public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
// If a child action cache block is active, we need to fail immediately, even if authorization
// would have succeeded. The reason is that there's no way to hook a callback to rerun
// authorization before the fragment is served from the cache, so we can't guarantee that this
// filter will be re-run on subsequent requests.
throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache);
}
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
/* var _context = _filterContext.HttpContext;
*
* //redirect if not authenticated
* if (!_context.Request.IsAuthenticated || (!string.IsNullOrWhiteSpace(SessionId) && _context.Session[SessionId] == null))
* {
* //use the current url for the redirect
* if (_context.Request.Url != null)
* {
* string _redirectOnSuccess = _context.Server.UrlEncode(_context.Request.Url.ToString());
* //send them off to the login page
* string _redirectUrl = string.Format("?ReturnUrl={0}", _redirectOnSuccess);
* string _loginUrl = System.Configuration.ConfigurationManager.AppSettings["LoginUrl"];
* _loginUrl = (!string.IsNullOrWhiteSpace(_loginUrl) ? _loginUrl : FormsAuthentication.LoginUrl) + _redirectUrl;
*
* _context.Response.Redirect(_loginUrl, true);
* }
* }*/
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
throw new InvalidOperationException("Authorize Attribute Cannot Use Within Child Action Cache");
}
ActionDescriptor actionDescriptor = filterContext.ActionDescriptor;
bool flag1 = true;
Type attributeType1 = typeof(AllowAnonymousAttribute);
int num1 = flag1 ? 1 : 0;
int num2;
if (!actionDescriptor.IsDefined(attributeType1, num1 != 0))
{
ControllerDescriptor controllerDescriptor = filterContext.ActionDescriptor.ControllerDescriptor;
bool flag2 = true;
Type attributeType2 = typeof(AllowAnonymousAttribute);
int num3 = flag2 ? 1 : 0;
num2 = controllerDescriptor.IsDefined(attributeType2, num3 != 0) ? 1 : 0;
}
else
{
num2 = 1;
}
if (num2 != 0)
{
return;
}
/* if (AuthorizeCore(filterContext.HttpContext))
* {
* HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
* cache.SetProxyMaxAge(new TimeSpan(0L));
* throw new NotImplementedException();
* }
* HandleUnauthorizedRequest(filterContext);*/
var _context = filterContext.HttpContext;
if (!_context.Request.IsAuthenticated || (!string.IsNullOrWhiteSpace(SessionId) && _context.Session[SessionId] == null))
{
//use the current url for the redirect
if (_context.Request.Url != null)
{
string _redirectOnSuccess = _context.Server.UrlEncode(_context.Request.Url.ToString());
//send them off to the login page
string _redirectUrl = string.Format("?ReturnUrl={0}", _redirectOnSuccess);
string _loginUrl = System.Configuration.ConfigurationManager.AppSettings["LoginUrl"];
_loginUrl = (!string.IsNullOrWhiteSpace(_loginUrl) ? _loginUrl : FormsAuthentication.LoginUrl) + _redirectUrl;
_context.Response.Redirect(_loginUrl, true);
}
}
}
