public static string AuthorizedAction(this UrlHelper url, string action, string controller)
{
if (GenFx.IsUserAuthorized(action, controller))
{
//Authorized => let him in
return(url.Action(action, controller));
}
return(url.Action("AccessDenied", "Error"));
}
public static MvcHtmlString Authorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (GenFx.IsUserAuthorized(actionName, controllerName))
{
//Authorized => let him in
return(htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes));
}
return(MvcHtmlString.Empty);
}
return(MvcHtmlString.Empty);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var authorized = base.AuthorizeCore(httpContext);
if (!authorized)
{
// The user is not authenticated
return(false);
}
var rd = httpContext.Request.RequestContext.RouteData;
string currentAction = rd.GetRequiredString("action");
string currentController = rd.GetRequiredString("controller");
string currentArea = rd.DataTokens["area"] as string;
//check if the logged in user has access to this page
if (GenFx.IsUserAuthorized(currentAction, currentController))
{
//Authorized => let him in
return(true);
}
return(false);
}
