Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
What is the best place for license check?
Message
De
13/04/2018 08:24:21
Naomi Nosonovsky
Wisconsin, États-Unis
 
 
À
13/04/2018 03:58:48
Viv Phillips
Hay-On-Wye, Royaume Uni
Information générale
Forum:
ASP.NET
Catégorie:
MVC
Titre:
Re: What is the best place for license check?
Versions des environnements
Environment:
C# 5.0
OS:
Windows 10
Database:
MS SQL Server
Application:
Web
Visual Studio:
Visual Studio 2017
Divers
Thread ID:
01659343
Message ID:
01659384
Vues:
31
>I'd prefer handling this in the authorization phase (assuming that a user has to log in again after a token expires). If you, or the program, makes the AciveLicense invalid during a session it would be disconcerting and annoying for a user.

Hi Viv,

I was looking yesterday at the Authorization attribute and playing with that code, but eventually had to keep it in the BaseController instead.

Here is my current code:
  /// <summary>
        /// Puts the BaseUrl and Culture into the ViewBag for all controllers
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);

            ViewBag.OperatorSession = OperatorSession;
            ViewBag.BaseUrl = BaseUrl;
            ViewBag.Culture = System.Threading.Thread.CurrentThread.CurrentUICulture.Name;

            if (ClientLicenses.ActiveClientLicense == null || !ClientLicenses.ActiveClientLicense.IsValidLicense)
            {
                ViewBag.ShowMenu = false;
                
                NotValidLicense(filterContext);
                return;
            }

            ModalMessageHelper.GetInstance().ResetAcknowledgments();
            //  CheckExpiration(); // no need to do it on every call
            //ViewBag.ModalMessageHelper = null;
            CheckAssignoThresholdViews();
        }

        private void NotValidLicense(ActionExecutingContext filterContext)
        {            
            string invalidLicensePath = "importlicenses";

            string currentUrl = Path.GetFileName(Request.Url.AbsolutePath);

            if (currentUrl.ToLower() != invalidLicensePath)
            {               
                filterContext.Result = new RedirectResult(@"~/DataMaintenance/ImportLicenses");
            }
        }
and here is what we currently have in the Authentication attribute:
public void OnAuthorization(AuthorizationContext filterContext)
        {
            var authToken = GetAuthToken(filterContext);

            if (String.IsNullOrEmpty(authToken))
            {
                NotAuthorized(filterContext);
                return;
            }

            var authenticationProvider = _authenticationProviderFactory.GetService();
            var sessionResponse = authenticationProvider.IsValidSession(authToken);

            if (sessionResponse.IsValidSession)
            {
                if (sessionResponse.MustChangePassword)
                {
                    MustChangePassword(filterContext);
                    return;
                }
                var userSession = sessionResponse.OperatorSession;
                if (_rights.Any())
                {
                    foreach (var right in _rights)
                    {
                        if (!userSession.DoesUserHaveRight(right))
                        {
                            NotAllowed(filterContext);
                        }
                    }
                }

                SetAuthTimeoutCookie(filterContext, authenticationProvider.LockTime);
            }
            else
            {
                NotAuthorized(filterContext);
            }
        }
Do you think I should have tried to hook there instead? I think I tried that first but was getting some weird behavior. What would you suggest?

Thanks again.
If it's not broken, fix it until it is.


My Blog
Précédent
Répondre
Fil
Voir

Click here to load this message in the networking platform