public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } _filterContext = filterContext; if (!Authenticate(filterContext.HttpContext)) { filterContext.Result = new HttpBasicUnauthorizedResult(); } else { if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null); } else { filterContext.Result = new HttpBasicUnauthorizedResult(); } } }
public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (AuthorizeCore(filterContext.HttpContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { HandleUnauthorizedRequest(filterContext); } }
public override void OnActionExecuted( ActionExecutedContext filterContext) { if (Duration < 0) { return; } HttpCachePolicyBase cache = filterContext.HttpContext .Response.Cache; if (PreventBrowserCaching) { cache.SetCacheability(HttpCacheability.NoCache); Duration = 0; } else { cache.SetCacheability(HttpCacheability.Public); } TimeSpan cacheDuration = TimeSpan.FromSeconds(Duration); cache.SetExpires(DateTime.Now.Add(cacheDuration)); cache.SetMaxAge(cacheDuration); cache.AppendCacheExtension("must-revalidate," + "proxy-revalidate"); }
public override void OnAuthorization(AuthorizationContext filterContext) { Guard.ArgumentNotNull(filterContext, nameof(filterContext)); if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException("AuthorizeAttribute can not use within Child action cache"); } if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { HandleUnauthorizedRequest(filterContext); return; } if (!filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) && !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null); } else { throw new AuthorizationException(); } } if (!_freeBirdAuthorize.IsAuthorized(filterContext, Name)) { throw new AuthorizationException(); } }
public override void OnResultExecuted(ResultExecutedContext filterContext) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetCacheability(HttpCacheability.NoCache); base.OnResultExecuted(filterContext); }
public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { var urlHelper = new UrlHelper(filterContext.RequestContext); filterContext.Result = new RedirectResult(urlHelper.Action(MVC.Accounts.LogIn(filterContext.HttpContext.Request.Url.PathAndQuery))); return; } if (!AuthorizeCore(filterContext.HttpContext)) { var urlHelper = new UrlHelper(filterContext.RequestContext); filterContext.Result = new RedirectResult(urlHelper.Action(MVC.Accounts.Unauthorized(filterContext.HttpContext.Request.Url.PathAndQuery))); return; } HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0)); cache.AddValidationCallback(CacheValidateHandler, null); }
private static void SetHeaders(BundleResponse response, BundleContext context, bool noCache) { if (context.HttpContext.Response != null) { if (response.ContentType != null) { context.HttpContext.Response.ContentType = response.ContentType; } // Do set caching headers if instrumentation mode is on if (!context.EnableInstrumentation && context.HttpContext.Response.Cache != null) { // NOTE: These caching headers were based off of what AssemblyResourceLoader does // TODO: let the bundle change the caching semantics? HttpCachePolicyBase cachePolicy = context.HttpContext.Response.Cache; if (noCache) { cachePolicy.SetCacheability(HttpCacheability.NoCache); } else { cachePolicy.SetCacheability(response.Cacheability); cachePolicy.SetOmitVaryStar(true); cachePolicy.SetExpires(DateTime.Now.AddYears(1)); cachePolicy.SetValidUntilExpires(true); cachePolicy.SetLastModified(DateTime.Now); cachePolicy.VaryByHeaders["User-Agent"] = true; // CONSIDER: Last modified logic, need to compute a hash of all the dates/ETag support } } } }
public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (AuthorizeCore(filterContext.HttpContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { if (IsLogined(filterContext.HttpContext)) { } else { var callbackUrl = Senparc.Weixin.HttpUtility.UrlUtility.GenerateOAuthCallbackUrl(filterContext.HttpContext, _oauthCallbackUrl); var state = string.Format("{0}|{1}", "FromSenparc", DateTime.Now.Ticks); var url = OAuthApi.GetAuthorizeUrl(_appId, callbackUrl, state, _oauthScope); filterContext.Result = new RedirectResult(url); } } }
