public override void OnAuthorization(AuthorizationContext filterContext) { var isAuthencicated = false; if (filterContext.HttpContext.Request.IsAuthenticated) { var authorizedRoles = AuthorizedRoles.Split(','); if (authorizedRoles.Length > 0) { if (CurrentUser.Roles != null) { foreach (var role in CurrentUser.Roles) { if (authorizedRoles.Contains(role)) { isAuthencicated = true; } } } } else { isAuthencicated = true; } } if (!isAuthencicated) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Error", action = "Index" })); } base.OnAuthorization(filterContext); }
/// <summary> /// Checks whether user is authorized per project access. /// </summary> public bool IsAuthorizedPerProjectAccess() { // Keep current user var cui = MembershipContext.AuthenticatedUser; // Switch by create project option switch (ProjectAccess.ToLowerCSafe()) { // All users case "all": return(true); // Authenticated users case "authenticated": if (!cui.IsPublic()) { return(true); } break; // Group members case "groupmember": if (CommunityGroupID > 0) { return(cui.IsGroupMember(CommunityGroupID)); } break; // Authorized roles case "authorized": // Check whether roles are defined if (!String.IsNullOrEmpty(AuthorizedRoles)) { // Check whether user is valid group member if current project is assigned to some group if (CommunityGroupID > 0) { if (!cui.IsGroupMember(CommunityGroupID)) { return(false); } } // Keep site name string siteName = SiteContext.CurrentSiteName; // Split roles by semicolon string[] roles = AuthorizedRoles.Split(';'); // Loop thru all roles and check if user is assigned at leat to one role foreach (string role in roles) { // If user is in role, break current cycle and return true if (cui.IsInRole(role, siteName)) { return(true); } } } break; // Nobody case "nobody": default: return(false); } return(false); }
/// <summary> /// Called by the MVC framework before the action method executes. /// </summary> /// <param name="filterContext">The filter context.</param> public override void OnActionExecuting(ActionExecutingContext filterContext) { if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { if (OnlyAllowUnauthenticatedUsers) { return; } //use the current url for the redirect string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath; //send them off to the login page string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess); string loginUrl = FormsAuthentication.LoginUrl + redirectUrl; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(loginUrl, true); return; } else //User is authenticated { var httpContext = new HttpContextWrapper(HttpContext.Current); var requestContext = new RequestContext(httpContext, new RouteData()); var u = new UrlHelper(requestContext); if (OnlyAllowUnauthenticatedUsers) { filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true); return; } //Unauthorized roles bool isUnAuthorized = false; if (!string.IsNullOrEmpty(UnauthorizedRoles)) { if (!(UnauthorizedRoles.Trim() == "")) { var roleSplit = UnauthorizedRoles.Split(','); foreach (var role in roleSplit) { if (filterContext.HttpContext.User.IsInRole(role.Trim())) { isUnAuthorized = true; break; } } } } if (isUnAuthorized) { filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true); return; } //Authorized roles bool isAuthorized = false; if (!string.IsNullOrEmpty(AuthorizedRoles)) { if (!(AuthorizedRoles.Trim() == "")) { var roleSplit = AuthorizedRoles.Split(','); foreach (var role in roleSplit) { if (filterContext.HttpContext.User.IsInRole(role.Trim())) { isAuthorized = true; break; } } } } else { isAuthorized = true; } if (!isAuthorized) { filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true); return; } } }
/// <summary> /// Called by the MVC framework before the action method executes. /// </summary> /// <param name="filterContext">The filter context.</param> public override void OnActionExecuting(ActionExecutingContext filterContext) { if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { if (OnlyAllowUnauthenticatedUsers) { return; } //use the current url for the redirect string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath; //send them off to the login page string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess); string loginUrl = FormsAuthentication.LoginUrl + redirectUrl; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(loginUrl, true); return; } else //User is authenticated { var httpContext = new HttpContextWrapper(HttpContext.Current); var requestContext = new RequestContext(httpContext, new RouteData()); var u = new UrlHelper(requestContext); if (OnlyAllowUnauthenticatedUsers) { filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true); return; } if (!AuthorizeSuspended && !filterContext.HttpContext.User.IsInRole(RoleNames.ActiveUser)) { //Is suspended filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("ShowSuspensionStatus", "Account"), true); return; } if (!AuthorizeEmailNotConfirmed && filterContext.HttpContext.User.IsInRole(RoleNames.EmailNotConfirmed) && ConfigurationManager.AppSettings["RequireEmailConfirmation"] == "true") { //Email hasn't been confirmed filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("ShowEmailAddressVerificationStatus", "Account"), true); return; } //Unauthorized roles bool isUnAuthorized = false; if (!string.IsNullOrEmpty(UnauthorizedRoles)) { if (!(UnauthorizedRoles.Trim() == "")) { var roleSplit = UnauthorizedRoles.Split(','); foreach (var role in roleSplit) { if (filterContext.HttpContext.User.IsInRole(role.Trim())) { isUnAuthorized = true; break; } } } } if (isUnAuthorized) { filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true); return; } //Authorized roles bool isAuthorized = false; if (!string.IsNullOrEmpty(AuthorizedRoles)) { if (!(AuthorizedRoles.Trim() == "")) { var roleSplit = AuthorizedRoles.Split(','); foreach (var role in roleSplit) { if (filterContext.HttpContext.User.IsInRole(role.Trim())) { isAuthorized = true; break; } } } } else { isAuthorized = true; } if (!isAuthorized) { filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.Redirect(u.Action("Forbidden", "Error"), true); return; } } }