vgquotes/Src/VideoGameQuotes.Web/Security/SessionBasedUserProvider.cs

52 lines
1.5 KiB
C#

using System.Web;
using Portoa.Web.Security;
using Portoa.Web.Session;
using VideoGameQuotes.Api;
using VideoGameQuotes.Api.Persistence;
namespace VideoGameQuotes.Web.Security {
public class SessionBasedUserProvider : ICurrentUserProvider<User> {
private readonly IUserService userService;
private readonly ISessionStore sessionStore;
private readonly HttpContextBase httpContext;
public SessionBasedUserProvider(IUserService userService, ISessionStore sessionStore, HttpContextBase httpContext) {
this.userService = userService;
this.sessionStore = sessionStore;
this.httpContext = httpContext;
}
public User CurrentUser {
get {
var user = sessionStore["user"] as User;
if (user == null) {
//if we're logged in, then use the authenticated user (this inconsistency between cookie/session occurs when the app restarts)
if (httpContext.Request.IsAuthenticated) {
user = userService.FindByUsername(httpContext.User.Identity.Name);
} else {
//identify user by IP address
var ipAddress = httpContext.Request.UserHostAddress;
if (string.IsNullOrEmpty(ipAddress)) {
return null;
}
user = userService.FindByIpAddress(ipAddress);
if (user == null) {
user = new User {
IpAddress = ipAddress,
Group = UserGroup.User
};
user = userService.Save(user);
}
}
sessionStore["user"] = user;
}
return user;
}
}
}
}