/*public HashSet<string> Endings { get; set; } * * private bool ContainsEnding(string ending) { * return ending != null && Endings.Contains(ending); * }*/ public override void OnActionExecuting(ActionExecutingContext filterContext) { if (Duration.TotalMilliseconds <= 0) { return; } /* Uri url = filterContext.HttpContext.Request.Url; * string localPath = url != null * ? url.LocalPath.ToLowerInvariant() * : null; * if (string.IsNullOrEmpty(localPath)) { * return; * } * if (EnumerableValidator.IsNotNullAndNotEmpty(Endings)) { * string fileName = Path.GetFileName(localPath); * string extension = Path.GetExtension(localPath); * if (!ContainsEnding(fileName) && !ContainsEnding(extension)) { * //файл не подходит под искомую маску * return; * } * * //файл подошел под искомую маску - установить время кэша * }*/ HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetCacheability(HttpCacheability.Public); cache.SetExpires(DateTime.Now.Add(Duration)); cache.SetMaxAge(Duration); cache.AppendCacheExtension("must-revalidate, proxy-revalidate"); }
public static AuthorizationContext GetAuthorizationContext(this RequestContext @self, string controllerName, string actionName, RouteValueDictionary routeValues) { object area; string areaName = string.Empty; string key = controllerName + " " + actionName; if (routeValues != null && routeValues.TryGetValue("Area", out area)) { areaName = area.ToString(); key = areaName + " " + key; } ClaimsIdentity identity = (ClaimsIdentity)@self.HttpContext.User.Identity; HttpCachePolicyBase cachePolicy = @self.HttpContext.Response.Cache; //AuthorizationContext authorizationContext = cache.Get(key, () => AuthorizationContextFactory(@self, controllerName, actionName, areaName)); //if (authorizationContext == null) return null; //authorizationContext.RequestContext = @self; //authorizationContext.HttpContext = @self.HttpContext; //authorizationContext.Result = null; //return authorizationContext; return(null); }
/// <summary>Called when a process requests authorization.</summary> /// <param name="filterContext">The filter context, which encapsulates information for using <see cref="T:System.Web.Mvc.AuthorizeAttribute" />.</param> /// <exception cref="T:System.ArgumentNullException">The <paramref name="filterContext" /> parameter is null.</exception> public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException("AuthorizeAttribute_CannotUseWithinChildActionCache"); } bool flag = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true); if (flag) { return; } if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null); return; } this.HandleUnauthorizedRequest(filterContext); }
private void SetBundleHeaders(BundleResponse bundleResponse, BundleContext context) { if (context.HttpContext.Response == null) { return; } if (bundleResponse.ContentType != null) { context.HttpContext.Response.ContentType = bundleResponse.ContentType; } if (context.EnableInstrumentation || context.HttpContext.Response.Cache == null) { return; } HttpCachePolicyBase cache = context.HttpContext.Response.Cache; cache.SetCacheability(bundleResponse.Cacheability); cache.SetOmitVaryStar(true); cache.SetExpires(DateTime.Now.AddYears(1)); cache.SetValidUntilExpires(true); cache.SetLastModified(DateTime.Now); cache.VaryByHeaders["User-Agent"] = true; }
public override void OnActionExecuted(ActionExecutedContext filterContext) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; // 在關閉瀏覽器或者切換使用者時,刪除快取資料 (http://blog.toright.com/posts/3414/初探-http-1-1-cache-機制.html) cache.SetCacheability(HttpCacheability.Public); // 在 http response header 裡設 expire time 減少 client 送出 http request (http://fcamel-life.blogspot.tw/2010/06/http-response-header-expire-request.html) cache.SetExpires(DateTime.Now.AddDays(365)); // HTTP/1.0 // filterContext.HttpContext.Response.Cache.SetValidUntilExpires(true); cache.SetMaxAge(TimeSpan.FromDays(365)); // HTTP/1.1, Cache-Control: max-age cache.SetProxyMaxAge(TimeSpan.FromDays(365)); // HTTP/1.1, Cache-Control: s-maxage cache.SetETagFromFileDependencies(); cache.SetLastModifiedFromFileDependencies(); cache.SetAllowResponseInBrowserHistory(true); // http://stackoverflow.com/questions/6151292/httpcontext-current-response-cache-setcacheabilityhttpcacheability-nocache-not // 按下登出按鈕所需要的快取設定 //cache.SetCacheability(HttpCacheability.NoCache); //cache.SetExpires(DateTime.UtcNow.AddHours(-1)); //cache.SetNoStore(); // http://stackoverflow.com/questions/4078011/how-to-switch-off-caching-for-mvc-requests-but-not-for-static-files-in-iis7 // 關閉 Cache 功能 //cache.SetExpires(DateTime.UtcNow.AddDays(-1)); //cache.SetValidUntilExpires(false); //cache.SetRevalidation(HttpCacheRevalidation.AllCaches); //cache.SetCacheability(HttpCacheability.NoCache); //cache.SetNoStore(); }
