Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using OnlineStore.DAL;
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Web;
- using System.Web.Mvc;
- namespace OnlineStore.Models
- {
- public class NotAdminAuthorization : AuthorizeAttribute // Authorize ALL except Admin
- {
- User myUser = new User();
- protected override bool AuthorizeCore(HttpContextBase httpContext)
- {
- //var isAuthorized = base.AuthorizeCore(httpContext);
- //if (!isAuthorized)
- // return false;
- string CurrentUser = httpContext.User.Identity.Name; // Current UserName //
- DataLayer dal = new DataLayer();
- List<User> usr =
- (from x in dal.Users
- where x.UserName == CurrentUser
- select x).ToList<User>();
- if (usr.Count == 1)
- {
- myUser.UserName = usr[0].UserName;
- myUser.Password = usr[0].Password;
- myUser.Permission = usr[0].Permission;
- if (myUser.Permission == "Admin")
- return false;
- }
- return true;
- }
- protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
- {
- filterContext.Result = new HttpUnauthorizedResult();
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement