protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { bool isAuthorized = false; NewhlSecurityPrincipal currentPrincipal = CookieAuthenticationParser.ParseCookie(HttpContext.Current.Request.Cookies); isAuthorized = this.IsUserAuthorized(currentPrincipal); return(isAuthorized); }
public override void OnAuthorization(AuthorizationContext filterContext) { bool isAuthorized = false; NewhlSecurityPrincipal currentPrincipal = CookieAuthenticationParser.ParseCookie(filterContext.RequestContext.HttpContext.Request.Cookies); isAuthorized = this.IsUserAuthorized(currentPrincipal); if (isAuthorized == false) { // not allowed to proceed filterContext.Result = new RedirectResult(Constants.LoginRoute); } }
private bool IsUserAuthorized(NewhlSecurityPrincipal securityPrincipal) { bool retVal = false; try { if (securityPrincipal != null) { if (string.IsNullOrEmpty(this.Roles)) { // no required roles allow everyone. But since this is being flagged at all // we want to be sure that the useris at least logged in if (securityPrincipal != null) { if (securityPrincipal.IsAuthenticated == true) { retVal = true; } } } else { string[] roleList = this.Roles.Split(','); foreach (string role in roleList) { retVal = securityPrincipal.IsInRole(role); if (retVal) { break; } } } } } catch (Exception e) { LogManager.GetLogger().Error(e); } return(retVal); }
public static NewhlSecurityPrincipal ParseCookie(HttpCookieCollection cookies) { // Get the authentication cookie string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = cookies[cookieName]; NewhlSecurityPrincipal retVal = null; IServiceManager serviceManager = ServiceManagerBuilder.CreateServiceManager(); if (authCookie != null) { if (authCookie.Value != string.Empty) { try { // Get the authentication ticket // and rebuild the principal & identity FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); AMFUserLogin currentUser = serviceManager.UserService.GetUserById(int.Parse(authTicket.Name)); retVal = new NewhlSecurityPrincipal(currentUser); } catch (Exception e) { retVal = new NewhlSecurityPrincipal(null); } } } else { retVal = new NewhlSecurityPrincipal(null); } System.Threading.Thread.CurrentPrincipal = retVal; HttpContext.Current.User = retVal; return(retVal); }