protected virtual void SetCache(HttpResponseBase response, int cacheDuration, params string[] varyByParams) { // Cache if (cacheDuration > 0) { DateTime timestamp = DateTime.Now; HttpCachePolicyBase cache = response.Cache; int duration = cacheDuration; cache.SetCacheability(HttpCacheability.Public); cache.SetAllowResponseInBrowserHistory(true); cache.SetExpires(timestamp.AddSeconds(duration)); cache.SetMaxAge(new TimeSpan(0, 0, duration)); cache.SetValidUntilExpires(true); cache.SetLastModified(timestamp); cache.VaryByHeaders["Accept-Encoding"] = true; if (varyByParams != null) { foreach (var p in varyByParams) { cache.VaryByParams[p] = true; } } cache.SetOmitVaryStar(true); response.AddHeader("Cache-Control", string.Format("public, max-age={0}", cacheDuration)); } }
public void Apply(HttpCachePolicyBase policy) { policy.ThrowIfNull("policy"); if (!_hasPolicy) { return; } switch (_cacheability) { case HttpCacheability.NoCache: policy.SetCacheability(_allowsServerCaching == true ? HttpCacheability.ServerAndNoCache : HttpCacheability.NoCache); break; case HttpCacheability.Private: policy.SetCacheability(_allowsServerCaching == true ? HttpCacheability.ServerAndPrivate : HttpCacheability.Private); break; case HttpCacheability.Public: policy.SetCacheability(HttpCacheability.Public); break; } if (_noStore == true) { policy.SetNoStore(); } if (_noTransforms == true) { policy.SetNoTransforms(); } if (_clientCacheExpirationUtcTimestamp != null) { policy.SetExpires(_clientCacheExpirationUtcTimestamp.Value); } if (_clientCacheMaxAge != null) { policy.SetMaxAge(_clientCacheMaxAge.Value); } if (_allowResponseInBrowserHistory != null) { policy.SetAllowResponseInBrowserHistory(_allowResponseInBrowserHistory.Value); } if (_eTag != null) { policy.SetETag(_eTag); } if (_omitVaryStar != null) { policy.SetOmitVaryStar(_omitVaryStar.Value); } if (_proxyMaxAge != null) { policy.SetProxyMaxAge(_proxyMaxAge.Value); } if (_revalidation != null) { policy.SetRevalidation(_revalidation.Value); } }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } bool inherit = true; if (!filterContext.IsChildAction && !filterContext.ActionDescriptor.IsDefined(typeof(HtmlAllowedAttribute), inherit) && !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(HtmlAllowedAttribute), true)) { if (this.AuthorizeInternal(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null); } else { this.HandleNonHttpsRequest(filterContext); } } }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null); } /// This code added to support custom Unauthorized pages. else if (filterContext.HttpContext.User.Identity.IsAuthenticated) { if (NotifyUrl != null) { filterContext.Result = new RedirectResult(NotifyUrl); } else { // Redirect to Login page. HandleUnauthorizedRequest(filterContext); } } /// End of additional code else { // Redirect to Login page. HandleUnauthorizedRequest(filterContext); } }
protected virtual void HandleAuthorizedRequest(AuthorizationContext filterContext) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (!Authenticate(filterContext.HttpContext)) { // HttpCustomBasicUnauthorizedResult inherits from HttpUnauthorizedResult and does the // work of displaying the basic authentication prompt to the client filterContext.Result = new HttpCustomBasicUnauthorizedResult(); } else { // AuthorizeCore is in the base class and does the work of checking if we have // specified users or roles when we use our attribute if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { // auth failed, display login // HttpCustomBasicUnauthorizedResult inherits from HttpUnauthorizedResult and does the // work of displaying the basic authentication prompt to the client filterContext.Result = new HttpCustomBasicUnauthorizedResult(); } } }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } //if (AuthorizeCore(filterContext.HttpContext)) if (SecurityHelper.CustomAuthorizeCore(filterContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else// if (!filterContext.Controller.ControllerContext.IsChildAction) { HandleUnauthorizedRequest(filterContext); } //else //{ // filterContext.Result = new System.Web.Mvc.HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden); //} }
