Skip to main content

Authentication in MVC

using System;
using System.Web;
using System.Web.Http;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.Optimization;
using System.Web.Security;
using System.Web.Script.Serialization;
using DynamicProject.Utility.Security;
using System.Configuration;

namespace DynamicProject.Web
{    
    public class MvcApplication : System.Web.HttpApplication
    {
        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();

            WebApiConfig.Register(GlobalConfiguration.Configuration);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);

            DynamicProject.Utility.Logging.Logger.Configure(Server.MapPath("~/Config/log4net.config"));
        }
              
        protected void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs e)
        {
            //Saving user data into form authentication cookie
             HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

             if (authCookie == null)
             {                
                 if (e.Identity != null && e.Identity.IsAuthenticated &&
                     (ConfigurationManager.AppSettings["DefaultToLoginPage"] != null &&
                      ConfigurationManager.AppSettings["DefaultToLoginPage"].ToString() == "false"))
                 {
                     string corpId = e.Identity.Name.ToString().ToUpper();
                     
                     if (corpId.Contains("\\"))
                         corpId = corpId.Substring((corpId.IndexOf('\\') + 1), 7).ToUpper();
                     
                     CustomPrincipalSerializeModel objCustomPrincipalSerializeModel = new UserSecurity().GetUserDetails(corpId);

                     if (objCustomPrincipalSerializeModel != null)
                     {
                         JavaScriptSerializer serializer = new JavaScriptSerializer();

                         string userData = serializer.Serialize(objCustomPrincipalSerializeModel);

                         FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, corpId, DateTime.Now, DateTime.Now.AddMinutes(15),
                                                                                              false, userData);

                         string encTicket = FormsAuthentication.Encrypt(authTicket);
                         HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
                         Response.Cookies.Add(faCookie);
                     }
                     else
                     {
                         //Not authorized user
                     }                     
                 }
             }
        }

        protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
        {
            //Retrieving  user data from authentication cookie
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                JavaScriptSerializer serializer = new JavaScriptSerializer();

                CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(authTicket.UserData);

                CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
                newUser.Id = serializeModel.Id;
                newUser.FirstName = serializeModel.FirstName;
                newUser.LastName = serializeModel.LastName;
                newUser.Roles = serializeModel.Roles;
                newUser.CorpId = serializeModel.CorpId;
                newUser.FirstPriorityRole = serializeModel.FirstPriorityRole;

                HttpContext.Current.User = newUser;
            }
        }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Principal;

namespace DynamicProject.Utility.Security
{
    public class CustomPrincipal : ICustomPrincipal
    {
        public IIdentity Identity { get; private set; }        

        public CustomPrincipal(string corpId)
        {
            this.Identity = new GenericIdentity(corpId);
        }

        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string[] Roles { get; set; }
        public string FirstPriorityRole { get; set; }
        public string CorpId { get; set; }

        public string FullName
        {
            get
            {
                string fullName = string.Empty;

                if (!string.IsNullOrEmpty(FirstName))
                    fullName = FirstName;

                if (!string.IsNullOrEmpty(LastName))
                {
                    fullName += fullName == string.Empty ? LastName : " " + LastName;
                }
                return fullName;
                //return FirstName + " " + LastName; 
            }
        }
        public bool IsInRole(string role)
        {
            return Roles.Contains(role) ? true : false;
        }

        public bool IsAdmin
        {
            get { return FirstPriorityRole == "ADM" ? true : false; }
        }

        public bool IsUser
        {
            get { return FirstPriorityRole == "USR" ? true : false; }
        }

        public bool IsQualityCheckAdmin
        {
            get { return FirstPriorityRole == "QCA" ? true : false; }
        }

        public int RoleCount
        {
            get { return Roles.Length; }
        }       
    }
}



using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace DynamicProject.Utility.Security
{
    public class CustomPrincipalSerializeModel
    {
        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string[] Roles { get; set; }
        public string FullName
        {

            get
            {
                string fullName = string.Empty;

                if (!string.IsNullOrEmpty(FirstName))
                    fullName = FirstName;

                if (!string.IsNullOrEmpty(LastName))
                {
                    fullName += fullName == string.Empty ? LastName : " " + LastName;
                }
                return fullName;
                //return FirstName + " " + LastName; 
            }
        }
        public string CorpId { get; set; }
        public string FirstPriorityRole
        {
            get;
            set;
        }
    }
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Principal;

namespace DynamicProject.Utility.Security
{
    public interface ICustomPrincipal : IPrincipal
    {
        int Id { get; set; }
        string FirstName { get; set; }
        string LastName { get; set; }
        string[] Roles { get; set; }
        string FullName { get; }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using DynamicProject.DAL;
using DynamicProject.DTO;

namespace DynamicProject.Utility.Security
{
    public class UserSecurity
    {
        public CustomPrincipalSerializeModel GetUserDetails(string corpId)
        {
            if (corpId != null)
            {
                UserRepository objUserRepository = new UserRepository();

                CustomPrincipalSerializeModel objCustomPrincipalSerializeModel = new CustomPrincipalSerializeModel();
                User objUser = objUserRepository.GetUserDetails(corpId, true);
                List<Role> lstRole = objUserRepository.GetRoleList();
                List<Role> lstFilteredRole = new List<Role>();

                if (objUser != null)
                {
                    objUser.UserRoles = objUser.UserRoles.Where(F => F.IsActive == "Y").ToList();

                    if (objUser.UserRoles != null && objUser.UserRoles.Count > 0)
                    {                        


                        objCustomPrincipalSerializeModel.CorpId = objUser.CorpId;
                        objCustomPrincipalSerializeModel.Id = objUser.UserRoles.Count;
                        objCustomPrincipalSerializeModel.FirstName = objUser.UserRoles[0].Users.FirstName;
                        objCustomPrincipalSerializeModel.LastName = objUser.UserRoles[0].Users.LastName;
                        
                        string[] roles = new string[objUser.UserRoles.Count];
                        for (int roleCount = 0; roleCount < objUser.UserRoles.Count; roleCount++)
                            roles[roleCount] = objUser.UserRoles[roleCount].RoleCode;

                        objCustomPrincipalSerializeModel.Roles = roles;

                        foreach (string role in roles)
                        {
                            var objRole = lstRole.Where(F => F.RoleCode.ToUpper() == role.ToUpper()).FirstOrDefault<Role>();
                            lstFilteredRole.Add(objRole);
                        }

                        lstFilteredRole = lstFilteredRole.OrderBy(F => F.PriorityNumber).ToList();
                        objCustomPrincipalSerializeModel.FirstPriorityRole = lstFilteredRole[0].RoleCode;
                        return objCustomPrincipalSerializeModel;
                    }
                    
                }
            }
            return null;
        }
    }
}


Comments

Popular posts from this blog

C# IEnumerable and IQueryable

The first important point to remember is IQueryable interface inherits from IEnumerable, so whatever IEnumerable can do, IQueryable can also do.   There are many differences but let us discuss about the one big difference which makes the biggest difference. IEnumerable interface is useful when your collection is loaded using LINQ or Entity framework and you want to apply filter on the collection. Consider the below simple code which uses IEnumerable with entity framework. It’s using a Wherefilter to get records whose EmpId is 2. EmpEntities ent = new EmpEntities(); IEnumerable<Employee> emp = ent.Employees;  IEnumerable<Employee> temp = emp.Where(x => x.Empid == 2).ToList<Employee>(); This where filter is executed on the client side where the IEnumerable code is. In other words all the data is fetched from the database and then at the client its scans and gets the record with EmpId is 2.   But now see the below code we have...