using System; using System.Security.Claims; using System.Web; using System.Web.Mvc; using Kreta.BusinessLogic.Security; using Kreta.Enums; using Kreta.Web.Areas.Adminisztracio.Controllers; using Kreta.Web.Configuration; using Kreta.Web.Controllers; using AuthorizationContext = System.Web.Mvc.AuthorizationContext; namespace Kreta.Web.Security { [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] public class MvcRoleClaimsAuthorizeAttribute : AuthorizeAttribute { private string[] claimValue; private bool allowAll; public MvcRoleClaimsAuthorizeAttribute(bool allowAll = false) { this.allowAll = allowAll; SetInstance(KretaSecurityActions.Demand, new SzerepkorTipusEnum[] { }); } public MvcRoleClaimsAuthorizeAttribute(params SzerepkorTipusEnum[] claimValue) { SetInstance(KretaSecurityActions.Demand, claimValue); } public MvcRoleClaimsAuthorizeAttribute(KretaSecurityActions type, params SzerepkorTipusEnum[] claimValue) { SetInstance(type, claimValue); } private void SetInstance(KretaSecurityActions type, SzerepkorTipusEnum[] value) { claimValue = AuthorizeHelper.ConvertRolesToAuthorizeProperty(type, value); } public override void OnAuthorization(AuthorizationContext filterContext) { if (SkipAuthorization(filterContext)) return; if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null); } else { HandleUnauthorizedRequest(filterContext); } } public bool IsAuthorized(HttpContextBase httpContext) { return AuthorizeCore(httpContext); } protected override bool AuthorizeCore(HttpContextBase httpContext) { if (HttpContext.Current == null) return false; if (HttpContext.Current.User == null) return false; var principal = HttpContext.Current.User as ClaimsPrincipal; if (allowAll) { var identity = ClaimManager.GetClaimIdentity(); if (identity == null) return false; return principal.Identity.IsAuthenticated; } return AuthorizeHelper.CheckRoleAccess(claimValue, principal); } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { AuthorizeHelper.MvcRequestAuthorizeFail(filterContext); } protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext) { return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid; } private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus) { validationStatus = OnCacheAuthorization(new HttpContextWrapper(context)); } private bool SkipAuthorization(AuthorizationContext filterContext) { var idpConfiguration = DependencyResolver.Current.GetService(); if (idpConfiguration.LoginEnabled) { if (filterContext.Controller is HomeController && filterContext.ActionDescriptor.ActionName.Equals("Index")) return true; } else { if (filterContext.Controller is LoginController && filterContext.ActionDescriptor.ActionName.Equals("Index")) return true; } bool result = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true); return result; } } }