public override void OnAuthorization(AuthorizationContext filterContext) { if (AuthorizeCore(filterContext.HttpContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); if (!_hasPermission) { filterContext.Result = new RedirectResult("/YourHasNoPermissionUrl") } } else { filterContext.Result = new RedirectResult("/YourUnauthorizedUrl") } }
public override void ExecuteResult(ControllerContext context) { if (context == null) { throw new ArgumentNullException("context"); } HttpResponseBase response = context.HttpContext.Response; response.ClearHeaders(); response.AppendHeader("Cache-Control", "private, no-cache, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0"); response.AppendHeader("Pragma", "no-cache"); response.AppendHeader("Expires", "-1"); HttpCachePolicyBase cache = response.Cache; cache.SetCacheability(HttpCacheability.NoCache); if (string.IsNullOrEmpty(this.Filename)) { this.Filename = "output.xls"; } response.ContentType = "application/vnd.ms-excel"; response.AddHeader("Content-Disposition", "attachment;filename=" + this.Filename); if (this.ContentEncoding == null) { this.ContentEncoding = System.Text.Encoding.GetEncoding("Shift_JIS"); //this.ContentEncoding = System.Text.Encoding.UTF8; } response.ContentEncoding = this.ContentEncoding; response.BinaryWrite(Data.GetBuffer()); }
/// <summary> /// This method accepts just one parameter as AuthorizationContext which is derived from ControllerContext /// </summary> /// <param name="filterContext"></param> public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("Context"); } // This part of code is from microsoft bool isAuthorizationDisable = filterContext.ActionDescriptor.IsDefined (typeof(AllowAnonymousAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined( typeof(AllowAnonymousAttribute), inherit: true); if (isAuthorizationDisable) { return; } if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null); } else { filterContext.Result = new HttpUnauthorizedResult("Not authorized"); } }
public virtual void OnAuthorization(AuthorizationContext filterContext) { //排除验证的Action if (this.ForNotAuthorityUrl != null) { string excludeAction = filterContext.RequestContext.RouteData.GetRequiredString("action").ToUpper(); string excludeController = filterContext.RequestContext.RouteData.GetRequiredString("controller").ToUpper(); string currentUrl = "{0}/{1}".With(excludeController, excludeAction); if (this.ForNotAuthorityUrl.Any(z => z.ToUpper().Equals(currentUrl))) { return;//此Action不需要特殊验证,返回。 } } if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { var returnUrl = "{0}/WX/WeixinOAuth/MpCallback?callbackUrl={1}" .With(SiteConfig.DomainName, SiteConfig.DomainName + filterContext.HttpContext.Request.Url.PathAndQuery.ToString().UrlEncode()); var getCodeUrl = OAuthApi.GetAuthorizeUrl(SiteConfig.AppId, returnUrl, "Azure", OAuthScope.snsapi_userinfo); filterContext.Result = new RedirectResult(getCodeUrl); } }
protected void SetClientCacheHeader(DateTime?LastModified, string Etag, HttpCacheability CacheKind, bool ReValidate = true) { if (!EnableClientCache || LastModified == null && Etag == null) { return; } HttpCachePolicyBase cp = Response.Cache; cp.AppendCacheExtension("max-age=" + 3600 * MaxClientCacheAgeInHours); if (ReValidate) { cp.AppendCacheExtension("must-revalidate"); cp.AppendCacheExtension("proxy-revalidate"); } cp.SetCacheability(CacheKind); cp.SetOmitVaryStar(false); if (LastModified != null) { cp.SetLastModified(LastModified.Value); } cp.SetExpires(DateTime.UtcNow.AddHours(MaxClientCacheAgeInHours)); if (Etag != null) { cp.SetETag(Etag); } }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException(); } bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true); if (skipAuthorization) { return; } if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { HandleUnauthorizedRequest(filterContext); } }
