public override void OnAuthorization(AuthorizationContext filterContext) { try { var request = filterContext.HttpContext.Request; if (SessionData.CurrentUser != null && SessionData.CurrentUser.Type == (decimal)Common.CommonData.CommonEnums.UserType.Customer) { if (SessionData.CurrentUser.loginfirst == 0 && request.AppRelativeCurrentExecutionFilePath.Contains("CUSTOMER/QUAN-LY-CUSTOMER/GET-VIEW-TO-EDIT-CUSTOMER") == false && request.AppRelativeCurrentExecutionFilePath.Contains("ACCOUNT/DANG-XUAT") == false && request.AppRelativeCurrentExecutionFilePath.ToUpper().Contains("CUSTOMER/QUAN-LY-CUSTOMER") == false) { filterContext.Result = new RedirectResult("~/customer/quan-ly-customer/get-view-to-edit-customer/" + SessionData.CurrentUser.Id.ToString()); } } if (SessionData.CurrentUser != null) { string language = WebApps.CommonFunction.AppsCommon.GetCurrentLang(); string sessionLanguage = SessionData.CurrentUser.Language; if (language != sessionLanguage) { SessionData.CurrentUser.Language = language; var userBL = new BussinessFacade.ModuleUsersAndRoles.UserBL(SessionData.CurrentUser); SessionData.CurrentUser.HtmlMenu = userBL.GetUserHtmlMenu(language); } } // Only validate POSTs if (request.HttpMethod != WebRequestMethods.Http.Post) { return; } if (postAuthorized) { DeAuthorizedPost(); return; } // Ajax POSTs and normal form posts have to be treated differently when it comes // to validating the AntiForgeryToken if (request.IsAjaxRequest()) { var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName]; var cookieValue = antiForgeryCookie?.Value; AntiForgery.Validate(cookieValue, request.Headers["__RequestVerificationToken"]); } else { new ValidateAntiForgeryTokenAttribute().OnAuthorization(filterContext); } } catch (Exception) { // Ignored } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { bool _IsLoggedInAndHadRight = true; string _RedirectTo = "/account/login"; string _url = ((System.Web.Routing.Route)filterContext.RequestContext.RouteData.Route).Url.ToUpper(); if (SessionData.CurrentUser != null && SessionData.CurrentUser.Type == (decimal)Common.CommonData.CommonEnums.UserType.Customer) { if (SessionData.CurrentUser.loginfirst == 0 && _url.Contains("CUSTOMER/QUAN-LY-CUSTOMER/GET-VIEW-TO-EDIT-CUSTOMER") == false && _url.Contains("ACCOUNT/DANG-XUAT") == false && _url.Contains("CUSTOMER/QUAN-LY-CUSTOMER") == false) { filterContext.Result = new RedirectResult("~/customer/quan-ly-customer/get-view-to-edit-customer/" + SessionData.CurrentUser.Id.ToString()); } } if (SessionData.CurrentUser == null && _url.ToLower().Contains("quan-ly-tin") == false && _url.ToLower().Contains("wiki-view") == false && _url.ToLower().Contains("language") == false && _url.ToLower().Contains("login") == false && _url.ToLower().Contains("dang-nhap") == false && _url.ToLower().Contains("dang-nhap") == false && _url.ToLower().Contains("account") == false && _url.ToLower().Contains("quen-mat-khau") == false) { _IsLoggedInAndHadRight = false; } else if (SessionData.CurrentUser != null) { string language = WebApps.CommonFunction.AppsCommon.GetCurrentLang(); string sessionLanguage = SessionData.CurrentUser.Language; if (language != sessionLanguage) { SessionData.CurrentUser.Language = language; var userBL = new BussinessFacade.ModuleUsersAndRoles.UserBL(SessionData.CurrentUser); SessionData.CurrentUser.HtmlMenu = userBL.GetUserHtmlMenu(language); } } if (_IsLoggedInAndHadRight == false) { if (filterContext.HttpContext.Request.IsAjaxRequest() == true) { filterContext.HttpContext.Response.StatusCode = 403; filterContext.Result = new JsonResult { Data = "Session_TimeOut" }; } else { filterContext.Result = new RedirectResult(_RedirectTo); } } else { // Continue action base.OnActionExecuting(filterContext); } }