protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
ActionResult result = null;
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
result = JsonManager.GetError(304, "没有获取数据的访问权限!");
}
else
{
if (!this.IsSkipValidate(filterContext.HttpContext.Request.Url.LocalPath))
{//首页,欢迎页直接跳转登录页面
result = new HttpUnauthorizedResult();
}
else
{
// 输出当前的结果
ContentResult contentresult = new ContentResult();
contentresult.Content = "没有页面访问权限!";
contentresult.ContentType = filterContext.HttpContext.Response.ContentType;
result = contentresult;
}
}
filterContext.Result = result ?? new HttpUnauthorizedResult();
}
private bool IsValid(int itemId, out ContentItem item, out ActionResult invalidResult)
{
if (_orchardServices.WorkContext.CurrentUser == null || !_orchardServices.Authorizer.Authorize(Permissions.WatchItems))
{
invalidResult = new HttpUnauthorizedResult();
item = null;
return(false);
}
item = _orchardServices.ContentManager.Get(itemId);
if (item == null)
{
invalidResult = HttpNotFound();
return(false);
}
if (!_orchardServices.Authorizer.Authorize(Orchard.Core.Contents.Permissions.ViewContent))
{
invalidResult = new HttpUnauthorizedResult();
return(false);
}
if (!item.Has <WatchablePart>())
{
invalidResult = HttpNotFound();
return(false);
}
invalidResult = null;
return(true);
}
public void GivenExceptionIsEntityAccessUnauthorizedException_WhenOnException_ThenHttpUnauthorized()
{
EntityAccessUnauthorizedException exception = new EntityAccessUnauthorizedException();
ExceptionContext context = ControllerContextFactory.CreateExceptionContext(MockHttpContext, exception);
Target.OnException(context);
HttpUnauthorizedResult actual = context.Result as HttpUnauthorizedResult;
Assert.IsNotNull(actual);
MockHttpContext.Response.AssertWasCalled(m => m.StatusCode = 401);
}
public void ExecuteResult() {
// Arrange
Mock<ControllerContext> mockControllerContext = new Mock<ControllerContext>(MockBehavior.Strict);
mockControllerContext.ExpectSet(c => c.HttpContext.Response.StatusCode, 401).Verifiable();
HttpUnauthorizedResult result = new HttpUnauthorizedResult();
// Act
result.ExecuteResult(mockControllerContext.Object);
// Assert
mockControllerContext.Verify();
}
public void ExecuteResult() {
// Arrange
Mock<ControllerContext> mockControllerContext = new Mock<ControllerContext>();
mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusCode = 401).Verifiable();
mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusDescription = "Some description").Verifiable();
HttpUnauthorizedResult result = new HttpUnauthorizedResult("Some description");
// Act
result.ExecuteResult(mockControllerContext.Object);
// Assert
mockControllerContext.Verify();
}
public void ExecuteResult()
{
// Arrange
Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>(MockBehavior.Strict);
mockControllerContext.ExpectSet(c => c.HttpContext.Response.StatusCode, 401).Verifiable();
HttpUnauthorizedResult result = new HttpUnauthorizedResult();
// Act
result.ExecuteResult(mockControllerContext.Object);
// Assert
mockControllerContext.Verify();
}
public void ExecuteResult()
{
// Arrange
Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>();
mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusCode = 401).Verifiable();
mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusDescription = "Some description").Verifiable();
HttpUnauthorizedResult result = new HttpUnauthorizedResult("Some description");
// Act
result.ExecuteResult(mockControllerContext.Object);
// Assert
mockControllerContext.Verify();
}
public ActionResult Login(string txtLogin, string txtPassword)
{
SecurityServices serv = new SecurityServices();
Usuario user;
ActionResult result = new EmptyResult();
try
{
user = serv.Login(txtLogin, txtPassword);
if (user != null)
{
// Opcion 1: terminamos aca y no pedimos perfil
// result = View("LoginOK", user);
// Opcion 2: redirigimos a otra vista que nos permite elegir el perfil (salvo que tenga un unico perfil...)
if (user.Perfiles.Count > 1)
{
result = View("PerfilSelect", user);
}
else
{
// Guardamos los datos de sesion en el "contexto" de la sesion establecida (similar al Context que usamos en WPF)
//
Session["SESION_USER"] = serv.CrearSesion(user, user.Perfiles.Single());
// creamos una nueva vista strong-typed para incorporar la Sesion
result = View("LoginOK_v2", Session["SESION_USER"] as Sesion);
}
}
else
{
// TODO: armar paginas de error para los casos de credenciales incorrectas o excepcion
// TODO: y un controlador que ademas realice el log del problema?
