Skip to main content

Authentication in MVC

using System;
using System.Web;
using System.Web.Http;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.Optimization;
using System.Web.Security;
using System.Web.Script.Serialization;
using DynamicProject.Utility.Security;
using System.Configuration;

namespace DynamicProject.Web
{    
    public class MvcApplication : System.Web.HttpApplication
    {
        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();

            WebApiConfig.Register(GlobalConfiguration.Configuration);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);

            DynamicProject.Utility.Logging.Logger.Configure(Server.MapPath("~/Config/log4net.config"));
        }
              
        protected void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs e)
        {
            //Saving user data into form authentication cookie
             HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

             if (authCookie == null)
             {                
                 if (e.Identity != null && e.Identity.IsAuthenticated &&
                     (ConfigurationManager.AppSettings["DefaultToLoginPage"] != null &&
                      ConfigurationManager.AppSettings["DefaultToLoginPage"].ToString() == "false"))
                 {
                     string corpId = e.Identity.Name.ToString().ToUpper();
                     
                     if (corpId.Contains("\\"))
                         corpId = corpId.Substring((corpId.IndexOf('\\') + 1), 7).ToUpper();
                     
                     CustomPrincipalSerializeModel objCustomPrincipalSerializeModel = new UserSecurity().GetUserDetails(corpId);

                     if (objCustomPrincipalSerializeModel != null)
                     {
                         JavaScriptSerializer serializer = new JavaScriptSerializer();

                         string userData = serializer.Serialize(objCustomPrincipalSerializeModel);

                         FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, corpId, DateTime.Now, DateTime.Now.AddMinutes(15),
                                                                                              false, userData);

                         string encTicket = FormsAuthentication.Encrypt(authTicket);
                         HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
                         Response.Cookies.Add(faCookie);
                     }
                     else
                     {
                         //Not authorized user
                     }                     
                 }
             }
        }

        protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
        {
            //Retrieving  user data from authentication cookie
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                JavaScriptSerializer serializer = new JavaScriptSerializer();

                CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(authTicket.UserData);

                CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
                newUser.Id = serializeModel.Id;
                newUser.FirstName = serializeModel.FirstName;
                newUser.LastName = serializeModel.LastName;
                newUser.Roles = serializeModel.Roles;
                newUser.CorpId = serializeModel.CorpId;
                newUser.FirstPriorityRole = serializeModel.FirstPriorityRole;

                HttpContext.Current.User = newUser;
            }
        }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Principal;

namespace DynamicProject.Utility.Security
{
    public class CustomPrincipal : ICustomPrincipal
    {
        public IIdentity Identity { get; private set; }        

        public CustomPrincipal(string corpId)
        {
            this.Identity = new GenericIdentity(corpId);
        }

        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string[] Roles { get; set; }
        public string FirstPriorityRole { get; set; }
        public string CorpId { get; set; }

        public string FullName
        {
            get
            {
                string fullName = string.Empty;

                if (!string.IsNullOrEmpty(FirstName))
                    fullName = FirstName;

                if (!string.IsNullOrEmpty(LastName))
                {
                    fullName += fullName == string.Empty ? LastName : " " + LastName;
                }
                return fullName;
                //return FirstName + " " + LastName; 
            }
        }
        public bool IsInRole(string role)
        {
            return Roles.Contains(role) ? true : false;
        }

        public bool IsAdmin
        {
            get { return FirstPriorityRole == "ADM" ? true : false; }
        }

        public bool IsUser
        {
            get { return FirstPriorityRole == "USR" ? true : false; }
        }

        public bool IsQualityCheckAdmin
        {
            get { return FirstPriorityRole == "QCA" ? true : false; }
        }

        public int RoleCount
        {
            get { return Roles.Length; }
        }       
    }
}



using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace DynamicProject.Utility.Security
{
    public class CustomPrincipalSerializeModel
    {
        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string[] Roles { get; set; }
        public string FullName
        {

            get
            {
                string fullName = string.Empty;

                if (!string.IsNullOrEmpty(FirstName))
                    fullName = FirstName;

                if (!string.IsNullOrEmpty(LastName))
                {
                    fullName += fullName == string.Empty ? LastName : " " + LastName;
                }
                return fullName;
                //return FirstName + " " + LastName; 
            }
        }
        public string CorpId { get; set; }
        public string FirstPriorityRole
        {
            get;
            set;
        }
    }
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Principal;

namespace DynamicProject.Utility.Security
{
    public interface ICustomPrincipal : IPrincipal
    {
        int Id { get; set; }
        string FirstName { get; set; }
        string LastName { get; set; }
        string[] Roles { get; set; }
        string FullName { get; }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using DynamicProject.DAL;
using DynamicProject.DTO;

namespace DynamicProject.Utility.Security
{
    public class UserSecurity
    {
        public CustomPrincipalSerializeModel GetUserDetails(string corpId)
        {
            if (corpId != null)
            {
                UserRepository objUserRepository = new UserRepository();

