Mercurial > altnet-hispano

comparison Agendas/trunk/src/Agendas.Web/Controllers/CustomAuthorizeAttribute.cs @ 179:1deccd6c3cb2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Aplicando seguridad x roles en sitio web
author nelopauselli
date Mon, 08 Aug 2011 15:24:26 -0300
parents
children 2d02adb79322
comparison
equal deleted inserted replaced
178:33e57fd1a6c9 179:1deccd6c3cb2
1 using System.Net;
2 using System.Web;
3 using System.Web.Mvc;
4 using AltNetHispano.Agendas.Domain;
5 using AltNetHispano.Agendas.Factories;
6
7 namespace AltNetHispano.Agendas.Web.Controllers
8 {
9 public class CustomAuthorizeAttribute : AuthorizeAttribute
10 {
11 public string RedirectResultUrl { get; set; }
12
13 public CustomAuthorizeAttribute()
14 {
15 RedirectResultUrl = "~/Error/NoAutorizado";
16 }
17
18 protected override bool AuthorizeCore(HttpContextBase httpContext)
19 {
20 if (!httpContext.User.Identity.IsAuthenticated || !IdentityContext.IsAuthenticated())
21 return false;
22
23 if (!string.IsNullOrWhiteSpace(Roles))
24 {
25 using (NHibernateFactory.GetSessionScope())
26 {
27 var roles = Roles.Split(',');
28 if (!IdentityContext.IsInRole(roles))
29 {
30 httpContext.Response.StatusCode = 403;
31 return false;
32 }
33 }
34 }
35
36 return true;
37 }
38
39 protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
40 {
41 if (filterContext.HttpContext.Response.StatusCode == 403)
42 filterContext.Result = new RedirectResult(RedirectResultUrl);
43 else
44 base.HandleUnauthorizedRequest(filterContext);
45 }
46 }
47 }