//
result = new HttpUnauthorizedResult("Credenciales incorrectas");
}
}
catch (Exception ex)
{
// redireccionar a una pagina de error!!
result = new HttpUnauthorizedResult("Estas al horno!!!");
}
return(result);
}
/// <summary>
/// This method performs a bunch of default checks to verify that the user is allowed to proceed
/// with the action it called. This will return false if the user is authorized to proceed.
/// </summary>
/// <param name="hierarchyId">The Id of a hierarchy ContentItem.</param>
/// <returns>Returns false if the caller is authorized to proceed. Otherwise the ou ActionResult
/// argument is populated with the Action the user should be redirected to.</returns>
private bool ShouldRedirectForPermissions(int hierarchyId, out ActionResult redirectTo)
{
redirectTo = null;
if (AllowedHierarchyTypes == null)
{
redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.Default401HierarchyMessage);
return(true);
}
if (AllowedTerritoryTypes == null)
{
redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.Default401TerritoryMessage);
return(true);
}
var hierarchyItem = _contentManager.Get(hierarchyId, VersionOptions.Latest);
if (hierarchyItem == null)
{
redirectTo = HttpNotFound();
return(true);
}
var hierarchyPart = hierarchyItem.As <TerritoryHierarchyPart>();
if (hierarchyPart == null)
{
redirectTo = HttpNotFound();
return(true);
}
if (!AllowedHierarchyTypes.Any(ty => ty.Name == hierarchyItem.ContentType))
{
var typeName = _contentDefinitionManager.GetTypeDefinition(hierarchyItem.ContentType).DisplayName;
redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.SpecificHierarchy401Message(typeName));
return(true);
}
if (!AllowedTerritoryTypes.Any(ty => ty.Name == hierarchyPart.TerritoryType))
{
var typeName = _contentDefinitionManager.GetTypeDefinition(hierarchyPart.TerritoryType).DisplayName;
redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.SpecificTerritory401Message(typeName));
return(true);
}
return(false);
}
public void IndexPost_AvecViewModelValideMaisPasDutilisateur_RenvoiUneHttpUnauthorizedResult()
{
RestaurantVoteViewModel viewModel = new RestaurantVoteViewModel
{
ListeDesResto = new List <RestaurantCheckBoxViewModel>
{
new RestaurantCheckBoxViewModel {
EstSelectionne = true, Id = 2, NomEtTelephone = "Resto pinière (0102030405)"
},
new RestaurantCheckBoxViewModel {
EstSelectionne = false, Id = 3, NomEtTelephone = "Resto toro (0102030405)"
},
}
};
controleur.ValideLeModele(viewModel);
HttpUnauthorizedResult view = (HttpUnauthorizedResult)controleur.Index(viewModel, idSondage);
Assert.AreEqual(401, view.StatusCode);
}
private bool IsArtistAUser(Gigs gigs, out ActionResult actionResult)
{
if (gigs == null)
{
{
actionResult = HttpNotFound();
return(true);
}
}
if (gigs.ArtistId != User.Identity.GetUserId())
{
{
actionResult = new HttpUnauthorizedResult();
return(true);
}
}
actionResult = null;
return(false);
}
/// <summary>
/// 获取角色信息(包括权限信息)
/// </summary>
/// <returns></returns>
public ActionResult SetRoleFunction()
{
try
{
var edit = !string.IsNullOrWhiteSpace(Request["roleId"]);
if (edit)
{
if (!CheckRights("UPDATEROLE"))
{
HttpUnauthorizedResult result = new HttpUnauthorizedResult();
return(result);
}
}
else
{
if (!CheckRights("TJJS100"))
{
HttpUnauthorizedResult result = new HttpUnauthorizedResult();
return(result);
}
}
var roleModel = new RoleModel();
List <AdminPermissionModel> functionList = PermissionManager.GetAllPermissions().Select(p => new AdminPermissionModel()
{
ParentId = p.ParentId,
ParentPath = p.ParentPath,
Name = p.Name,
Id = p.Id,
IsEnable = p.IsEnable
}).ToList(); //GlobalCache.ExternalClient.QueryLowerLevelFuncitonList();
if (functionList != null)
{
functionList = functionList.Where(f => excludeFuncIds.Contains(f.Id) == false)
.ToList();
}
ViewBag.AllFunctionList = functionList;
List <PermissionModel> permissions = new List <PermissionModel>();
var firstPermissions = functionList.Where(p => p.ParentId == "0"); //获取一级权限列表
if (edit)
{
roleModel = RoleManager.GetAdminRoleByRoleId(Request["roleId"]).Select(p =>
{
return(new RoleModel
{
RoleId = p.Id,
RoleName = p.Name,
RoleType = p.Type,
