namespace MyApp.Custom.Security{ public class Secure : AuthorizeAttribute

1. namespace MyApp.Custom.Security
2. {
3. public class Secure : AuthorizeAttribute
4. {
5. /// <summary>
6. /// Checks to see if the user is authenticated and has a valid session object
7. /// </summary>
8. /// <param name="httpContext"></param>
9. /// <returns></returns>
10. protected override bool AuthorizeCore(HttpContextBase httpContext)
11. {
12. if (httpContext == null) throw new ArgumentNullException("httpContext");
13.  
14. // Make sure the user is authenticated.
15. if (httpContext.User.Identity.IsAuthenticated == false) return false;
16.  
17. // This will check my session variable and a few other things.
18. return Helpers.SecurityHelper.IsSignedIn();
19. }
20. }
21. }
22.  
23. public class AuthorisationModule : IHttpModule
24. {
25. public void Init( HttpApplication context )
26. {
27. context.AuthorizeRequest += AuthorizeRequest;
28. }
29.  
30. private void AuthorizeRequest(object sender, EventArgs e)
31. {
32. var currentUser = HttpContext.Current.User;
33. if( !currentUser.IsAuthenticated() )
34. {
35. return;
36. }
37.  
38. var roles = new List<string>();
39. // Add roles here using whatever logic is required
40.  
41. var principal = new GenericPrincipal( currentUser.Identity, roles.ToArray() );
42. HttpContext.Current.User = principal;
43. }
44.  
45. public void Dispose()
46. {
47. if(HttpContext.Current == null )
48. {
49. return;
50. }
51.  
52. if(HttpContext.Current.ApplicationInstance == null)
53. {
54. return;
55. }
56.  
57. HttpContext.Current.ApplicationInstance.AuthorizeRequest -= AuthorizeRequest;
58. }
59. }