private void HandlerUnAuthorization(AuthorizationFilterContext context, SecurityException ex)
 {
     if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
     {
         context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
         {
             StatusCode = context.HttpContext.User.Identity.IsAuthenticated
                 ? (int)System.Net.HttpStatusCode.Forbidden
                 : (int)System.Net.HttpStatusCode.Unauthorized
         };
     }
     else
     {
         context.Result = new ChallengeResult();
     }
 }
Beispiel #2
0
        public ActionResult Index()
        {
            var exHandlerFeature = HttpContext.Features.Get <IExceptionHandlerFeature>();

            var exception = exHandlerFeature != null
                                ? exHandlerFeature.Error
                                : new Exception("Unhandled exception!");

            return(View(
                       "Error",
                       new ErrorViewModel(
                           _errorInfoBuilder.BuildForException(exception),
                           exception
                           )
                       ));
        }
Beispiel #3
0
    private void HandleWrapException(ExceptionContext context)
    {
        context.HttpContext.Response.StatusCode = GetStatusCode(context);
        var unathorized = context.HttpContext.Response.StatusCode == (int)HttpStatusCode.Unauthorized;

        context.Result = new ObjectResult(
            new ApiResponse(_errorInfoBuilder.BuildForException(context.Exception, _serviceInfo?.NameVersion),
                            unathorized)
        {
            // __traceId = TracingExtensions.GetCompactTraceId()
        });

        //EventBus.Trigger(this, new AbpHandledExceptionData(context.Exception));

        //context.Exception = null; // Handled! // TODO: I'll uncomment it after a while
        context.ExceptionHandled = true;
    }
        private void HandleAndWrapException(ExceptionContext context)
        {
            if (!ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
            {
                return;
            }

            context.HttpContext.Response.StatusCode = GetStatusCode(context);

            context.Result = new ObjectResult(
                new AjaxResponse(
                    _errorInfoBuilder.BuildForException(context.Exception),
                    context.Exception is SecurityException
                    )
                );

            context.Exception = null; // Handled!
        }
Beispiel #5
0
        private void HandleAndWrapException(ExceptionContext context)
        {
            if (!IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
            {
                return;
            }

            context.HttpContext.Response.Clear();
            context.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
            context.Result = new ObjectResult(
                new AjaxResponse(
                    _errorInfoBuilder.BuildForException(context.Exception),
                    context.Exception is AbpAuthorizationException
                    )
                );

            context.Exception = null; //Handled!
        }
Beispiel #6
0
        private void HandleAndWrapException(ExceptionContext context)
        {
            if (!ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
            {
                return;
            }

            context.HttpContext.Response.StatusCode = GetStatusCode(context);

            context.Result = new ObjectResult(
                new AjaxResponse(
                    _errorInfoBuilder.BuildForException(context.Exception),
                    context.Exception is AbpAuthorizationException
                    )
                );

            EventBus.Trigger(this, new AbpHandledExceptionData(context.Exception));

            context.Exception = null; //Handled!
        }
Beispiel #7
0
        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
        {
            await next(context);

            if (IsAuthorizationExceptionStatusCode(context))
            {
                var exception = new AbpAuthorizationException(GetAuthorizationExceptionMessage(context));

                Logger.Error(exception.Message);

                await context.Response.WriteAsync(
                    JsonConvert.SerializeObject(
                        new AjaxResponse(
                            _errorInfoBuilder.BuildForException(exception),
                            true
                            )
                        )
                    );

                EventBus.Trigger(this, new AbpHandledExceptionData(exception));
            }
        }
        protected virtual void HandleAndWrapException(ExceptionContext context, WrapResultAttribute wrapResultAttribute)
        {
            if (!ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
            {
                return;
            }

            context.HttpContext.Response.StatusCode = GetStatusCode(context, wrapResultAttribute.WrapOnError);

            if (!wrapResultAttribute.WrapOnError)
            {
                return;
            }

            context.Result = new ObjectResult(
                new AjaxResponse(
                    _errorInfoBuilder.BuildForException(context.Exception)
                    )
                );

