init
This commit is contained in:
commit
e124a47765
19374 changed files with 9806149 additions and 0 deletions
79
KretaWeb/Security/ApiRoleClaimsAuthorizeAttribute.cs
Normal file
79
KretaWeb/Security/ApiRoleClaimsAuthorizeAttribute.cs
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
using System;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
using System.Security.Claims;
|
||||
using System.Web;
|
||||
using System.Web.Http;
|
||||
using System.Web.Http.Controllers;
|
||||
using Kreta.BusinessLogic.Security;
|
||||
using Kreta.Enums;
|
||||
|
||||
namespace Kreta.Web.Security
|
||||
{
|
||||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
|
||||
public class ApiRoleClaimsAuthorizeAttribute : AuthorizeAttribute
|
||||
{
|
||||
private string[] claimValue;
|
||||
private bool allowAll;
|
||||
|
||||
public ApiRoleClaimsAuthorizeAttribute(bool allowAll = false)
|
||||
{
|
||||
this.allowAll = allowAll;
|
||||
SetInstance(KretaSecurityActions.Demand, new SzerepkorTipusEnum[] { });
|
||||
}
|
||||
|
||||
public ApiRoleClaimsAuthorizeAttribute(params SzerepkorTipusEnum[] claimValue)
|
||||
{
|
||||
SetInstance(KretaSecurityActions.Demand, claimValue);
|
||||
}
|
||||
|
||||
public ApiRoleClaimsAuthorizeAttribute(KretaSecurityActions type, params SzerepkorTipusEnum[] claimValue)
|
||||
{
|
||||
SetInstance(type, claimValue);
|
||||
}
|
||||
|
||||
private void SetInstance(KretaSecurityActions type, params SzerepkorTipusEnum[] values)
|
||||
{
|
||||
claimValue = AuthorizeHelper.ConvertRolesToAuthorizeProperty(type, values);
|
||||
}
|
||||
|
||||
public override void OnAuthorization(HttpActionContext actionContext)
|
||||
{
|
||||
if (SkipAuthorization(actionContext))
|
||||
return;
|
||||
if (IsAuthorized(actionContext))
|
||||
return;
|
||||
HandleUnauthorizedRequest(actionContext);
|
||||
}
|
||||
|
||||
protected override bool IsAuthorized(HttpActionContext actionContext)
|
||||
{
|
||||
if (HttpContext.Current == null)
|
||||
return false;
|
||||
if (HttpContext.Current.User == null)
|
||||
return false;
|
||||
var principal = HttpContext.Current.User as ClaimsPrincipal;
|
||||
if (allowAll)
|
||||
{
|
||||
var identity = ClaimManager.GetClaimIdentity();
|
||||
if (identity == null)
|
||||
return false;
|
||||
return principal.Identity.IsAuthenticated;
|
||||
}
|
||||
|
||||
return AuthorizeHelper.CheckRoleAccess(claimValue, principal);
|
||||
}
|
||||
|
||||
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
|
||||
{
|
||||
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
|
||||
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
|
||||
}
|
||||
|
||||
private static bool SkipAuthorization(HttpActionContext actionContext)
|
||||
{
|
||||
return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0
|
||||
|| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue