Pergunta

Are there any open source solutions for .NET (prefer C# / MVC) that allow for simple lockdown and invitation system useful in a private rolling Beta scenario?

Pretty much where the user would be redirected to a splash page unless they are logged in (perhaps using Global Action Filters)...

Here are a couple similar solutions in other languages:

https://github.com/ejdraper/exclusivity (Ruby)

https://github.com/pragmaticbadger/django-privatebeta (Python)

Foi útil?

Solução

I wrote a small 'access control' filter for ASP.NET MVC that is config file driven. I can switch a flag in my web.config which will move all unregistered users to a specific page unless they specifically request the login or logout actions. You could adapt your implementation accordingly without much trouble.

Filter Attribute

public class AccessControlAttribute : AuthorizeAttribute
{
    public bool AccessControlEnabled {
        get { return AccessControlSection.Settings != null; }
    }

    public bool LockoutEnabled {
        get { return AccessControlEnabled && AccessControlSection.Settings.ForceLockout != null && AccessControlSection.Settings.ForceLockout.Enabled; }
    }

    public AccessControlAttribute() {
        if (LockoutEnabled) {
            Roles = AccessControlSection.Settings.ForceLockout.AllowRoles;
            Users = AccessControlSection.Settings.ForceLockout.AllowUsers;
        }
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
        if (filterContext.IsChildAction || ApproveLockoutAction(filterContext))
            return;

        if (LockoutEnabled && !string.IsNullOrEmpty(AccessControlSection.Settings.ForceLockout.DefaultPage)) {
            filterContext.HttpContext.Response.Redirect(AccessControlSection.Settings.ForceLockout.DefaultPage, false);
            return;
        }

        base.HandleUnauthorizedRequest(filterContext);
    }

    private static bool ApproveLockoutAction(AuthorizationContext filterContext) {
        var forceLockout = AccessControlSection.Settings.ForceLockout;
        if (forceLockout == null || !forceLockout.Enabled)
            return true;

        if (string.IsNullOrEmpty(forceLockout.LogOnUrl) || string.IsNullOrEmpty(forceLockout.LogOffUrl))
            return false;

        if (filterContext.HttpContext.Request.AppRelativeCurrentExecutionFilePath.Equals(forceLockout.LogOnUrl, StringComparison.OrdinalIgnoreCase)
            || filterContext.HttpContext.Request.AppRelativeCurrentExecutionFilePath.Equals(forceLockout.LogOffUrl, StringComparison.OrdinalIgnoreCase)) {
            return true;
        }

        return false;
    }
}

Config Handler

public class AccessControlSection : ConfigurationSection
{
    public const string SectionName = "accessControl";
    public const string ForceLockoutKeyName = "forceLockout";

    private static AccessControlSection _settings;
    public static AccessControlSection Settings {
        get {
            if (_settings == null) {
                object section = ConfigurationManager.GetSection(SectionName);
                if (section != null)
                    _settings = section as AccessControlSection;
            }
            return _settings;
        }
    }

    [ConfigurationProperty(ForceLockoutKeyName)]
    public ForceLockoutElement ForceLockout {
        get { return (ForceLockoutElement)this[ForceLockoutKeyName]; }
        set { this[ForceLockoutKeyName] = value; }
    }
}

public class ForceLockoutElement : ConfigurationElement
{
    public const string AllowRolesKeyName = "allowRoles";
    public const string AllowUsersKeyName = "allowUsers";
    public const string DefaultPageKeyName = "defaultPage";
    public const string EnabledKeyName = "enabled";
    public const string LogOnUrlKeyName = "logOnUrl";
    public const string LogOffUrlKeyName = "logOffUrl";

    [ConfigurationProperty(AllowRolesKeyName, DefaultValue = "Admin")]
    public string AllowRoles {
        get { return (string)this[AllowRolesKeyName]; }
        set { this[AllowRolesKeyName] = value; }
    }

    [ConfigurationProperty(AllowUsersKeyName)]
    public string AllowUsers {
        get { return (string)this[AllowUsersKeyName]; }
        set { this[AllowUsersKeyName] = value; }
    }

    [ConfigurationProperty(DefaultPageKeyName, DefaultValue = "~/offline.htm")]
    public string DefaultPage {
        get { return (string)this[DefaultPageKeyName]; }
        set { this[DefaultPageKeyName] = value; }
    }

    [ConfigurationProperty(LogOnUrlKeyName, DefaultValue = "~/auth/logon")]
    public string LogOnUrl {
        get { return (string)this[LogOnUrlKeyName]; }
        set { this[LogOnUrlKeyName] = value; }
    }

    [ConfigurationProperty(LogOffUrlKeyName, DefaultValue = "~/auth/logoff")]
    public string LogOffUrl {
        get { return (string)this[LogOffUrlKeyName]; }
        set { this[LogOffUrlKeyName] = value; }
    }

    [ConfigurationProperty(EnabledKeyName, DefaultValue = true)]
    public bool Enabled {
        get { return (bool)this[EnabledKeyName]; }
        set { this[EnabledKeyName] = value; }
    }

    public string[] AllowedUsersArray {
        get {
            if (string.IsNullOrEmpty(AllowUsers))
                return null;

            return AllowUsers.Split(new[] {','}, StringSplitOptions.RemoveEmptyEntries);
        }
    }

    public string[] AllowRolesArray {
        get {
            if (string.IsNullOrEmpty(AllowRoles))
                return null;

            return AllowRoles.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
        }
    }
}

Example Web.config

<configuration>
    <configSections>
        <section name="accessControl" type="MyWebsite.Config.AccessControlSection, MyWebsite" />
    </configSections>

    <accessControl>
        <forceLockout enabled="true" defaultPage="~/inviteonly.htm" 
            logOnUrl="~/logon" 
            logOffUrl="~/logoff" 
            allowRoles="Members" />
    </accessControl>

</configuration>

With the above configuration, any user who is not logged in or not a member of the role 'Members' would be redirected to '~/inviteonly.htm'. You can specify multiple allowed roles and/or users by comma-separating the values in the 'allowRoles' and 'allowUsers' attributes.

The AccessControlAttribute must be registered as a global filter or alternatively placed on a BaseController class definition to get everything working.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top