#region License
// TweetSharp
// Copyright (c) 2010 Daniel Crenna and Jason Diller
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#endregion
using System.Web.Mvc;
namespace TweetSharpMvc.Security{
/// <summary>
/// An action secured with this attribute will ensure that the UserManager holds login credentials
/// of some sort (username not null or empty), or will force a redirect to the login page.
/// This attribute is intended to replace the built in <authorization/> section of web.config
/// Using this on an Ajax call may lead to misleading results, where the Ajax call receives a
/// 200 OK result, and an HTML page rather than the JSON it was probably expecting.
/// </summary>
public class AuthorizeAgainstUserManager : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!UserManager.HasCredentials)
filterContext.Result = (new JsonResult {Data = "401 not authorized"});
}
}
}
|