public class AuthorizationModule : IHttpModule
{
public void Init(HttpApplication application)
{
application.AuthorizeRequest += new EventHandler(authorize);
}
public void authorize(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
if (existValidUser())
{
using (SecurityDAO secDAO = new SecurityDAO())
{
Menu menu = secDAO.getMenuByPath(getVirtualPathAsLowerCase(application));
if (menu != null)
{
foreach (Role menuRole in secDAO.getRolesFor(menu))
{
if (!userIsInRole(application, menuRole))
{
throw new HttpException(401, "UnAuthorized access to " + application.Request.Path);
}
}
}
}
}
}
private bool userIsInRole(HttpApplication application, Role menuRole)
{
return application.User.IsInRole(menuRole.Name);
}
private string getVirtualPathAsLowerCase(HttpApplication application)
{
return WebAppUtil.removeVirtualPathAndConvertToLowerCase(application.Request.Path);
}
private bool existValidUser()
{
return HttpContext.Current.User != null &&
HttpContext.Current.User.Identity.IsAuthenticated &&
HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity);
}
public void Dispose()
{
}
}