using System;
using System.Collections;
using System.ComponentModel;
using System.Web;
using System.Security;
using System.Security.Principal;
using System.Web.Security;
using System.Data.SqlClient;
namespace ASPNetPortal {
public class Global : System.Web.HttpApplication {
//*********************************************************************
//
// Application_BeginRequest Event
//
// The Application_BeginRequest method is an ASP.NET event that executes
// on each web request into the portal application. The below method
// obtains the current tabIndex and TabId from the querystring of the
// request -- and then obtains the configuration necessary to process
// and render the request.
//
// This portal configuration is stored within the application's "Context"
// object -- which is available to all pages, controls and components
// during the processing of a single request.
//
//*********************************************************************
protected void Application_BeginRequest(Object sender, EventArgs e) {
int tabIndex = 0;
int tabId = 0;
// Get TabIndex from querystring
if (Request.Params["tabindex"] != null) {
tabIndex = Int32.Parse(Request.Params["tabindex"]);
}
// Get TabID from querystring
if (Request.Params["tabid"] != null) {
tabId = Int32.Parse(Request.Params["tabid"]);
}
Context.Items.Add("PortalSettings", new PortalSettings(tabIndex, tabId));
}
//*********************************************************************
//
// Application_AuthenticateRequest Event
//
// If the client is authenticated with the application, then determine
// which security roles he/she belongs to and replace the "User" intrinsic
// with a custom IPrincipal security object that permits "User.IsInRole"
// role checks within the application
//
// Roles are cached in the browser in an in-memory encrypted cookie. If the
// cookie doesn't exist yet for this session, create it.
//
//*********************************************************************
protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
if (Request.IsAuthenticated == true) {
String[] roles;
// Create the roles cookie if it doesn't exist yet for this session.
if ((Request.Cookies["portalroles"] == null) || (Request.Cookies["portalroles"].Value == "")) {
// Get roles from UserRoles table, and add to cookie
UsersDB user = new UsersDB();
roles = user.GetRoles(User.Identity.Name);
// Create a string to persist the roles
String roleStr = "";
foreach (String role in roles) {
roleStr += role;
roleStr += ";";
}
// Create a cookie authentication ticket.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // version
Context.User.Identity.Name, // user name
DateTime.Now, // issue time
DateTime.Now.AddHours(1), // expires every hour
false, // don't persist cookie
roleStr // roles
);
// Encrypt the ticket
String cookieStr = FormsAuthentication.Encrypt(ticket);
// Send the cookie to the client
Response.Cookies["portalroles"].Value = cookieStr;
Response.Cookies["portalroles"].Path = "/";
Response.Cookies["portalroles"].Expires = DateTime.Now.AddMinutes(1);
}
else {
// Get roles from roles cookie
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies["portalroles"].Value);
//convert the string representation of the role data into a string array
ArrayList userRoles = new ArrayList();
foreach (String role in ticket.UserData.Split( new char[] {';'} )) {
userRoles.Add(role);
}
roles = (String[]) userRoles.ToArray(typeof(String));
}
// Add our own custom principal to the request containing the roles in the auth ticket
Context.User = new GenericPrincipal(Context.User.Identity, roles);
}
}
}
}