view Agendas/trunk/src/Agendas.Web/Controllers/CustomAuthorizeAttribute.cs @ 227:11545cc95491

Mostrar todos los ponentes en el histórico
author nelopauselli
date Wed, 28 Sep 2011 08:57:34 -0300
parents 2d02adb79322
children
line wrap: on
line source

using System.Web;
using System.Web.Mvc;
using AltNetHispano.Agendas.Domain;
using AltNetHispano.Agendas.Factories;

namespace AltNetHispano.Agendas.Web.Controllers
{
	public class CustomAuthorizeAttribute : AuthorizeAttribute
	{
		public string RedirectResultUrl { get; set; }

		public CustomAuthorizeAttribute()
		{
			RedirectResultUrl = "~/Error/NoAutorizado";
		}

		protected override bool AuthorizeCore(HttpContextBase httpContext)
		{
			if (!httpContext.User.Identity.IsAuthenticated || !IdentityContext.IsAuthenticated())
				return false;

			if (!string.IsNullOrWhiteSpace(Roles))
			{
				using (NHibernateFactory.GetSessionScope())
				{
					var roles = Roles.Split(',');
					if (!IdentityContext.IsInRole(roles))
					{
						httpContext.Response.StatusCode = 403;
						return false;
					}
				}
			}

			return true;
		}

		protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
		{
			if (filterContext.HttpContext.Response.StatusCode == 403)
				filterContext.Result = new RedirectResult(RedirectResultUrl);
			else
				base.HandleUnauthorizedRequest(filterContext);
		}
	}
}