Permissions = p.Permissions?.Select(per => per.PermissionId).ToList()
});
}).FirstOrDefault();
ViewBag.RoleModel = roleModel;
// D101 代理管理 M101 名家管理 S101用户服务
var query = from f in functionList
where f.ParentId != "0" && roleModel.Permissions.Contains(f.Id)
select new AdminPermissionModel
{
Id = f.Id == null ? string.Empty : f.Id,
Name = f.Name == null ? string.Empty : f.Name,
ParentId = f.ParentId == null ? string.Empty : f.ParentId,
ParentPath = f.ParentPath == null ? string.Empty : f.ParentPath,
}; //查询当前角色下的所有列表权限点
foreach (var item in firstPermissions)
{
var per = CreatePermissionModel(item, query.ToList(), roleModel.RoleType);
permissions.Add(per);
GetPermissionModels(per, item, query.ToList(), functionList, roleModel.RoleType);
}
}
else
{
foreach (var item in firstPermissions)
{
var per = CreatePermissionModel(item, null, roleModel.RoleType);
permissions.Add(per);
GetPermissionModels(per, item, null, functionList, roleModel.RoleType);
}
}
ViewBag.Permissions = JsonConvert.SerializeObject(permissions);
return(View());
}
catch (Exception ex)
{
throw ex;
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
#region 允许匿名
//如果当前控制器或操作上拥有AllowAnonymousAttribute特性,那么跳过身份验证
//比如登录操作
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Length > 0 |
filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Length > 0)
{
return;
}
#endregion
#region 是否登录
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)//未登录情况
{
//当没有登录时,默认返回未授权结果
ActionResult result = new HttpUnauthorizedResult();
//但是如果是Ajax操作,那么需要返回一个状态值,通过脚本返回指定页面
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
string url = FormsAuthentication.LoginUrl;
//string url = UrlHelper.GenerateUrl("Default", "Login", "Account", filterContext.RouteData.Values, RouteTable.Routes, filterContext.RequestContext, true);
result = new JsonResult()
{
Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
filterContext.Result = result;
return;
}
#endregion
#region Session是否过期
//通过登录界面登录的时候,会创建一个临时cookie,如果有这个cookie,并且session为null,就代表session过期了,那么就可以直接返回登录页
//如果是通过免登录并且关闭过浏览器上来的用户,肯定没有这个cookie值,所以直接对session赋值,并且创建该cookie
//因此不管是哪种情况,只要有该cookie并且session为null就代表session过期,可以返回登录页
//当前登录凭证信息 用户编号|用户名|角色编号|角色名称|角色等级|用户昵称|单位ID|车辆查看模式
int userID = 0;
string userName = string.Empty;
int roleID = 0;
string roleName = string.Empty;
int roleLevel = 0;
string nickName = string.Empty;
int strucID = 0;
bool vehicleViewMode = true;
try
{
string identity = filterContext.HttpContext.User.Identity.Name;
string[] identities = identity.Split('|');
userID = Convert.ToInt32(identities[0]); //用户编号
userName = identities[1]; //用户名
roleID = Convert.ToInt32(identities[2]); //角色编号
roleName = identities[3];
roleLevel = Convert.ToInt32(identities[4]); //角色等级
nickName = identities[5]; //用户昵称
strucID = Convert.ToInt32(identities[6]); //单位ID
vehicleViewMode = Convert.ToBoolean(identities[7]); //车辆查看模式
}
catch
{
//解析Cookie出错
FormsAuthentication.SignOut();
ActionResult result = new HttpUnauthorizedResult();
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
string url = FormsAuthentication.LoginUrl;
result = new JsonResult()
{
Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
filterContext.Result = result;
return;
}
HttpCookie ck = filterContext.HttpContext.Request.Cookies["loginflag"]; //登录标识cookie
Asiatek.Model.UserSessionModel currentUser = filterContext.HttpContext.Session["currentUser"] as Asiatek.Model.UserSessionModel; //存储在session中的用户信息
if (ck != null && currentUser == null) //session过期,清除cookie信息,返回登录页
{
ck.Expires = DateTime.Now.AddYears(-1);
filterContext.HttpContext.Response.Cookies.Add(ck);
FormsAuthentication.SignOut();
ActionResult result = new HttpUnauthorizedResult();
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
string url = FormsAuthentication.LoginUrl;
//string url = UrlHelper.GenerateUrl("Default", "Login", "Account", filterContext.RouteData.Values, RouteTable.Routes, filterContext.RequestContext, true);
result = new JsonResult()
{
Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
filterContext.Result = result;
return;
}
//关闭浏览器后免登录上来的用户无登录标识cookie,并且session为null,此时对session赋值,并且发送登录标识cookie
