public override MembershipUser GetUser(string username, bool userIsOnline)
{
MembershipDAO membershipDAO = new MembershipDAO();
string userName = membershipDAO.LoggedInUserName(username);
MembershipUser membershipUser = new MembershipUser(
this.Name,
userName,
null,
"",
"",
"",
false,
false,
DateTime.Now,
DateTime.Now,
DateTime.Now,
DateTime.Now,
DateTime.Now);
return(membershipUser);
}
public override bool ValidateUser(string username, string password)
{
MembershipDAO membershipDAO = new MembershipDAO();
return(membershipDAO.ValidateUser(username, password));
}
public void context_AuthorizeRequest(object sender, EventArgs e)
{
if (DisableNavigationSecurity())
{
HttpApplication application = (HttpApplication)sender;
HttpRequest request = application.Request;
HttpResponse response = application.Response;
string loginUrl = ConfigurationManager.AppSettings["LoginUrl"];
if (loginUrl == null || loginUrl.Trim() == String.Empty)
{
throw new Exception("LoginUrl entry not found in appSettings section of Web.config");
}
string errorUrl = ConfigurationManager.AppSettings["ErrorUrl"];
if (errorUrl == null || errorUrl.Trim() == String.Empty)
{
throw new Exception("ErrorUrl entry not found in appSettings section of Web.config");
}
int i = request.Path.LastIndexOf("/");
string page = request.Path.Substring(i + 1, (request.Path.Length - (i + 1)));
if (page != "WebResource.axd" && page != null)
{
int j = loginUrl.LastIndexOf("/");
string loginPage = loginUrl.Substring(j + 1, (loginUrl.Length - (j + 1)));
int k = errorUrl.LastIndexOf("/");
string errorPage = errorUrl.Substring(k + 1, (errorUrl.Length - (k + 1)));
int l = page.LastIndexOf(".");
string extension = "";
if (page.Length - (l + 1) < 4)
{
// URL string does not contain a Querystring
extension = page.Substring(l + 1, (page.Length - (l + 1)));
}
else
{
// URL string may contain a querystring therefore only extract the four characters
// that follow the last "."
extension = page.Substring(l + 1, 4);
}
// Only check authority of the page requested is not the login page
// Or the error page
// And has an .aspx extension
if (!(page.Trim().ToUpper().Equals(loginPage.ToUpper())) &&
!(page.Trim().ToUpper().Equals(errorPage.ToUpper())) &&
(extension.Trim().ToUpper().Equals("ASPX")))
{
MembershipDAO membershipDAO = new MembershipDAO();
if (!new Browser().IsDevice() ||
new Browser().IsDevice() &&
page.ToLower().Equals("home.aspx"))
{
page = "%/" + page;
}
//page = "%/" + page;
/**/
string applicationName = ConfigurationManager.AppSettings[Definitions.CONFIG_APPLICATION_NAME];
if (request.Path.ToLower().Contains("/dashboard/"))
{
applicationName = ConfigurationManager.AppSettings[Definitions.CONFIG_IHFDASH_APPLICATION_NAME];
}
/**/
if (!membershipDAO.AuthorisedToPage(application.User.Identity.Name, page, applicationName))
{
if (!System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
response.Redirect(request.ApplicationPath + loginUrl + "?ReturnUrl=" + request.Path, true);
}
else
{
throw new Exception("Not authorised to page!");
}
}
else
{
//_log.SaveUserActivity(new UserActivity
//{
// AppSystem = (int)ActivityLogEnum.AppSystem.OMS,
//});
}
}
}
}
}