal object if it already exists (child actions)
if (filterContext.HttpContext.User is UserPrincipal)
{
base.OnAuthorization(filterContext);
return;
}
User user = null;
if (filterContext.HttpContext.User != null && filterContext.HttpContext.User.Identity.IsAuthenticated && filterContext.HttpContext.User.Identity.AuthenticationType == "Forms")
{
var userService = ObjectFactory.GetInstance<IUserService>();
user = userService.GetByUsername(filterContext.HttpContext.User.Identity.Name);
// Something happened to their account - log them out
if (user == null || user.IsDeleted)
{
// Since this is a rarity, I'm not going to force very controller to inject the userservice in the constructor
var authService = ObjectFactory.GetInstance<IUserAuthenticationService>();
authService.Logout();
filterContext.HttpContext.User = null;
}
}
if (user == null)
{
user = new User();
}
var identity = filterContext.HttpContext.User != null ? filterContext.HttpContext.User.Identity : new GenericIdentity(user.Username ?? string.Empty);
filterContext.HttpContext.User = new UserPrincipal(user, identity);
Thread.CurrentPrincipal = filterContext.HttpContext.User;
base.OnAuthorization(filterContext);
}
public override void Setup()
{
base.Setup();
User = Generator.SetupUser(x =>
{
x.Username = "******";
x.IsAdmin = true;
});
Controller = new HomeController(Db, Cache, Metrics);
ControllerUtilities.SetupControllerContext(Controller, User);
}
public void SetLoginCookie(User user, bool rememberMe)
{
FormsAuthentication.SetAuthCookie(user.Username, rememberMe);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//If not authenticated, it might be a request from flash in Firefox, so get the auth token passed in to create Identity
if (!httpContext.Request.IsAuthenticated)
{
var token = httpContext.Request.Params[TokenKey];
if (token != null)
{
var ticket = FormsAuthentication.Decrypt(token);
if (ticket != null)
{
var identity = new FormsIdentity(ticket);
httpContext.User = new GenericPrincipal(identity, null); //this doesn't need to be a UserPrincipal, because that will happen below
}
}
}
if (!httpContext.Request.IsAuthenticated)
return false;
// If it's not a UserPrincipal, we need to create it (b/c this happens before BaseController.OnAuthorization)
if (!(httpContext.User is UserPrincipal))
{
User user = null;
if (httpContext.User.Identity.IsAuthenticated && httpContext.User.Identity.AuthenticationType == "Forms")
{
using (var db = ObjectFactory.GetInstance<SqlConnection>())
{
db.Open();
var userService = new UserService(db, Cache);
user = userService.GetByUsername(httpContext.User.Identity.Name);
}
if (user == null || user.IsDeleted)
return false;
}
else
{
user = new User();
}
var identity = httpContext.User != null ? httpContext.User.Identity : new GenericIdentity(user.Username ?? string.Empty);
httpContext.User = new UserPrincipal(user, identity);
Thread.CurrentPrincipal = httpContext.User;
}
var userObject = httpContext.User as UserPrincipal;
return !RequireAdmin || userObject.IsAdmin;
}
public UserPrincipal(User user, IIdentity identity)
{
UserObject = user;
Identity = identity;
}
public PasswordRetrieval(User user, Guid token)
: this(user)
{
Token = token;
}
public PasswordRetrieval(User user)
{
UserId = user.Id;
}
