/// <summary>Called when a process requests authorization.</summary>
/// <param name="filterContext">The filter context, which encapsulates information for using <see cref="T:System.Web.Mvc.AuthorizeAttribute" />.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="filterContext" /> parameter is null.</exception>
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
throw new InvalidOperationException("AuthorizeAttribute_CannotUseWithinChildActionCache");
}
bool flag = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);
if (flag)
{
return;
}
if (this.AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null);
return;
}
this.HandleUnauthorizedRequest(filterContext);
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
//排除验证的Action
if (this.ForNotAuthorityUrl != null)
{
string excludeAction = filterContext.RequestContext.RouteData.GetRequiredString("action").ToUpper();
string excludeController = filterContext.RequestContext.RouteData.GetRequiredString("controller").ToUpper();
string currentUrl = "{0}/{1}".With(excludeController, excludeAction);
if (this.ForNotAuthorityUrl.Any(z => z.ToUpper().Equals(currentUrl)))
{
return;//此Action不需要特殊验证,返回。
}
}
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
var returnUrl = "{0}/WX/WeixinOAuth/MpCallback?callbackUrl={1}"
.With(SiteConfig.DomainName, SiteConfig.DomainName + filterContext.HttpContext.Request.Url.PathAndQuery.ToString().UrlEncode());
var getCodeUrl = OAuthApi.GetAuthorizeUrl(SiteConfig.AppId, returnUrl, "Azure", OAuthScope.snsapi_userinfo);
filterContext.Result = new RedirectResult(getCodeUrl);
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
bool inherit = true;
if (!filterContext.IsChildAction &&
!filterContext.ActionDescriptor.IsDefined(typeof(HtmlAllowedAttribute), inherit) &&
!filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(HtmlAllowedAttribute), true))
{
if (this.AuthorizeInternal(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null);
}
else
{
this.HandleNonHttpsRequest(filterContext);
}
}
}
public virtual void OnAuthentication(AuthenticationContext filterContext)
{
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
if (skipAuthorization)
{
return;
}
IUser user;
var principal = filterContext.Principal;
if (principal == null || principal.Identity == null || !principal.Identity.IsAuthenticated || !TryGetUser(principal, out user))
{
HandleUnauthorizedRequest(filterContext);
}
else
{
OnAuthenticated(filterContext, user);
}
if (filterContext.Result != null)
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "Account",
action = "Unauthorised"
})
);
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var urlHelper = new UrlHelper(filterContext.RequestContext);
filterContext.Result = new RedirectResult(urlHelper.Action(MVC.Accounts.LogIn(filterContext.HttpContext.Request.Url.PathAndQuery)));
return;
}
if (!AuthorizeCore(filterContext.HttpContext))
{
var urlHelper = new UrlHelper(filterContext.RequestContext);
filterContext.Result = new RedirectResult(urlHelper.Action(MVC.Accounts.Unauthorized(filterContext.HttpContext.Request.Url.PathAndQuery)));
return;
}
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0));
cache.AddValidationCallback(CacheValidateHandler, null);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy =
filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null);
}
/// This code added to support custom Unauthorized pages.
else if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
if (NotifyUrl != null)
{
filterContext.Result = new RedirectResult(NotifyUrl);
}
else
{
// Redirect to Login page.
HandleUnauthorizedRequest(filterContext);
}
}
/// End of additional code
else
{
// Redirect to Login page.
HandleUnauthorizedRequest(filterContext);
}
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
if (IsLogined(filterContext.HttpContext))
{
}
else
{
var callbackUrl = Senparc.Weixin.HttpUtility.UrlUtility.GenerateOAuthCallbackUrl(filterContext.HttpContext, _oauthCallbackUrl);
var state = string.Format("{0}|{1}", "FromSenparc", DateTime.Now.Ticks);
var url = OAuthApi.GetAuthorizeUrl(_appId, callbackUrl, state, _oauthScope);
filterContext.Result = new RedirectResult(url);
}
}
}
private void SetCachePolicy(AuthorizationContext context)
{
HttpCachePolicyBase policy = context.HttpContext.Response.Cache;
policy.SetProxyMaxAge(new TimeSpan(0));
policy.AddValidationCallback(CacheValidateHandler, null);
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
// auth failed, redirect to login page
filterContext.Result = new HttpUnauthorizedResult();
}
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
// If a child action cache block is active, we need to fail immediately, even if authorization
// would have succeeded. The reason is that there's no way to hook a callback to rerun
// authorization before the fragment is served from the cache, so we can't guarantee that this
// filter will be re-run on subsequent requests.
throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache);
}
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
//throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache);
}
bool skipAuthorization = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), inherit: true).Any() ||
filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), inherit: true).Any();
if (skipAuthorization)
{
return;
}
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
base.OnAuthorization(filterContext);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
//if (AuthorizeCore(filterContext.HttpContext))
if (SecurityHelper.CustomAuthorizeCore(filterContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else// if (!filterContext.Controller.ControllerContext.IsChildAction)
{
HandleUnauthorizedRequest(filterContext);
}
//else
//{
// filterContext.Result = new System.Web.Mvc.HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
//}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
if (!_hasPermission)
{
filterContext.Result = new RedirectResult("/YourHasNoPermissionUrl")
}
}
else
{
filterContext.Result = new RedirectResult("/YourUnauthorizedUrl")
}
}
/// <summary>
/// This method accepts just one parameter as AuthorizationContext which is derived from ControllerContext
/// </summary>
/// <param name="filterContext"></param>
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("Context");
}
// This part of code is from microsoft
bool isAuthorizationDisable = filterContext.ActionDescriptor.IsDefined
(typeof(AllowAnonymousAttribute), inherit: true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(
typeof(AllowAnonymousAttribute), inherit: true);
if (isAuthorizationDisable)
{
return;
}
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null);
}
else
{
filterContext.Result = new HttpUnauthorizedResult("Not authorized");
}
}
/// <summary>
/// 在需要授权时调用。
/// </summary>
/// <param name="filterContext">筛选器上下文。</param>
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
throw new InvalidOperationException("AuthorizeAttribute_CannotUseWithinChildActionCache");
}
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
IFunction function = filterContext.GetExecuteFunction(ServiceProvider);
AuthorizationResult result = AuthorizeCore(filterContext.HttpContext, function);
if (result.ResultType != AuthorizationResultType.Allowed)
{
HandleUnauthorizedRequest(filterContext, result);
}
else
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(CacheValidateHandler, function);
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!Authenticate(filterContext.HttpContext))
{
// HttpCustomBasicUnauthorizedResult inherits from HttpUnauthorizedResult and does the
// work of displaying the basic authentication prompt to the client
filterContext.Result = new HttpCustomBasicUnauthorizedResult();
}
else
{
// AuthorizeCore is in the base class and does the work of checking if we have
// specified users or roles when we use our attribute
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
// auth failed, display login
// HttpCustomBasicUnauthorizedResult inherits from HttpUnauthorizedResult and does the
// work of displaying the basic authentication prompt to the client
filterContext.Result = new HttpCustomBasicUnauthorizedResult();
}
}
}
protected virtual void HandleAuthorizedRequest(AuthorizationContext filterContext)
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
if (skipAuthorization)
{
return;
}
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
// auth failed, redirect to login page
if (filterContext.HttpContext.User.Identity.IsAuthenticated &&
_rolesSplit.Length > 0)
{
PermissaoValidar validar = new PermissaoValidar();
validar.Verificar(_rolesSplit.Select(x => (ePermissao)Enum.Parse(typeof(ePermissao), x)).ToArray());
}
if (filterContext.HttpContext.User.Identity.IsAuthenticated && filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new JsonResult
{
Data = new
{
MsgPermissoes = Validacao.Erros
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
filterContext.HttpContext.Response.StatusCode = 500;
//filterContext.HttpContext.Response.SubStatusCode = 1;
filterContext.HttpContext.Response.StatusDescription = Mensagem.Concatenar(Validacao.Erros.Select(x => x.Texto).ToList());
filterContext.HttpContext.Response.SuppressContent = false;
filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
}
else
{
filterContext.Result = new HttpUnauthorizedResult();
//string url = Validacao.QueryParamSerializer(FormsAuthentication.LoginUrl);
//filterContext.Result = new RedirectResult(url);
}
}
}
public virtual void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = filterContext.ActionDescriptor.ActionName;
List <string> UserPermissions = GetCurrentPermissions();
if (UserPermissions != null && UserPermissions.Count() > 0)
{
_userPermissionsSplit = UserPermissions.Union(_userPermissionsSplit).ToArray();
//if (!string.IsNullOrWhiteSpace(this.Permissions))
//{
// List<string> users = this.Permissions.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries).ToList();
// this.Permissions = string.Join(",", Permissions.Union(users).ToArray());
//}
//else
//{
// this.Permissions = string.Join(",", Permissions.ToArray());
//}
}
List <string> Permissions = GetPermissions(actionName, controllerName);
if (Permissions != null && Permissions.Count() > 0)
{
_permissionsSplit = Permissions.Union(_permissionsSplit).ToArray();
//if (!string.IsNullOrWhiteSpace(this.Permissions))
//{
// List<string> users = this.Permissions.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries).ToList();
// this.Permissions = string.Join(",", Permissions.Union(users).ToArray());
//}
//else
//{
// this.Permissions = string.Join(",", Permissions.ToArray());
//}
}
if (AuthorizeCore(filterContext.HttpContext))//根据验证判断进行处理
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
HandleNopermissionsResult(filterContext);
}
}
protected void SetCachePolicy(AuthorizationContext filterContext)
{
// ** IMPORTANT ** Since we're performing authorization at the action level, the
// authorization code runs after the output caching module. In the worst case this could
// allow an authorized user to cause the page to be cached, then an unauthorized user
// would later be served the cached page. We work around this by telling proxies not to
// cache the sensitive page, then we hook our custom authorization code into the caching
// mechanism so that we have the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
/// <summary>
/// Indica como será a política de cache para o contexto em questão.
