using System; using System.Collections.Generic; using System.Web.Mvc; using Website.Security; namespace Website.Controllers { public class MembersController : ControllerBase { private readonly IAuthenticationProvider authenticationProvider; private readonly IRoleProvider roleProvider; protected virtual bool UserAuthenticated { get { return ControllerContext.HttpContext.User.Identity.IsAuthenticated; } } public MembersController() { authenticationProvider = Container.Resolve(); roleProvider = Container.Resolve(); } public MembersController(IAuthenticationProvider authenticationProvider, IRoleProvider roleProvider) { this.authenticationProvider = authenticationProvider; this.roleProvider = roleProvider; } public ActionResult Login(string username, string password, string redirectUrl) { ViewData["username"] = username; ViewData["password"] = password; ViewData["redirectUrl"] = redirectUrl; return View("Login"); } public ActionResult Logout() { if (UserAuthenticated) authenticationProvider.SignOut(); return View("Logout"); } public ActionResult Authenticate(string username, string password, string redirectUrl) { ActionResult result; // If they authenticate successfully, go ahead and redirect // them to their desired location or the homepage if (authenticationProvider.Authenticate(username, password)) { authenticationProvider.SignIn(username); var url = string.IsNullOrEmpty(redirectUrl) ? "~/" : redirectUrl; result = Redirect(url); } // Otherwise, set the error message and send 'em // back to the login page else { Error("Login failed!"); result = RedirectToAction("Login"); } return result; } //[RoleFilter(Roles = "Admin")] [SerializableViewData] public ActionResult Roles() { var roles = roleProvider.GetAllRoles(); return View("Roles", roles); } [SerializableViewData] //[RoleFilter(Roles = "Admin")] public ActionResult CreateRole(string roleName) { // make sure we have a valid role name, otherwise bail out if (string.IsNullOrEmpty(roleName)) Error("The role name can not be empty!"); else { try { // Create the role roleProvider.CreateRole(roleName); Success("Successfully created new role."); } catch(Exception ex) { Error(ex, "Error creating new role!"); } } return View("Roles"); } [SerializableViewData] //[RoleFilter(Roles = "Admin")] public ActionResult AddUsersToRole(string roleName, string usernames) { if (VerifyParameters(roleName, usernames)) { try { roleProvider.AddUsersToRoles(usernames.Split(','), new[] { roleName }); Success("Successfully added users to role {0}.", roleName); } catch (Exception ex) { Error(ex, "Error adding users to role!"); } } return View("Roles"); } [SerializableViewData] //[RoleFilter(Roles = "Admin")] public ActionResult RemoveUsersFromRole(string roleName, string usernames) { if (VerifyParameters(roleName, usernames)) { try { roleProvider.RemoveUsersFromRoles(usernames.Split(','), new[] { roleName }); Success("Successfully removing users from role {0}.", roleName); } catch(Exception ex) { Error(ex, "Error removing users from role!"); } } return View("Roles"); } private bool VerifyParameters(string roleName, string usernames) { var isValid = true; var errors = new List(); if(string.IsNullOrEmpty(roleName)) { errors.Add("Please enter a role name."); isValid = false; } if(string.IsNullOrEmpty(usernames)) { errors.Add("Please enter at least one username."); isValid = false; } if (errors.Count > 0) Error(errors); return isValid; } } }