This is an internal application that uses windows authentication. In WindowsAuthentication_Authenticate method, i am getting the logged in user from the db. If the user is not found or marked as gone then i redirect the user to an error page.
1. WindowsAuthentication_Authenticate This method executes multiple times, including css or js files referenced in the head section.
[COLOR=blue]<[/COLOR][COLOR=maroon]link[/COLOR] [COLOR=red]href[/COLOR][COLOR=blue]=[/COLOR][COLOR=blue]"[/COLOR]@[COLOR=blue]Url[/COLOR][COLOR=blue].[/COLOR][COLOR=blue]Stylesheet[/COLOR][COLOR=blue]([/COLOR][COLOR=#a31515]"Layout.css"[/COLOR][COLOR=blue])"[/COLOR] [COLOR=red]rel[/COLOR][COLOR=blue]=[/COLOR][COLOR=blue]"stylesheet"[/COLOR] [COLOR=red]type[/COLOR][COLOR=blue]=[/COLOR][COLOR=blue]"text/css"[/COLOR] [COLOR=blue]/>[/COLOR]
[COLOR=blue]<[/COLOR][COLOR=maroon]script[/COLOR] [COLOR=red]src[/COLOR][COLOR=blue]=[/COLOR][COLOR=blue]"[/COLOR]@[COLOR=blue]Url[/COLOR][COLOR=blue].[/COLOR][COLOR=blue]Script[/COLOR][COLOR=blue]([/COLOR][COLOR=#a31515]"Tools/extensions.js"[/COLOR][COLOR=blue])"[/COLOR] [COLOR=red]type[/COLOR][COLOR=blue]=[/COLOR][COLOR=blue]"text/javascript"[/COLOR][COLOR=blue]></[/COLOR][COLOR=maroon]script[/COLOR][COLOR=blue]>[/COLOR]
In this case, if i have 3 style sheets and 2 js files referenced then this method executes 6 times.
2. Session State Null
Per problem # 1 above, i don’t want to hit DB multiple times. To work around it, i tried putting the user information in a session. Here i am getting HttpContext.Current.Session is null. In web.config i don’t have any configuration regarding session.
Here is my complete code…
[COLOR=blue]protected[/COLOR] [COLOR=blue]void[/COLOR] WindowsAuthentication_Authenticate([COLOR=blue]object[/COLOR] sender, [COLOR=#2b91af]WindowsAuthenticationEventArgs[/COLOR] e)
{ [INDENT][COLOR=blue]bool[/COLOR] isUserFound = [COLOR=blue]false[/COLOR];
[COLOR=blue]bool[/COLOR] isUserGone = [COLOR=blue]false[/COLOR];
[COLOR=#2b91af]UtilityService[/COLOR] utility = [COLOR=blue]new[/COLOR][COLOR=#2b91af]UtilityService[/COLOR]();
[COLOR=blue]string[/COLOR] rawurl = [COLOR=#2b91af]HttpContext[/COLOR].Current.Request.RawUrl;
[COLOR=blue] if[/COLOR] (e.Identity.IsAuthenticated)
{ [INDENT][COLOR=blue]if[/COLOR] (userPlaceHolder == [COLOR=blue]null[/COLOR]) //local property to tackle hitting DB multiple times
{ [INDENT][COLOR=#2b91af] UserInternal[/COLOR] userInternal = utility.GetLoggedInUser(e.Identity.Name);
[COLOR=blue]if[/COLOR] (userInternal != [COLOR=blue]null[/COLOR])
{ [INDENT] userPlaceHolder = userInternal;
isUserFound = [COLOR=blue]true[/COLOR];
[COLOR=green]//TODO: check for gone, you can use userInternal or userPlaceHolder[/COLOR]
isUserGone = [COLOR=blue]false[/COLOR];
[/INDENT]}
[/INDENT]}
[COLOR=blue]else[/COLOR]
{ [INDENT] isUserFound = [COLOR=blue]true[/COLOR];
[COLOR=green]//TODO: check for gone, use userPlaceHolder[/COLOR]
isUserGone = [COLOR=blue]false[/COLOR];
[/INDENT]}
[/INDENT]}
[COLOR=green]//set the user[/COLOR]
[COLOR=blue]if[/COLOR] (isUserFound && !isUserGone)
{ [INDENT][COLOR=blue]string[/COLOR] role = [COLOR=#2b91af]String[/COLOR].IsNullOrWhiteSpace(userPlaceHolder.UserClass) ? [COLOR=#2b91af]String[/COLOR].Empty : userPlaceHolder.UserClass;
[COLOR=green]// Setting the current user and role in the Principal[/COLOR]
e.User = [COLOR=blue]new[/COLOR] System.Security.Principal.[COLOR=#2b91af]GenericPrincipal[/COLOR](e.Identity, [COLOR=blue]new[/COLOR][COLOR=blue]string[/COLOR][] { role });
[COLOR=#2b91af]HttpContext[/COLOR].Current.User = e.User;
[/INDENT]}
[COLOR=green]//handle gone and user not found[/COLOR]
[COLOR=blue]if[/COLOR] (!rawurl.LowerInvariantContains([COLOR=#2b91af]ControllerNames[/COLOR].Message) &&
!rawurl.LowerInvariantContains([COLOR=#a31515]".css"[/COLOR]) &&
!rawurl.LowerInvariantContains([COLOR=#a31515]".js"[/COLOR]) &&
!rawurl.LowerInvariantContains([COLOR=#a31515]".jpg"[/COLOR]) &&
!rawurl.LowerInvariantContains([COLOR=#a31515]".gif"[/COLOR]) &&
!rawurl.LowerInvariantContains([COLOR=#a31515]".png"[/COLOR]))
{ [INDENT][COLOR=blue]if[/COLOR] (!isUserFound || isUserGone)
{ [INDENT][COLOR=blue]string[/COLOR] url = [COLOR=#2b91af]String[/COLOR].Empty;
[COLOR=blue]if[/COLOR] (isUserGone)
url = utility.GetSiteRestrictedLink([COLOR=#2b91af]ProcessingMessagesEnum[/COLOR].UserLocked);
[COLOR=blue]else[/COLOR]
url = utility.GetSiteRestrictedLink([COLOR=#2b91af]ProcessingMessagesEnum[/COLOR].UserNotAuthorizedToViewSite); ;
[COLOR=#2b91af] HttpContext[/COLOR].Current.Response.Redirect(url);
[/INDENT]}
[/INDENT]}
[/INDENT]}