/// </summary>
/// <param name="filterContext">Contexto do atributo.</param>
protected void SetCachePolicy(AuthorizationContext filterContext)
{
// ** IMPORTANTE **
// Quando estamos realizando uma autorização à nivel de action, o codigo de autorização
// roda após o modulo de caching de saída (output caching module). No pior caso, isso
// pode permitir que um usuário autorizado deixe em cache uma página, deste modo um
// usuário não autorizado poderá depois acessar a página em cache. Para poder evitar isso
// nós informamos aos proxies para não deixar em cache a página.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(TimeSpan.Zero);
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
/// <summary>
/// Called when authorization is required.
/// </summary>
/// <param name="filterContext">The filter context.</param>
public void OnAuthorization(AuthorizationContext filterContext)
{
var granted = AuthorizeCore(filterContext.HttpContext);
if (granted)
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), (object)null);
}
else
{
filterContext.Result = new HttpUnauthorizedResult();
}
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
////需要特殊验证的Action
//if (this.ForAuthorityActionsPrefix != null)
//{
// string actionName = filterContext.RequestContext.RouteData.GetRequiredString("action").ToUpper();
// if (this.ForAuthorityActionsPrefix.FirstOrDefault(p => actionName.StartsWith(p.ToUpper())) == null)
// {
// return;//此Action不需要特殊验证,返回。
// }
//}
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
//判断不能用IP直接登录
var url = filterContext.HttpContext.Request.Url.Host;
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
// auth failed, redirect to login page
//if (filterContext.RouteData.DataTokens["area"] != null
// && filterContext.RouteData.DataTokens["area"].ToString().ToUpper() == "ADMIN")
//{
// filterContext.Controller.TempData["AdminLogin"] = true;
//}
//todo: to a special page
filterContext.Result = new HttpUnauthorizedResult();
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
string auth = filterContext.HttpContext.Request.Headers["Authorization"];
if (!String.IsNullOrEmpty(auth))
{
byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", ""));
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
string username = value.Substring(0, value.IndexOf(':'));
string token = value.Substring(value.IndexOf(':') + 1);
if (Repository.ErpUserRepo.IsValidToken(new Model.ErpUser()
{
Username = username, Token = Guid.Parse(token)
}))
{
filterContext.HttpContext.User = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
filterContext.Result = new HttpStatusCodeResult(401);
}
}
else
{
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null);
}
else
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.StatusDescription = "Unauthorized";
filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", "Basic realm=\"Secure Area\"");
filterContext.HttpContext.Response.Write("401, please authenticate");
filterContext.HttpContext.Response.StatusCode = 401;
filterContext.Result = new EmptyResult();
filterContext.HttpContext.Response.End();
}
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (this.AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null);
}
else
{
this.HandleUnauthorizedRequest(filterContext);
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null);
}
else
{
filterContext.Result = new HttpUnauthorizedResult();
}
}
/*protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
* {
* OnAuthorizationx(filterContext);
* }
*
* protected override bool AuthorizeCore(HttpContextBase httpContext)
* {
* return false;
* }*/
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
string auth = filterContext.HttpContext.Request.Headers["Authorization"];
if (!String.IsNullOrEmpty(auth))
{
var userData = new UserData();
var authType = auth.ToLowerInvariant();
if (authType.StartsWith("basic "))
{
AuthWithBasic(auth, userData);
}
if (ValidateUser(userData.UserName, userData.Password))
{
filterContext.HttpContext.User = new GenericPrincipal(new GenericIdentity(userData.UserName), null);
}
else
{
if (!IsEventual)
{
filterContext.Result = new HttpStatusCodeResult(401);
}
}
}
else
{
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null);
}
else
{
//Basic auth is standard
ResponseUnauthorized(filterContext, "Basic realm=\"Secure Area\"");
}
}
}
/// <summary>
/// Called when authorization is required.
/// </summary>
/// <param name="filterContext">The filter context.</param>
public virtual void OnAuthorization([NotNull] AuthorizationContext filterContext)
{
Invariant.IsNotNull(filterContext, "filterContext");
if (filterContext.IsChildAction)
{
return;
}
if (IsAuthorized(filterContext))
{
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, filterContext);
}
else
{
HandleUnauthorized(filterContext);
}
}