示例#1
0
        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            bool isAuthorized = false;

            NewhlSecurityPrincipal currentPrincipal = CookieAuthenticationParser.ParseCookie(HttpContext.Current.Request.Cookies);

            isAuthorized = this.IsUserAuthorized(currentPrincipal);

            return(isAuthorized);
        }
示例#2
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            bool isAuthorized = false;

            NewhlSecurityPrincipal currentPrincipal = CookieAuthenticationParser.ParseCookie(filterContext.RequestContext.HttpContext.Request.Cookies);

            isAuthorized = this.IsUserAuthorized(currentPrincipal);

            if (isAuthorized == false)
            {
                // not allowed to proceed
                filterContext.Result = new RedirectResult(Constants.LoginRoute);
            }
        }
示例#3
0
        private bool IsUserAuthorized(NewhlSecurityPrincipal securityPrincipal)
        {
            bool retVal = false;

            try
            {
                if (securityPrincipal != null)
                {
                    if (string.IsNullOrEmpty(this.Roles))
                    {
                        // no required roles allow everyone.  But since this is being flagged at all
                        // we want to be sure that the useris at least logged in
                        if (securityPrincipal != null)
                        {
                            if (securityPrincipal.IsAuthenticated == true)
                            {
                                retVal = true;
                            }
                        }
                    }
                    else
                    {
                        string[] roleList = this.Roles.Split(',');

                        foreach (string role in roleList)
                        {
                            retVal = securityPrincipal.IsInRole(role);

                            if (retVal)
                            {
                                break;
                            }
                        }
                    }
                }
            }
            catch (Exception e)
            {
                LogManager.GetLogger().Error(e);
            }

            return(retVal);
        }
示例#4
0
        public static NewhlSecurityPrincipal ParseCookie(HttpCookieCollection cookies)
        {
            // Get the authentication cookie
            string                 cookieName = FormsAuthentication.FormsCookieName;
            HttpCookie             authCookie = cookies[cookieName];
            NewhlSecurityPrincipal retVal     = null;

            IServiceManager serviceManager = ServiceManagerBuilder.CreateServiceManager();

            if (authCookie != null)
            {
                if (authCookie.Value != string.Empty)
                {
                    try
                    {
                        // Get the authentication ticket
                        // and rebuild the principal & identity
                        FormsAuthenticationTicket authTicket =
                            FormsAuthentication.Decrypt(authCookie.Value);

                        AMFUserLogin currentUser = serviceManager.UserService.GetUserById(int.Parse(authTicket.Name));
                        retVal = new NewhlSecurityPrincipal(currentUser);
                    }
                    catch (Exception e)
                    {
                        retVal = new NewhlSecurityPrincipal(null);
                    }
                }
            }
            else
            {
                retVal = new NewhlSecurityPrincipal(null);
            }

            System.Threading.Thread.CurrentPrincipal = retVal;
            HttpContext.Current.User = retVal;

            return(retVal);
        }