Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public class AuthorizationModule : IHttpModule
- {
- public void Init(HttpApplication application)
- {
- application.AuthorizeRequest += new EventHandler(authorize);
- }
- public void authorize(object sender, EventArgs e)
- {
- HttpApplication application = (HttpApplication)sender;
- if (existValidUser())
- {
- using (SecurityDAO secDAO = new SecurityDAO())
- {
- Menu menu = secDAO.getMenuByPath(getVirtualPathAsLowerCase(application));
- if (menu != null)
- {
- foreach (Role menuRole in secDAO.getRolesFor(menu))
- {
- if (!userIsInRole(application, menuRole))
- {
- throw new HttpException(401, "UnAuthorized access to " + application.Request.Path);
- }
- }
- }
- }
- }
- }
- private bool userIsInRole(HttpApplication application, Role menuRole)
- {
- return application.User.IsInRole(menuRole.Name);
- }
- private string getVirtualPathAsLowerCase(HttpApplication application)
- {
- return WebAppUtil.removeVirtualPathAndConvertToLowerCase(application.Request.Path);
- }
- private bool existValidUser()
- {
- return HttpContext.Current.User != null &&
- HttpContext.Current.User.Identity.IsAuthenticated &&
- HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity);
- }
- public void Dispose()
- {
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement