protected override void OnAuthorization(AuthorizationContext filterContext) { // No need to create a new principal object if it already exists (child actions) if (filterContext.HttpContext.User is UserPrincipal) { base.OnAuthorization(filterContext); return; } User user = null; if (filterContext.HttpContext.User != null && filterContext.HttpContext.User.Identity.IsAuthenticated && filterContext.HttpContext.User.Identity.AuthenticationType == "Forms") { var userService = ObjectFactory.GetInstance<IUserService>(); user = userService.GetByUsername(filterContext.HttpContext.User.Identity.Name); // Something happened to their account - log them out if (user == null || user.IsDeleted) { // Since this is a rarity, I'm not going to force very controller to inject the userservice in the constructor var authService = ObjectFactory.GetInstance<IUserAuthenticationService>(); authService.Logout(); filterContext.HttpContext.User = null; } } if (user == null) { user = new User(); } var identity = filterContext.HttpContext.User != null ? filterContext.HttpContext.User.Identity : new GenericIdentity(user.Username ?? string.Empty); filterContext.HttpContext.User = new UserPrincipal(user, identity); Thread.CurrentPrincipal = filterContext.HttpContext.User; base.OnAuthorization(filterContext); }
public override void Setup() { base.Setup(); User = Generator.SetupUser(x => { x.Username = "******"; x.IsAdmin = true; }); Controller = new HomeController(Db, Cache, Metrics); ControllerUtilities.SetupControllerContext(Controller, User); }
public void SetLoginCookie(User user, bool rememberMe) { FormsAuthentication.SetAuthCookie(user.Username, rememberMe); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { //If not authenticated, it might be a request from flash in Firefox, so get the auth token passed in to create Identity if (!httpContext.Request.IsAuthenticated) { var token = httpContext.Request.Params[TokenKey]; if (token != null) { var ticket = FormsAuthentication.Decrypt(token); if (ticket != null) { var identity = new FormsIdentity(ticket); httpContext.User = new GenericPrincipal(identity, null); //this doesn't need to be a UserPrincipal, because that will happen below } } } if (!httpContext.Request.IsAuthenticated) return false; // If it's not a UserPrincipal, we need to create it (b/c this happens before BaseController.OnAuthorization) if (!(httpContext.User is UserPrincipal)) { User user = null; if (httpContext.User.Identity.IsAuthenticated && httpContext.User.Identity.AuthenticationType == "Forms") { using (var db = ObjectFactory.GetInstance<SqlConnection>()) { db.Open(); var userService = new UserService(db, Cache); user = userService.GetByUsername(httpContext.User.Identity.Name); } if (user == null || user.IsDeleted) return false; } else { user = new User(); } var identity = httpContext.User != null ? httpContext.User.Identity : new GenericIdentity(user.Username ?? string.Empty); httpContext.User = new UserPrincipal(user, identity); Thread.CurrentPrincipal = httpContext.User; } var userObject = httpContext.User as UserPrincipal; return !RequireAdmin || userObject.IsAdmin; }
public UserPrincipal(User user, IIdentity identity) { UserObject = user; Identity = identity; }
public PasswordRetrieval(User user, Guid token) : this(user) { Token = token; }
public PasswordRetrieval(User user) { UserId = user.Id; }