Mercurial > altnet-hispano

view Agendas/trunk/src/Agendas.Web/Controllers/CustomAuthorizeAttribute.cs @ 179:1deccd6c3cb2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Aplicando seguridad x roles en sitio web
author nelopauselli
date Mon, 08 Aug 2011 15:24:26 -0300
parents
children 2d02adb79322
line wrap: on
line source

using System.Net;
using System.Web;
using System.Web.Mvc;
using AltNetHispano.Agendas.Domain;
using AltNetHispano.Agendas.Factories;

namespace AltNetHispano.Agendas.Web.Controllers
{
	public class CustomAuthorizeAttribute : AuthorizeAttribute
	{
		public string RedirectResultUrl { get; set; }

		public CustomAuthorizeAttribute()
		{
			RedirectResultUrl = "~/Error/NoAutorizado";
		}

		protected override bool AuthorizeCore(HttpContextBase httpContext)
		{
			if (!httpContext.User.Identity.IsAuthenticated || !IdentityContext.IsAuthenticated())
				return false;

			if (!string.IsNullOrWhiteSpace(Roles))
			{
				using (NHibernateFactory.GetSessionScope())
				{
					var roles = Roles.Split(',');
					if (!IdentityContext.IsInRole(roles))
					{
						httpContext.Response.StatusCode = 403;
						return false;
					}
				}
			}

			return true;
		}

		protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
		{
			if (filterContext.HttpContext.Response.StatusCode == 403)
				filterContext.Result = new RedirectResult(RedirectResultUrl);
			else
				base.HandleUnauthorizedRequest(filterContext);
		}
	}
}