            EventBus.Trigger(this, new SharePlatformHandledExceptionData(context.Exception));

            context.Exception = null; //Handled!
        }
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            var endpoint = context?.HttpContext?.GetEndpoint();

            // Allow Anonymous skips all authorization
            if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null)
            {
                return;
            }

            if (!context.ActionDescriptor.IsControllerAction())
            {
                return;
            }

            //TODO: Avoid using try/catch, use conditional checking
            try
            {
                await _authorizationHelper.AuthorizeAsync(
                    context.ActionDescriptor.GetMethodInfo(),
                    context.ActionDescriptor.GetMethodInfo().DeclaringType
                    );
            }
            catch (AbpAuthorizationException ex)
            {
                Logger.Warn(ex.ToString(), ex);

                await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
                    {
                        StatusCode = context.HttpContext.User.Identity.IsAuthenticated
                            ? (int)System.Net.HttpStatusCode.Forbidden
                            : (int)System.Net.HttpStatusCode.Unauthorized
                    };
                }
                else
                {
                    context.Result = new ChallengeResult();
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString(), ex);

                await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
                    {
                        StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
                    };
                }
                else
                {
                    //TODO: How to return Error page?
                    context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
                }
            }
        }
Beispiel #10
0
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            // Allow Anonymous skips all authorization
            if (context.Filters.Any(item => item is IAllowAnonymousFilter))
            {
                return;
            }

            if (!context.ActionDescriptor.IsControllerAction())
            {
                return;
            }

            var wrapResultAttribute =
                AttributeHelper.GetSingleAttributeOfMemberOrDeclaringTypeOrDefault(
                    context.ActionDescriptor.GetMethodInfo(),
                    _configuration.DefaultWrapResultAttribute
                    );

            //TODO: Avoid using try/catch, use conditional checking
            try
            {
                await _authorizationHelper.AuthorizeAsync(
                    context.ActionDescriptor.GetMethodInfo(),
                    context.ActionDescriptor.GetMethodInfo().DeclaringType
                    );
            }
            catch (AbpAuthorizationException ex)
            {
                Logger.Warn(ex.ToString(), ex);

                _eventBus.Trigger(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    if (wrapResultAttribute.WrapOnError)
                    {
                        context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
                        {
                            StatusCode = context.HttpContext.User.Identity.IsAuthenticated
                                ? (int)System.Net.HttpStatusCode.Forbidden
                                : (int)System.Net.HttpStatusCode.Unauthorized
                        };
                    }
                    else
                    {
                        context.Result = new ObjectResult(_errorInfoBuilder.BuildForException(ex))
                        {
                            StatusCode = context.HttpContext.User.Identity.IsAuthenticated
                               ? (int)System.Net.HttpStatusCode.Forbidden
                               : (int)System.Net.HttpStatusCode.Unauthorized
                        };
                    }
                }
                else
                {
                    context.Result = new ChallengeResult();
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString(), ex);

                _eventBus.Trigger(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    if (wrapResultAttribute.WrapOnError)
                    {
                        context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
                        {
                            StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
                        };
                    }
                    else
                    {
                        context.Result = new ObjectResult(_errorInfoBuilder.BuildForException(ex))
                        {
                            StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
                        };
                    }
                }
                else
                {
                    //TODO: How to return Error page?
                    context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
                }
            }
        }
        public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            var endpoint = context?.HttpContext?.GetEndpoint();

            // 如果注入了 IAllowAnonymous 接口则允许所有匿名用户的请求
            // Allow Anonymous skips all authorization
            if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null)
            {
                return;
            }

            // 如果不是一个控制器方法则直接返回
            if (!context.ActionDescriptor.IsControllerAction())
            {
                return;
            }

            //TODO: Avoid using try/catch, use conditional checking
            // 开始使用 IAuthorizationHelper 对象来进行权限校验
            try
            {
                await _authorizationHelper.AuthorizeAsync(
                    context.ActionDescriptor.GetMethodInfo(),
                    context.ActionDescriptor.GetMethodInfo().DeclaringType
                    );
            }
            // 如果是未授权异常的处理逻辑
            catch (AbpAuthorizationException ex)
            {
                // 记录日志
                Logger.Warn(ex.ToString(), ex);

