Janson's Stack reference : Role tags

Accee token

//authorize attribute
public class Admin : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase context)
{
return false;
}
}

// controller
public class TTTController : Controller
{
[Admin]
public ActionResult Index()
{
return View();
}
}

---------------------------------------------------------------------------
EXAMPLE
--------------------------------
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Principal;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Properties;

namespace TownSuiteWebPortals.Classes
{
public class PortalAcessAttribute : AuthorizeAttribute
{

public static readonly string[] RedirectIgnore = new string[] { "/login", "/securityquestion", "/logout", "/noaccess", "", "/" };
private string _tag = string.Empty;
public string RoleTags { get; set; }
private AuthorizedError _authorize;

protected override bool AuthorizeCore(HttpContextBase context)
{
var tagsOr = RoleTags.Split(new[] { "||" }, StringSplitOptions.RemoveEmptyEntries);
var tagsAnd = RoleTags.Split(new[] { "&&" }, StringSplitOptions.RemoveEmptyEntries);
var validRequest = false;
if (tagsOr.Length > 1)
{
var valid = new List<bool>();
foreach (var tag in tagsOr) { _tag = tag; valid.Add(IsValidRequest(context)); }
validRequest = valid.Contains(true);
}
if (tagsAnd.Length > 1 || (tagsOr.Length == 1 && tagsAnd.Length == 1))
{ foreach (var tag in tagsAnd) { _tag = tag; validRequest = IsValidRequest(context); } }

return validRequest;
}

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
HandleUnAuthorizedRequest(filterContext);

}

private static void SetNoAccessPage(AuthorizationContext context)
{
context.HttpContext.Response.StatusCode = 403;
context.Controller.ViewBag._ViewName = "NoAccess";
context.Controller.ViewBag._Title = "Unathorized Access";
context.Controller.ViewBag._MetaDescription = " You do not have access to the requested page.";
context.Result = new ViewResult
{
ViewName = "RazorView",
ViewData = context.Controller.ViewData,
TempData = context.Controller.TempData
};
}

private void HandleUnAuthorizedRequest(AuthorizationContext context)
{
switch (_authorize.ActionType)
{
case ActionType.LoginFail:
if (_authorize.IsAjax) context.Result = new HttpUnauthorizedResult(_authorize.Message);
else
{
if (context.HttpContext.Request.Url == null) context.HttpContext.Response.Redirect(CacheVariables.LoginPageUrl, false);
else context.HttpContext.Response.Redirect(GetRedirectUrl(context.HttpContext));
}

break;
case ActionType.ToLogout:
context.HttpContext.Response.Redirect("~/logout", false);
break;
case ActionType.ModuleLicensed:
case ActionType.ModuleAuthorizationFail:
if (_authorize.IsAjax) context.Result = new HttpUnauthorizedResult(_authorize.Message);
else SetNoAccessPage(context);
break;
default:
throw new ArgumentOutOfRangeException();
}
}

private bool IsValidRequest(HttpContextBase context)
{
if (GlobalConfig.UC == null)
{
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.LoginFail,
StatusCode = 302,
Message = "It appears you are not logged in",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.LoginFail, IsAjax = false };
return false;
}

if (!ModulesOk(context, _tag))
{
return false;
}

if (GlobalConfig.UserDetails.RoleTags == null)
{
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.LoginFail,
StatusCode = 302,
Message = "It appears you are logged in but have no permissions",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.LoginFail, IsAjax = false };

return false;
}

if (!HasAccess(_tag))
{
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleAuthorizationFail,
StatusCode = 403,
Message = "You do not have access to this resource",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleAuthorizationFail, IsAjax = false };
return false;
}
TwoFactorAuth(context);
return true;
}

public static string GetRedirectUrl(HttpContextBase context)
{
var url = $"{CacheVariables.LoginPageUrl}";
if (RedirectIgnore.Contains(context.Request.RawUrl) && context.Request.RawUrl != $"/{CacheVariables.LoginPageUrl}") return url;
if (context.Request.Url != null) url = $"{CacheVariables.LoginPageUrl}?redirect={TsConvert.UriEncode(context.Request.Url.ToString())}";
return url;
}

