Modified user access

7 years ago · a1de092594
7 changed files with 50 additions and 19 deletions
--- a/Teknik/Areas/About/Controllers/AboutController.cs
+++ b/Teknik/Areas/About/Controllers/AboutController.cs
@ -9,7 +9,8 @@ namespace Teknik.Areas.About.Controllers
				@@ -9,7 +9,8 @@ namespace Teknik.Areas.About.Controllers
 {
    public class AboutController : DefaultController
    {
-        [AllowAnonymous]
+        //[AllowAnonymous]
+        [Authorize(Roles = "Admin")]
        // GET: About/About
        public ActionResult Index()
        {
--- a/Teknik/Areas/Profile/Controllers/ProfileController.cs
+++ b/Teknik/Areas/Profile/Controllers/ProfileController.cs
@ -6,6 +6,7 @@ using System.Web.Mvc;
				@@ -6,6 +6,7 @@ using System.Web.Mvc;
 using System.Web.Security;
 using Teknik.Areas.Profile.ViewModels;
 using Teknik.Controllers;
+using Teknik.Helpers;
 using Teknik.Models;
 using Teknik.ViewModels;

@ -38,7 +39,10 @@ namespace Teknik.Areas.Profile.Controllers
				@@ -38,7 +39,10 @@ namespace Teknik.Areas.Profile.Controllers
        {
            if (ModelState.IsValid)
            {
-                if (model.IsValid())
+                string username = model.Username;
+                string password = SHA384.Hash(model.Username, model.Password);
+                bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
+                if (userValid)
                {
                    FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
                    return Json(new { result = "true" });
--- a/Teknik/Areas/Profile/Models/Group.cs
+++ b/Teknik/Areas/Profile/Models/Group.cs
@ -14,6 +14,8 @@ namespace Teknik.Areas.Profile.Models
				@@ -14,6 +14,8 @@ namespace Teknik.Areas.Profile.Models

        public string Description { get; set; }

+        public List<User> Users { get; set; }
+
        public List<Role> Roles { get; set; }
    }
 }
--- a/Teknik/Areas/Profile/Models/Role.cs
+++ b/Teknik/Areas/Profile/Models/Role.cs
@ -14,8 +14,6 @@ namespace Teknik.Areas.Profile.Models
				@@ -14,8 +14,6 @@ namespace Teknik.Areas.Profile.Models

        public string Description { get; set; }

-        public PermissionType Permission { get; set; }
-
-        public PermissionTarget Target { get; set; }
+        public List<Group> Groups { get; set; }
    }
 }
--- a/Teknik/Areas/Profile/Models/UserIdentity.cs
+++ b/Teknik/Areas/Profile/Models/UserIdentity.cs
@ -1,12 +0,0 @@
				@@ -1,12 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace Teknik.Areas.Profile.Models
-{
-    public class UserIdentity : User
-    {
-    }
-}
--- a/Teknik/Global.asax.cs
+++ b/Teknik/Global.asax.cs
@ -10,6 +10,7 @@ using System.Data.Entity;
				@@ -10,6 +10,7 @@ using System.Data.Entity;
 using System.Web.Security;
 using Teknik.Migrations;
 using System.Data.Entity.Migrations;
+using Teknik.Areas.Profile.Models;

 namespace Teknik
 {
@ -25,5 +26,44 @@ namespace Teknik
				@@ -25,5 +26,44 @@ namespace Teknik
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
        }
+        protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
+        {
+            if (FormsAuthentication.CookiesSupported == true)
+            {
+                if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
+                {
+                    try
+                    {
+                        //let us take out the username now                
+                        string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
+                        List<string> roles = new List<string>();
+
+                        using (TeknikEntities entities = new TeknikEntities())
+                        {
+                            User user = entities.Users.SingleOrDefault(u => u.Username == username);
+
+                            foreach (Group grp in user.Groups)
+                            {
+                                foreach (Role role in grp.Roles)
+                                {
+                                    if (!roles.Contains(role.Name))
+                                    {
+                                        roles.Add(role.Name);
+                                    }
+                                }
+                            }
+                        }
+
+                        //Let us set the Pricipal with our user specific details
+                        HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(
+                          new System.Security.Principal.GenericIdentity(username, "Forms"), roles.ToArray());
+                    }
+                    catch (Exception)
+                    {
+                        //somehting went wrong
+                    }
+                }
+            }
+        }
    }
 }
--- a/Teknik/Teknik.csproj
+++ b/Teknik/Teknik.csproj
@ -155,8 +155,6 @@
				@@ -155,8 +155,6 @@
    <Compile Include="Areas\Privacy\Controllers\PrivacyController.cs" />
    <Compile Include="Areas\Privacy\PrivacyAreaRegistration.cs" />
    <Compile Include="Areas\Profile\Controllers\ProfileController.cs" />
-    <Compile Include="Areas\Profile\Models\AuthUser.cs" />
-    <Compile Include="Areas\Profile\Models\UserIdentity.cs" />
    <Compile Include="Areas\Profile\ProfileAreaRegistration.cs" />
    <Compile Include="Configuration\Config.cs" />
    <Compile Include="Areas\Blog\Controllers\BlogController.cs" />