I have scenario: There is an employee which is in role TeamDirector. There is another one which is normal employee. Team Director is sick so he use our app to set that normal employee has all rights of TeamDirector. This information is stored in DB. In our app I use Authorize att to check access to particular controller methods.
I wrote my authorize attr to check if replaced user can access particular method. If there is replacement I want to use base class method to run authorization logic. So if actual user is replacement for another user then check if this user or user that he replaced has access to controller method. Here is a sample:
public class PARPAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
var user = ObjectFactory.GetInstance<IUsersService>().GetUser(filterContext.HttpContext.User.Identity.Name);
if(user.ReplacedUser != null)
{
base.OnAuthorization(filterContext);
if (!(filterContext.Result is HttpUnauthorizedResult))
{
filterContext.HttpContext.User = new WindowsPrincipal(new WindowsIdentity(user.ReplacedUser.Id, "NTLM"));
base.OnAuthorization(filterContext);
}
}
else
base.OnAuthorization(filterContext);
}
}
When I'm trying to create WindowsIdentity for Team Director I've got error. How to handle this? How to create WindowsIdentity and run authorization?