private bool ModulesOk(HttpContextBase context, string tag)
{
if (tag.StartsWith("WebService\\Complaints"))
{
if (CacheVariables.EnableComplaintPortal) return true;
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleLicensed,
StatusCode = 403,
Message = "Complaint Portal is disabled",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleLicensed, IsAjax = false };
return false;
}
if (tag.StartsWith("WebService\\Customer Portal"))
{
if (CacheVariables.EnableCustomerPortal) return true;
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleLicensed,
StatusCode = 403,
Message = "Customer Portal is disabled",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleLicensed, IsAjax = false };
return false;
}
if (tag.StartsWith("WebService\\EPurchasing"))
{
if (CacheVariables.EnableEpurchasingPortal) return true;
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleLicensed,
StatusCode = 403,
Message = "Epurchasing Portal is disabled",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleLicensed, IsAjax = false };

return false;
}
if (tag.StartsWith("WebService\\Recreation"))
{
if (CacheVariables.EnableRecreationPortal) return true;
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleLicensed,
StatusCode = 403,
Message = "Recreation Portal is disabled",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleLicensed, IsAjax = false };

return false;
}
if (tag.StartsWith("WebService\\Employee"))
{
if (CacheVariables.EnableEmployeePortal) return true;
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleLicensed,
StatusCode = 403,
Message = "Employee Portal is disabled",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleLicensed, IsAjax = false };
return false;
}
if (tag.StartsWith("WebService\\Facility"))
{
if (CacheVariables.EnableFacilityPortal) return true;
_authorize = context.Request.Headers["X-Requested-With"] == "XMLHttpRequest" ? new AuthorizedError
{
ActionType = ActionType.ModuleLicensed,
StatusCode = 403,
Message = "Facility Portal is disabled",
IsAjax = true
} : new AuthorizedError { ActionType = ActionType.ModuleLicensed, IsAjax = false };

return false;
}

return true;
}

private static bool HasAccess(string tag)
{
var roleTags = GlobalConfig.UserDetails.RoleTags;
var access = false;
switch (tag)
{
case "acess":
access = true;
break;
default:
if (roleTags.Any(item => item == tag))
access = true;
break;
}

return access;
}

public void TwoFactorAuth(System.Web.HttpResponse response, System.Web.SessionState.HttpSessionState session, System.Web.HttpRequest request)
{
TwoFactorAuth(new HttpResponseWrapper(response), session, new HttpRequestWrapper(request));
}

private void TwoFactorAuth(HttpContextBase context)
{
if (context.Request.AppRelativeCurrentExecutionFilePath == "~/securityquestion") return;
if (context.Request.AppRelativeCurrentExecutionFilePath == "~/logout") return;
if ((GlobalConfig.TwoFactorAnswerStatus == null)) return;
if ((context.Request.UrlReferrer != null))
{
if (GlobalConfig.TwoFactorAnswerStatus == "false" & context.Request.UrlReferrer.AbsolutePath.ToString() != CacheVariables.LoginPageUrl)
{
_authorize = new AuthorizedError { ActionType = ActionType.ToLogout };
}
}
if (context.Request.UrlReferrer != null) return;
if (GlobalConfig.TwoFactorAnswerStatus == "false")
{
_authorize = new AuthorizedError { ActionType = ActionType.ToLogout };
}
}

public void TwoFactorAuth(HttpResponseBase response, System.Web.SessionState.HttpSessionState session, HttpRequestBase request)
{
if ((GlobalConfig.TwoFactorAnswerStatus == null)) return;
if ((request.UrlReferrer != null))
{
if (GlobalConfig.TwoFactorAnswerStatus == "false" & request.UrlReferrer.AbsolutePath.ToString() != CacheVariables.LoginPageUrl)
{
_authorize = new AuthorizedError { ActionType = ActionType.ToLogout };
}
}
if (request.UrlReferrer != null) return;
if (GlobalConfig.TwoFactorAnswerStatus == "false")
{
_authorize = new AuthorizedError { ActionType = ActionType.ToLogout };
}
}
}

public enum ActionType
{
LoginFail,
ToLogout,
ModuleAuthorizationFail,
ModuleLicensed
}

public class AuthorizedError
{
public ActionType ActionType { get; set; }
public int StatusCode { get; set; }
public string Message { get; set; }
public bool IsAjax { get; set; }
}
}

useage

[PortalAcess(RoleTags = "WebService\\Recreation||WebService\\Facility\\ConfigurationSetup")]

Janson's Stack reference

Friday, July 8, 2016

Role tags

No comments:

Post a Comment

Sql server row level policy

Report Abuse

Labels