public async Task OnPageHandlerExecutionAsync(PageHandlerExecutingContext context, PageHandlerExecutionDelegate next)
        {
            //在调用处理程序方法前,但在模型绑定结束后,进行异步调用。

            //context.ActionDescriptor.FilterDescriptors
            var authenticateResult = await context.HttpContext.AuthenticateAsync(AdminAuthorizeAttribute.AuthenticationScheme);

            if (authenticateResult.Succeeded && !context.Filters.Any(_ => _ is AllowAnonymousFilter))
            {
                AdminPageModelBase adminPageModel = context.HandlerInstance as AdminPageModelBase;
                //adminPageModel.SysMenuDtos = await _sysMenuService.GetMenuTreeDtoByCacheAsync();
                adminPageModel.AdminWorkContext = _adminWorkContextProvider.GetAdminWorkContext();

                bool hasPageRoute = context.RouteData.Values.TryGetValue("page", out object page);
                bool hasAreaRoute = context.RouteData.Values.TryGetValue("area", out object area);

                bool hasRight = hasPageRoute && hasAreaRoute;
                if (hasRight)
                {
                    var url = context.HttpContext.Request.Path; /*.GetEncodedPathAndQuery()*/;
                    hasRight = await _sysPermissionService.HasPermissionAsync(url /*string.Concat("/", area, page)*/);
                }

                if (!hasRight /*&& !(adminPageModel is Pages.IndexModel)*/)
                {
                    IActionResult actionResult = new Microsoft.AspNetCore.Mvc.RedirectResult("/Admin/Forbidden");
                    //跳出
                    if (context.HttpContext.Request.Headers.TryGetValue("x-requested-with", out Microsoft.Extensions.Primitives.StringValues strings))
                    {
                        if (strings.Contains("XMLHttpRequest"))
                        {
                            actionResult = new JsonResult(new AjaxReturnModel()
                            {
                                Success = false, Msg = "您没有权限访问"
                            })
                            {
                                StatusCode = 401
                            };
                        }
                    }
                    context.Result = actionResult;
                    return;//If an IAsyncPageFilter provides a result value by setting the Result property of PageHandlerExecutingContext to a non-null value, then it cannot call the next filter by invoking PageHandlerExecutionDelegate.
                }
            }
            await next.Invoke();
        }
Exemple #2
0
        public override async Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            //context.ActionDescriptor.FilterDescriptors
            var authenticateResult = await context.HttpContext.AuthenticateAsync(AdminAuthorizeAttribute.AuthenticationScheme);

            if (authenticateResult.Succeeded && !context.Filters.Any(_ => _ is AllowAnonymousFilter))
            {
                AdminPageModelBase adminPageModel = context.Controller as AdminPageModelBase;
                //adminPageModel.SysMenuDtos = await _sysMenuService.GetMenuTreeDtoByCacheAsync();
                adminPageModel.AdminWorkContext = _adminWorkContextProvider.GetAdminWorkContext();

                bool hasPageRoute = context.RouteData.Values.TryGetValue("page", out object page);
                bool hasAreaRoute = context.RouteData.Values.TryGetValue("area", out object area);
                bool hasRight     = hasPageRoute && hasAreaRoute;
                if (hasRight)
                {
                    hasRight = await _sysPermissionService.HasPermissionAsync(string.Concat("/", area, page));
                }

                if (!hasRight /*&& !(adminPageModel is Pages.IndexModel)*/)
                {
                    IActionResult actionResult = new Microsoft.AspNetCore.Mvc.RedirectResult("/Admin/Forbidden");
                    //跳出
                    if (context.HttpContext.Request.Headers.TryGetValue("x-requested-with", out Microsoft.Extensions.Primitives.StringValues strings))
                    {
                        if (strings.Contains("XMLHttpRequest"))
                        {
                            actionResult = new JsonResult(new AjaxReturnModel()
                            {
                                Success = false, Msg = "您没有权限访问"
                            })
                            {
                                StatusCode = 401
                            };
                        }
                    }
                    context.Result = actionResult;
                }
            }
            await base.OnResultExecutionAsync(context, next);
        }