public static bool ADValidateEnabled(Token t) { bool validated = false; try { //Get the Principal Context for AD PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "AOC-resins.com"); //Get the User Principal UserPrincipal principal = UserPrincipal.FindByIdentity(ctx, t.userName); //Is that user's account enabled validated = principal.Enabled.Value; } catch (Exception e) { validated = false; } if (!validated) { HallMonitor hm = new HallMonitor(); hm.UserId = t.userId; hm.Resource = "Active Directory"; hm.Action = "ENABLED"; hm.LogDescription = "User account has been disabled. request for resources has been denied."; hm.LogActivity(); } return(validated); }
public bool IsUserAuthorized(HttpActionContext actionContext) { var authHeader = FetchFromHeader(actionContext); //fetch authorization token from header if (authHeader != null) { Token userPayloadToken = TokenManager.extractPaylod(authHeader); if (userPayloadToken != null) { //Make sure the user's account hasn't been disabled in the middle of a session if (UserHelper.ADValidateEnabled(userPayloadToken)) { //TODO: Determine whether the user has access to the requested resource //Log the user activity HallMonitor hm = new HallMonitor(); hm.UserId = userPayloadToken.userId; hm.Resource = actionContext.Request.RequestUri.Segments[ actionContext.Request.RequestUri.Segments.Length - 1]; hm.Action = actionContext.Request.Method.Method; hm.LogActivity(); #region comment /* * For granular authorization * Get the Requested URI (what controller are we accessing) * and the Request Method (GET, POST, PUT, DELETE) * * compare to the user's role and that role's accessibilities * if all is good (1 = 1) return true otherwise fall through and return false */ #endregion if (1 == 1) { return(true); } } else { return(false); } } } return(false); }