                // 触发异常事件
                await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));

                // 如果接口的返回类型为 ObjectResult,则采用 AjaxResponse 对象进行封装信息
                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    //context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
                    //{
                    //    StatusCode = context.HttpContext.User.Identity.IsAuthenticated
                    //        ? (int)System.Net.HttpStatusCode.Forbidden
                    //        : (int)System.Net.HttpStatusCode.Unauthorized
                    //};
                    //获取错误信息
                    var errorInfo = _errorInfoBuilder.BuildForException(ex);
                    //code设置状态码数据
                    errorInfo.Code = (context.HttpContext.User.Identity.IsAuthenticated ? (int)System.Net.HttpStatusCode.Forbidden : (int)System.Net.HttpStatusCode.Unauthorized);
                    //返回结果
                    context.Result = new ObjectResult(new AjaxResponse(errorInfo, unAuthorizedRequest: true))
                    {
                        //默认状态
                        StatusCode = (int)System.Net.HttpStatusCode.OK
                    };
                }
                else
                {
                    context.Result = new ChallengeResult();
                }
            }
            // 其他异常则显示为服务器内部异常
            catch (Exception ex)
            {
                Logger.Error(ex.ToString(), ex);

                await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    //context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
                    //{
                    //    StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
                    //};
                    //获取错误信息
                    var errorInfo = _errorInfoBuilder.BuildForException(ex);
                    errorInfo.Details = ex.Message;
                    errorInfo.Code    = (int)System.Net.HttpStatusCode.InternalServerError;
                    context.Result    = new ObjectResult(new AjaxResponse(errorInfo))
                    {
                        StatusCode = (int)System.Net.HttpStatusCode.OK
                    };
                }
                else
                {
                    //TODO: How to return Error page?
                    context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
                }
            }
        }
 protected virtual ActionResult GenerateNonJsonExceptionResult(ExceptionContext context)
 {
     return(new ViewResult
     {
         ViewName = "Error",
         MasterName = string.Empty,
         ViewData = new ViewDataDictionary <ErrorViewModel>(new ErrorViewModel(_errorInfoBuilder.BuildForException(context.Exception), context.Exception)),
         TempData = context.Controller.TempData
     });
 }
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            // Allow Anonymous skips all authorization
            if (context.Filters.Any(item => item is IAllowAnonymousFilter))
            {
                return;
            }

            if (!context.ActionDescriptor.IsControllerAction())
            {
                return;
            }

            var isWebserviceWay = false;

            if (context.HttpContext.Request.Headers.ContainsKey("requestWay") || context.HttpContext.Request.Headers["requestWay"].ToString() != "webapi")
            {
                isWebserviceWay = true;
            }

            //TODO: Avoid using try/catch, use conditional checking
            try
            {
                await _authorizationHelper.AuthorizeAsync(
                    context.ActionDescriptor.GetMethodInfo(),
                    context.ActionDescriptor.GetMethodInfo().DeclaringType
                    );
            }
            catch (AbpAuthorizationException ex)
            {
                Logger.Warn(ex.ToString(), ex);

                _eventBus.Trigger(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    if (isWebserviceWay)
                    {
                        context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.Auth_Error, "authorization failure"));
                    }
                    else
                    {
                        context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
                        {
                            StatusCode = context.HttpContext.User.Identity.IsAuthenticated? (int)System.Net.HttpStatusCode.Forbidden:(int)System.Net.HttpStatusCode.Unauthorized
                        };
                    }
                }
                else
                {
                    if (isWebserviceWay)
                    {
                        context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.Auth_Error, "authorization failure"));
                    }
                    else
                    {
                        context.Result = new ChallengeResult();
                    }
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString(), ex);

                _eventBus.Trigger(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    if (isWebserviceWay)
                    {
                        context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.SytemError, "Unknown exception"));
                    }
                    else
                    {
                        context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
                        {
                            StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
                        };
                    }
                }
                else
                {
                    if (isWebserviceWay)
                    {
                        context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.SytemError, "Unknown exception"));
                    }
                    else
                    {
                        //TODO: How to return Error page?
                        context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
                    }
                }
            }
        }