示例#1
0
 public int GetCurrentPageAccessLevel(HRR.Core.Security.ISecurityContext securityContext)
 {
     //var pageUser = new PageRepository().getb(securityContext.CurrentPage.ID, securityContext.CurrentUser.ID);
     //if there is page level security, return access level
     //if (pageUser != null)
     //{
     //    return pageUser.AccessLevel;
     //}
     ////else, loop through the current user's module access and if user has access to the current page module, return access level
     //foreach (var m in securityContext.CurrentUser.UserModules)
     //{
     //    if (securityContext.CurrentPage.ModuleID == m.ModuleID)
     //    {
     //        return m.AccessLevel;
     //    }
     //}
     //otherwise no access.
     return((int)AccessLevels.NOACCESS);
 }
示例#2
0
        public AuthenticationResponse AuthenticateUser(string userName, string password, string url, HRR.Core.Security.ISecurityContext securityContext)
        {
            var u        = new PersonServices().GetByEmailPassword(userName, SecurityUtils.GetMd5Hash(password));
            var response = new AuthenticationResponse();

            if (u != null)
            {
                if (!u.IsActive)
                {
                    response.IsAuthenticated    = false;
                    response.CurrentAccessLevel = AccessLevels.NOACCESS;
                    response.Message            = "Your account has been marked as inactive.";
                }
                else
                {
                    CreateAuthenticationTicket(u.Email, u.ID.ToString(), DateTime.Now.AddMinutes(480), url);
                    securityContext.CurrentUser     = u;
                    securityContext.IsAuthenticated = true;
                    response.IsAuthenticated        = true;
                    response.CurrentAccessLevel     = AccessLevels.FULLACCESS;
                    //new UserRepository().SaveOrUpdate(u);
                    //UserServices.LoadUserPreferences(SecurityContextManager.Current.CurrentUser);
                }
            }
            else
            {
                securityContext.IsAuthenticated = false;
                response.IsAuthenticated        = false;
                securityContext.CurrentUser     = null;
                response.Message = "Invalid username or password.  Please try again.";
            }

            return(response);
        }