albert/kreta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kreta/KretaWeb/Security/MvcRoleClaimsAuthorizeAttribute.cs
skidoodle e124a47765 init
2024-03-13 00:33:46 +01:00

115 lines
4.2 KiB
C#
Raw Blame History

using System;
using System.Security.Claims;
using System.Web;
using System.Web.Mvc;
using Kreta.BusinessLogic.Security;
using Kreta.Enums;
using Kreta.Web.Areas.Adminisztracio.Controllers;
using Kreta.Web.Configuration;
using Kreta.Web.Controllers;
using AuthorizationContext = System.Web.Mvc.AuthorizationContext;
namespace Kreta.Web.Security
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class MvcRoleClaimsAuthorizeAttribute : AuthorizeAttribute
{
private string[] claimValue;
private bool allowAll;
public MvcRoleClaimsAuthorizeAttribute(bool allowAll = false)
{
this.allowAll = allowAll;
SetInstance(KretaSecurityActions.Demand, new SzerepkorTipusEnum[] { });
}
public MvcRoleClaimsAuthorizeAttribute(params SzerepkorTipusEnum[] claimValue)
{
SetInstance(KretaSecurityActions.Demand, claimValue);
}
public MvcRoleClaimsAuthorizeAttribute(KretaSecurityActions type, params SzerepkorTipusEnum[] claimValue)
{
SetInstance(type, claimValue);
}
private void SetInstance(KretaSecurityActions type, SzerepkorTipusEnum[] value)
{
claimValue = AuthorizeHelper.ConvertRolesToAuthorizeProperty(type, value);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (SkipAuthorization(filterContext))
return;
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
public bool IsAuthorized(HttpContextBase httpContext)
{
return AuthorizeCore(httpContext);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (HttpContext.Current == null)
return false;
if (HttpContext.Current.User == null)
return false;
var principal = HttpContext.Current.User as ClaimsPrincipal;
if (allowAll)
{
var identity = ClaimManager.GetClaimIdentity();
if (identity == null)
return false;
return principal.Identity.IsAuthenticated;
}
return AuthorizeHelper.CheckRoleAccess(claimValue, principal);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
AuthorizeHelper.MvcRequestAuthorizeFail(filterContext);
}
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
}
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
private bool SkipAuthorization(AuthorizationContext filterContext)
{
var idpConfiguration = DependencyResolver.Current.GetService<IIdpConfiguration>();
if (idpConfiguration.LoginEnabled)
{
if (filterContext.Controller is HomeController && filterContext.ActionDescriptor.ActionName.Equals("Index"))
return true;
}
else
{
if (filterContext.Controller is LoginController && filterContext.ActionDescriptor.ActionName.Equals("Index"))
return true;
}
bool result = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
return result;
}
}
}
Reference in a new issue View git blame Copy permalink