public override void OnAuthorization(AuthorizationContext filterContext) { string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower(); string actionName = filterContext.ActionDescriptor.ActionName.ToLower(); if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (AuthorizeCore(filterContext.HttpContext)) { //if (a.Check(filterContext.HttpContext.User.Identity.GetUserId(), controllerName, actionName)) if (UserRepository.CheckAdminRole(filterContext.HttpContext.User.Identity.Name)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); } else { filterContext.Result = new RedirectResult(NotifyUrl); } } else { filterContext.Result = new RedirectResult(NotifyUrl); } }
/// <summary> /// 在需要授权时调用。 /// </summary> /// <param name="filterContext">筛选器上下文。</param> public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException("AuthorizeAttribute_CannotUseWithinChildActionCache"); } if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { return; } IFunction function = filterContext.GetExecuteFunction(ServiceProvider); AuthorizationResult result = AuthorizeCore(filterContext.HttpContext, function); if (result.ResultType != AuthorizationResultType.Allowed) { HandleUnauthorizedRequest(filterContext, result); } else { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(CacheValidateHandler, function); } }
public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { // If a child action cache block is active, we need to fail immediately, even if authorization // would have succeeded. The reason is that there's no way to hook a callback to rerun // authorization before the fragment is served from the cache, so we can't guarantee that this // filter will be re-run on subsequent requests. throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache); } if (AuthorizeCore(filterContext.HttpContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { HandleUnauthorizedRequest(filterContext); } }
/// <summary> /// Wird aufgerufen, wenn eine Autorisierung erforderlich ist. /// </summary> /// <param name="filterContext">Der Filterkontext.</param> public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException("Can't use this attribute with ChildActionCache."); } if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { return; } if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(CacheValidateHandler, null); } else { HandleUnauthorizedRequest(filterContext); } }
protected virtual void SetHttpCachePolicy(HttpCachePolicyBase policy) { policy.SetCacheability(HttpCacheability.Private); policy.SetExpires(DateTime.Now.Add(CacheDuration)); policy.SetMaxAge(CacheDuration); policy.SetValidUntilExpires(true); }
internal static void OutputCache(HttpContextBase httpContext, HttpCachePolicyBase cache, int numberOfSeconds, bool sliding, IEnumerable<string> varyByParams, IEnumerable<string> varyByHeaders, IEnumerable<string> varyByContentEncodings, HttpCacheability cacheability) { cache.SetCacheability(cacheability); cache.SetExpires(httpContext.Timestamp.AddSeconds(numberOfSeconds)); cache.SetMaxAge(new TimeSpan(0, 0, numberOfSeconds)); cache.SetValidUntilExpires(true); cache.SetLastModified(httpContext.Timestamp); cache.SetSlidingExpiration(sliding); if (varyByParams != null) { foreach (var p in varyByParams) { cache.VaryByParams[p] = true; } } if (varyByHeaders != null) { foreach (var headerName in varyByHeaders) { cache.VaryByHeaders[headerName] = true; } } if (varyByContentEncodings != null) { foreach (var contentEncoding in varyByContentEncodings) { cache.VaryByContentEncodings[contentEncoding] = true; } } }
protected virtual void SetHttpCachePolicy(HttpCachePolicyBase policy, TemplateInfo info) { policy.SetCacheability(info.Cacheability); policy.SetExpires(DateTime.Now.AddMinutes(info.CacheDuration)); policy.SetMaxAge(TimeSpan.FromMinutes(info.CacheDuration)); policy.SetValidUntilExpires(true); policy.SetETagFromFileDependencies(); policy.SetLastModifiedFromFileDependencies(); }