diff --git a/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs b/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
index 75360a1bba..1e3ef3d639 100644
--- a/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
@@ -2,6 +2,7 @@ using System;
using System.Web;
using System.Web.Mvc;
using Umbraco.Core;
+using Umbraco.Web.Security;
using umbraco.BasePages;
namespace Umbraco.Web.Install
@@ -33,12 +34,9 @@ namespace Umbraco.Web.Install
///
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
- if (httpContext == null)
- {
- throw new ArgumentNullException("httpContext");
- }
+ if (httpContext == null) throw new ArgumentNullException("httpContext");
- try
+ try
{
//if its not configured then we can continue
if (!_applicationContext.IsConfigured)
@@ -47,7 +45,7 @@ namespace Umbraco.Web.Install
}
//otherwise we need to ensure that a user is logged in
- var isLoggedIn = BasePage.ValidateUserContextID(BasePage.umbracoUserContextID);
+ var isLoggedIn = WebSecurity.ValidateUserContextId(WebSecurity.UmbracoUserContextId);
if (isLoggedIn)
{
return true;
@@ -60,30 +58,16 @@ namespace Umbraco.Web.Install
return false;
}
}
+
+ ///
+ /// Override to throw exception instead of returning 401 result
+ ///
+ ///
+ protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
+ {
+ //they aren't authorized but the app has installed
+ throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized, "You must login to view this resource.");
+ }
- public override void OnAuthorization(AuthorizationContext filterContext)
- {
- Mandate.ParameterNotNull(filterContext, "filterContext");
- if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
- throw new InvalidOperationException("Cannot use UmbracoInstallAuthorizeAttribute on a child action");
- if (AuthorizeCore(filterContext.HttpContext))
- {
- //with a little help from dotPeek... this is what it normally would do
- var cache = filterContext.HttpContext.Response.Cache;
- cache.SetProxyMaxAge(new TimeSpan(0L));
- cache.AddValidationCallback(CacheValidateHandler, null);
- }
- else
- {
- //they aren't authorized but the app has installed
- throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized,
- "You must login to view this resource.");
- }
- }
-
- private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
- {
- validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
- }
}
}
\ No newline at end of file
diff --git a/src/Umbraco.Web/Mvc/SurfaceAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/MemberAuthorizeAttribute.cs
similarity index 72%
rename from src/Umbraco.Web/Mvc/SurfaceAuthorizeAttribute.cs
rename to src/Umbraco.Web/Mvc/MemberAuthorizeAttribute.cs
index ebf6e80053..ce2462820a 100644
--- a/src/Umbraco.Web/Mvc/SurfaceAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/MemberAuthorizeAttribute.cs
@@ -1,16 +1,18 @@
-using System.Linq;
+using System;
+using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
+using Umbraco.Core;
using umbraco.cms.businesslogic.member;
namespace Umbraco.Web.Mvc
{
///
- /// "Base-like" attribute for attributing surface controller actions to restrict them
+ /// Attribute for attributing controller actions to restrict them
/// to just authenticated members, and optionally of a particular type and/or group
///
- public class SurfaceAuthorizeAttribute : ActionFilterAttribute
+ public class MemberAuthorizeAttribute : AuthorizeAttribute
{
///
/// Flag for whether to allow all site visitors or just authenticated members
@@ -32,10 +34,10 @@ namespace Umbraco.Web.Mvc
///
public string AllowMembers { get; set; }
- public override void OnActionExecuting(ActionExecutingContext filterContext)
+ protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// Allow by default
- bool allowAction = true;
+ var allowAction = true;
// If not set to allow all, need to check current loggined in member
if (!AllowAll)
@@ -60,7 +62,7 @@ namespace Umbraco.Web.Mvc
if (allowAction && !string.IsNullOrEmpty(AllowGroup))
{
// Allow only if member's type is in list
- var groups = Roles.GetRolesForUser(member.LoginName);
+ var groups = System.Web.Security.Roles.GetRolesForUser(member.LoginName);
allowAction = groups.Select(s => s.ToLower()).Intersect(AllowGroup.ToLower().Split(',')).Any();
}
@@ -72,12 +74,17 @@ namespace Umbraco.Web.Mvc
}
}
}
-
- // If not allowed, throw 403 exception
- if (!allowAction)
- {
- throw new HttpException(403, "Resource restricted: either member is not logged on or is not of a permitted type or group.");
- }
+ return allowAction;
}
+
+ ///
+ /// Override method to throw exception instead of returning a 401 result
+ ///
+ ///
+ protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
+ {
+ throw new HttpException(403, "Resource restricted: either member is not logged on or is not of a permitted type or group.");
+ }
+
}
}
diff --git a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
index d357dead13..b7c57e2b7d 100644
--- a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
@@ -34,12 +34,9 @@ namespace Umbraco.Web.Mvc
///
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
- if (httpContext == null)
- {
- throw new ArgumentNullException("httpContext");
- }
-
- try
+ if (httpContext == null) throw new ArgumentNullException("httpContext");
+
+ try
{
//we need to that the app is configured and that a user is logged in
if (!_applicationContext.IsConfigured)
@@ -53,32 +50,14 @@ namespace Umbraco.Web.Mvc
}
}
- ///
- /// Override the OnAuthorization so that we can return a custom response.
- ///
- ///
- public override void OnAuthorization(AuthorizationContext filterContext)
- {
- Mandate.ParameterNotNull(filterContext, "filterContext");
- if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
- throw new InvalidOperationException("Cannot use " + typeof(UmbracoAuthorizeAttribute).FullName + " on a child action");
- if (AuthorizeCore(filterContext.HttpContext))
- {
- //with a little help from dotPeek... this is what it normally would do
- var cache = filterContext.HttpContext.Response.Cache;
- cache.SetProxyMaxAge(new TimeSpan(0L));
- cache.AddValidationCallback(CacheValidateHandler, null);
- }
- else
- {
- //they aren't authorized
- throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized, "You must login to view this resource.");
- }
- }
+ ///
+ /// Override to throw exception instead of returning a 401 result
+ ///
+ ///
+ protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
+ {
+ throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized, "You must login to view this resource.");
+ }
- private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
- {
- validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
- }
}
}
\ No newline at end of file
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 59d980572b..ea92ff5f6f 100644
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -319,11 +319,9 @@
-
- Code
+
-