                CustomPrincipalSerializeModel objCustomPrincipalSerializeModel = new CustomPrincipalSerializeModel();
                User objUser = objUserRepository.GetUserDetails(corpId, true);
                List<Role> lstRole = objUserRepository.GetRoleList();
                List<Role> lstFilteredRole = new List<Role>();

                if (objUser != null)
                {
                    objUser.UserRoles = objUser.UserRoles.Where(F => F.IsActive == "Y").ToList();

                    if (objUser.UserRoles != null && objUser.UserRoles.Count > 0)
                    {                        


                        objCustomPrincipalSerializeModel.CorpId = objUser.CorpId;
                        objCustomPrincipalSerializeModel.Id = objUser.UserRoles.Count;
                        objCustomPrincipalSerializeModel.FirstName = objUser.UserRoles[0].Users.FirstName;
                        objCustomPrincipalSerializeModel.LastName = objUser.UserRoles[0].Users.LastName;
                        
                        string[] roles = new string[objUser.UserRoles.Count];
                        for (int roleCount = 0; roleCount < objUser.UserRoles.Count; roleCount++)
                            roles[roleCount] = objUser.UserRoles[roleCount].RoleCode;

                        objCustomPrincipalSerializeModel.Roles = roles;

                        foreach (string role in roles)
                        {
                            var objRole = lstRole.Where(F => F.RoleCode.ToUpper() == role.ToUpper()).FirstOrDefault<Role>();
                            lstFilteredRole.Add(objRole);
                        }

                        lstFilteredRole = lstFilteredRole.OrderBy(F => F.PriorityNumber).ToList();
                        objCustomPrincipalSerializeModel.FirstPriorityRole = lstFilteredRole[0].RoleCode;
                        return objCustomPrincipalSerializeModel;
                    }
                    
                }
            }
            return null;
        }
    }
}


Comments

Post a Comment

Popular posts from this blog

Python Multi Threading

Speeding up Python code using multithreading A lot of times we end up writing code in Python which does remote requests or reads multiple files or does processing on some data. And in a lot of those cases I have seen programmers using a simple  for loop  which takes forever to finish executing. For example: import requests from time import time  url_list = [     "https://via.placeholder.com/400",     "https://via.placeholder.com/410",     "https://via.placeholder.com/420",     "https://via.placeholder.com/430",     "https://via.placeholder.com/440",     "https://via.placeholder.com/450",     "https://via.placeholder.com/460",     "https://via.placeholder.com/470",     "https://via.placeholder.com/480",     "https://via.placeholder.com/490",     "https://via.placeholder.com/500",     "https://via.placeholder.com/510...
1 comment
Read more

Books To Refer

1. C#   in Depth ,  Third   Edition : Foreword   by Eric   Lippert        By:  Jon Skeet    Publication Date:  16-SEP-2013 2. Learning jQuery - Fourth Edition     B y:  Jonathan Chaffer; Karl Swedberg     Pub. Date:  June 25, 2013      3.Beginning JSON                    By:  Ben Smith     Publication Date:  04-MAR-2014 4. Responsive Web Design with jQuery     By:  Gilberto Crespo      Pub. Date:  November 25, 2013 5. Developing Responsive Web Applications with AJAX and jQuery       By:  Sandeep Kumar Patel  P ub. Date:  July 25, 2014 6. Dependency Injection in .NET     by  Mark Seemann
Post a Comment
Read more

C# IEnumerable and IQueryable

The first important point to remember is IQueryable interface inherits from IEnumerable, so whatever IEnumerable can do, IQueryable can also do.   There are many differences but let us discuss about the one big difference which makes the biggest difference. IEnumerable interface is useful when your collection is loaded using LINQ or Entity framework and you want to apply filter on the collection. Consider the below simple code which uses IEnumerable with entity framework. It’s using a Wherefilter to get records whose EmpId is 2. EmpEntities ent = new EmpEntities(); IEnumerable<Employee> emp = ent.Employees;  IEnumerable<Employee> temp = emp.Where(x => x.Empid == 2).ToList<Employee>(); This where filter is executed on the client side where the IEnumerable code is. In other words all the data is fetched from the database and then at the client its scans and gets the record with EmpId is 2.   But now see the below code we have...
Post a Comment
Read more