else if (ck == null && currentUser == null)
{
//临时的登录标识cookie,关闭浏览器后消失
ck = new HttpCookie("loginflag");
ck.Expires = DateTime.MinValue;
filterContext.HttpContext.Response.Cookies.Add(ck);
//进行当前用户的信息绑定
currentUser = new Asiatek.Model.UserSessionModel()
{
UserName = userName,
UserId = userID,
NickName = nickName,
StrucID = strucID,
RoleInfo = new Asiatek.Model.RoleInfoModel()
{
RoleID = roleID,
RoleName = roleName,
RoleLevel = (Asiatek.Model.RoleLevelEnum)roleLevel
},
VehicleViewMode = vehicleViewMode
};
//这里查询出该用户的权限信息,赋值给currentUser对象
if (currentUser.RoleInfo.RoleLevel == Model.RoleLevelEnum.SuperAdmin)
{
currentUser.Functions = FunctionBLL.GetAllFunctions();
}
else
{
currentUser.Functions = FunctionBLL.GetFunctionsByUserID(currentUser.UserId);
}
//重新添加回session中
filterContext.HttpContext.Session["currentUser"] = currentUser;
}
#endregion
#region 是否是超级管理员(超级管理员拥有全部权限,可以不用验证)
if (currentUser.RoleInfo.RoleLevel == RoleLevelEnum.SuperAdmin)
{
return;
}
#endregion
#region 权限
#region 跳过权限
//拥有PassPremissionAttribute的可以跳过数据库权限验证
//比如有些操作中的ajax操作,这些操作完全可以跳过权限验证,比如动态刷新时间,否则权限设定处还需要将这些操作列出来赋给用户,毫无意义
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(AsiatekPassPremissionAttribute), true).Length > 0 |
filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AsiatekPassPremissionAttribute), true).Length > 0)
{
return;
}
#endregion
#region 是否具有权限
//当前访问控制器名称
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
//当前访问的操作名称
string actionName = filterContext.ActionDescriptor.ActionName;
//当前访问的区域名称 没有指定区域 结果为null
var routeData = filterContext.HttpContext.Request.RequestContext.RouteData;
var area = routeData.DataTokens["area"];
string areaName = "DefaultArea";//默认的区域是空 我们系统默认为DefaultArea
if (area != null)
{
areaName = area.ToString();
}
#region 欢迎页无需权限
if (areaName == "DefaultArea" && controllerName == "Home" && actionName == "Welcome")
{
return;
}
#endregion
#region 是否是从属功能
//当前行为具有从属特性,检查上级内容是否在用户权限中
var subAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AsiatekSubordinateFunctionAttribute), true);
if (subAttributes.Length > 0)
{
foreach (var item in subAttributes)
{
AsiatekSubordinateFunctionAttribute temp = item as AsiatekSubordinateFunctionAttribute;
string superiorAreaName = temp.SuperiorAreaName;
string superiorControllerName = temp.SuperiorControllerName;
string superiorActionName = temp.SuperiorActionName;
//如果superiorControllerName或superiorControllerName是NULL,则默认为当前值
var tempQuery = from c in currentUser.Functions
where
c.AreaName == (superiorAreaName == null ? areaName : superiorAreaName) &&
c.ControllerName == (superiorControllerName == null ? controllerName : superiorControllerName) &&
c.ActionName == superiorActionName
select c;
if (tempQuery.Count() != 0)//拥有权限
{
return;
}
}
}
#endregion
//查询当前登录用户的权限中是否包含目前访问的区域、控制器与操作
//只有三个条件均包含才算拥有权限
var query = from c in currentUser.Functions
where c.ControllerName == controllerName &&
c.ActionName == actionName &&
c.AreaName == areaName
select c;
if (query.Count() != 0)//拥有权限
{
return;
}
#endregion
#region 包含权限的逻辑
//不包含权限的处理
//通过Html.Action或Html.RenderAction方式执行的操作算作子操作
//子操作不能执行重定向操作
//这里返回无权限的文字显示
if (filterContext.IsChildAction)
{
filterContext.Result = new ContentResult()
{
Content = Resource.UIText.NoPermission
};
return;
}
//处理操作为Ajax操作
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
//没有权限的话,对于Ajax方法,返回一个json值,前端通过该值决定返回到哪个URL
//这里返回无权限页面
string url = UrlHelper.GenerateUrl("Default", "UnAuth", "Account", filterContext.RouteData.Values, RouteTable.Routes, filterContext.RequestContext, true);
filterContext.Result = new JsonResult()
{
Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
return;
}
//普通操作,将用户重定向到无权限页面
RouteValueDictionary rvd = new RouteValueDictionary();
rvd.Add("controller", "Account");
rvd.Add("action", "UnAuth");
filterContext.Result = new RedirectToRouteResult("Default", rvd);
#endregion
#endregion
}
//
// HttpStatusUnauthorized
//
public HttpUnauthorizedResult Unauthorized()
{
var statusCode = new HttpUnauthorizedResult();
return(statusCode);
}
public HttpUnauthorizedResult Unauthorized()
{
var httpUnauthorizedResult = new HttpUnauthorizedResult();
return(httpUnauthorizedResult);
}
