Created
March 2, 2012 16:34
-
-
Save Vassi/1959509 to your computer and use it in GitHub Desktop.
Example of a custom Authorization attribute.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Text; | |
using System.Web.Mvc; | |
using MvcFlash.Core; | |
using System.Web; | |
using LC.MVC.UserModule; | |
namespace LC.MVC.UserModule.Infrastructure | |
{ | |
public class HasAllowanceAttribute : AuthorizeAttribute | |
{ | |
private enum AuthResult { ForceLogin, Forbidden, Allow } | |
private string[] permissionsSplit = new string[0]; | |
public bool AdminOnly { get; set; } | |
public HasAllowanceAttribute() | |
{ | |
} | |
public HasAllowanceAttribute(params string[] args) | |
{ | |
if (args != null && args.Length > 0) | |
permissionsSplit = args; | |
} | |
public HasAllowanceAttribute(bool adminOnly, params string[] args) | |
{ | |
AdminOnly = adminOnly; | |
if (args != null && args.Length > 0) | |
permissionsSplit = args; | |
} | |
private AuthResult AuthorizeAccess(HttpContextBase httpContext) | |
{ | |
if (httpContext == null) | |
{ | |
throw new ArgumentNullException("httpContext"); | |
} | |
var user = httpContext.User.AsAppUser(); | |
if (!user.IsAuthenticated) | |
return AuthResult.ForceLogin; | |
if (AdminOnly && !user.isGlobalAdmin) | |
return AuthResult.Forbidden; | |
if (permissionsSplit.Length > 0 && !permissionsSplit.All(x => user.Can(x))) | |
return AuthResult.Forbidden; | |
return AuthResult.Allow; | |
} | |
public override void OnAuthorization(AuthorizationContext filterContext) | |
{ | |
if (filterContext == null) | |
{ | |
throw new ArgumentNullException("filterContext"); | |
} | |
var result = AuthorizeAccess(filterContext.HttpContext); | |
switch (result) | |
{ | |
case AuthResult.ForceLogin: | |
Flash.Error("You must be logged in to view this page."); | |
filterContext.Result = new HttpUnauthorizedResult(); | |
break; | |
case AuthResult.Forbidden: | |
filterContext.Result = new RedirectToRouteResult("umForbidden", null); | |
break; | |
case AuthResult.Allow: | |
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; | |
cachePolicy.SetProxyMaxAge(new TimeSpan(0)); | |
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); | |
break; | |
} | |
} | |
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus) | |
{ | |
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context)); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment