protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { ActionResult result = null; if (filterContext.HttpContext.Request.IsAjaxRequest()) { result = JsonManager.GetError(304, "没有获取数据的访问权限!"); } else { if (!this.IsSkipValidate(filterContext.HttpContext.Request.Url.LocalPath)) {//首页,欢迎页直接跳转登录页面 result = new HttpUnauthorizedResult(); } else { // 输出当前的结果 ContentResult contentresult = new ContentResult(); contentresult.Content = "没有页面访问权限!"; contentresult.ContentType = filterContext.HttpContext.Response.ContentType; result = contentresult; } } filterContext.Result = result ?? new HttpUnauthorizedResult(); }
private bool IsValid(int itemId, out ContentItem item, out ActionResult invalidResult) { if (_orchardServices.WorkContext.CurrentUser == null || !_orchardServices.Authorizer.Authorize(Permissions.WatchItems)) { invalidResult = new HttpUnauthorizedResult(); item = null; return(false); } item = _orchardServices.ContentManager.Get(itemId); if (item == null) { invalidResult = HttpNotFound(); return(false); } if (!_orchardServices.Authorizer.Authorize(Orchard.Core.Contents.Permissions.ViewContent)) { invalidResult = new HttpUnauthorizedResult(); return(false); } if (!item.Has <WatchablePart>()) { invalidResult = HttpNotFound(); return(false); } invalidResult = null; return(true); }
public void GivenExceptionIsEntityAccessUnauthorizedException_WhenOnException_ThenHttpUnauthorized() { EntityAccessUnauthorizedException exception = new EntityAccessUnauthorizedException(); ExceptionContext context = ControllerContextFactory.CreateExceptionContext(MockHttpContext, exception); Target.OnException(context); HttpUnauthorizedResult actual = context.Result as HttpUnauthorizedResult; Assert.IsNotNull(actual); MockHttpContext.Response.AssertWasCalled(m => m.StatusCode = 401); }
public void ExecuteResult() { // Arrange Mock<ControllerContext> mockControllerContext = new Mock<ControllerContext>(MockBehavior.Strict); mockControllerContext.ExpectSet(c => c.HttpContext.Response.StatusCode, 401).Verifiable(); HttpUnauthorizedResult result = new HttpUnauthorizedResult(); // Act result.ExecuteResult(mockControllerContext.Object); // Assert mockControllerContext.Verify(); }
public void ExecuteResult() { // Arrange Mock<ControllerContext> mockControllerContext = new Mock<ControllerContext>(); mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusCode = 401).Verifiable(); mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusDescription = "Some description").Verifiable(); HttpUnauthorizedResult result = new HttpUnauthorizedResult("Some description"); // Act result.ExecuteResult(mockControllerContext.Object); // Assert mockControllerContext.Verify(); }
public void ExecuteResult() { // Arrange Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>(MockBehavior.Strict); mockControllerContext.ExpectSet(c => c.HttpContext.Response.StatusCode, 401).Verifiable(); HttpUnauthorizedResult result = new HttpUnauthorizedResult(); // Act result.ExecuteResult(mockControllerContext.Object); // Assert mockControllerContext.Verify(); }
public void ExecuteResult() { // Arrange Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>(); mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusCode = 401).Verifiable(); mockControllerContext.SetupSet(c => c.HttpContext.Response.StatusDescription = "Some description").Verifiable(); HttpUnauthorizedResult result = new HttpUnauthorizedResult("Some description"); // Act result.ExecuteResult(mockControllerContext.Object); // Assert mockControllerContext.Verify(); }
public ActionResult Login(string txtLogin, string txtPassword) { SecurityServices serv = new SecurityServices(); Usuario user; ActionResult result = new EmptyResult(); try { user = serv.Login(txtLogin, txtPassword); if (user != null) { // Opcion 1: terminamos aca y no pedimos perfil // result = View("LoginOK", user); // Opcion 2: redirigimos a otra vista que nos permite elegir el perfil (salvo que tenga un unico perfil...) if (user.Perfiles.Count > 1) { result = View("PerfilSelect", user); } else { // Guardamos los datos de sesion en el "contexto" de la sesion establecida (similar al Context que usamos en WPF) // Session["SESION_USER"] = serv.CrearSesion(user, user.Perfiles.Single()); // creamos una nueva vista strong-typed para incorporar la Sesion result = View("LoginOK_v2", Session["SESION_USER"] as Sesion); } } else { // TODO: armar paginas de error para los casos de credenciales incorrectas o excepcion // TODO: y un controlador que ademas realice el log del problema? // result = new HttpUnauthorizedResult("Credenciales incorrectas"); } } catch (Exception ex) { // redireccionar a una pagina de error!! result = new HttpUnauthorizedResult("Estas al horno!!!"); } return(result); }
/// <summary> /// This method performs a bunch of default checks to verify that the user is allowed to proceed /// with the action it called. This will return false if the user is authorized to proceed. /// </summary> /// <param name="hierarchyId">The Id of a hierarchy ContentItem.</param> /// <returns>Returns false if the caller is authorized to proceed. Otherwise the ou ActionResult /// argument is populated with the Action the user should be redirected to.</returns> private bool ShouldRedirectForPermissions(int hierarchyId, out ActionResult redirectTo) { redirectTo = null; if (AllowedHierarchyTypes == null) { redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.Default401HierarchyMessage); return(true); } if (AllowedTerritoryTypes == null) { redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.Default401TerritoryMessage); return(true); } var hierarchyItem = _contentManager.Get(hierarchyId, VersionOptions.Latest); if (hierarchyItem == null) { redirectTo = HttpNotFound(); return(true); } var hierarchyPart = hierarchyItem.As <TerritoryHierarchyPart>(); if (hierarchyPart == null) { redirectTo = HttpNotFound(); return(true); } if (!AllowedHierarchyTypes.Any(ty => ty.Name == hierarchyItem.ContentType)) { var typeName = _contentDefinitionManager.GetTypeDefinition(hierarchyItem.ContentType).DisplayName; redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.SpecificHierarchy401Message(typeName)); return(true); } if (!AllowedTerritoryTypes.Any(ty => ty.Name == hierarchyPart.TerritoryType)) { var typeName = _contentDefinitionManager.GetTypeDefinition(hierarchyPart.TerritoryType).DisplayName; redirectTo = new HttpUnauthorizedResult(TerritoriesUtilities.SpecificTerritory401Message(typeName)); return(true); } return(false); }
public void IndexPost_AvecViewModelValideMaisPasDutilisateur_RenvoiUneHttpUnauthorizedResult() { RestaurantVoteViewModel viewModel = new RestaurantVoteViewModel { ListeDesResto = new List <RestaurantCheckBoxViewModel> { new RestaurantCheckBoxViewModel { EstSelectionne = true, Id = 2, NomEtTelephone = "Resto pinière (0102030405)" }, new RestaurantCheckBoxViewModel { EstSelectionne = false, Id = 3, NomEtTelephone = "Resto toro (0102030405)" }, } }; controleur.ValideLeModele(viewModel); HttpUnauthorizedResult view = (HttpUnauthorizedResult)controleur.Index(viewModel, idSondage); Assert.AreEqual(401, view.StatusCode); }
private bool IsArtistAUser(Gigs gigs, out ActionResult actionResult) { if (gigs == null) { { actionResult = HttpNotFound(); return(true); } } if (gigs.ArtistId != User.Identity.GetUserId()) { { actionResult = new HttpUnauthorizedResult(); return(true); } } actionResult = null; return(false); }
/// <summary> /// 获取角色信息(包括权限信息) /// </summary> /// <returns></returns> public ActionResult SetRoleFunction() { try { var edit = !string.IsNullOrWhiteSpace(Request["roleId"]); if (edit) { if (!CheckRights("UPDATEROLE")) { HttpUnauthorizedResult result = new HttpUnauthorizedResult(); return(result); } } else { if (!CheckRights("TJJS100")) { HttpUnauthorizedResult result = new HttpUnauthorizedResult(); return(result); } } var roleModel = new RoleModel(); List <AdminPermissionModel> functionList = PermissionManager.GetAllPermissions().Select(p => new AdminPermissionModel() { ParentId = p.ParentId, ParentPath = p.ParentPath, Name = p.Name, Id = p.Id, IsEnable = p.IsEnable }).ToList(); //GlobalCache.ExternalClient.QueryLowerLevelFuncitonList(); if (functionList != null) { functionList = functionList.Where(f => excludeFuncIds.Contains(f.Id) == false) .ToList(); } ViewBag.AllFunctionList = functionList; List <PermissionModel> permissions = new List <PermissionModel>(); var firstPermissions = functionList.Where(p => p.ParentId == "0"); //获取一级权限列表 if (edit) { roleModel = RoleManager.GetAdminRoleByRoleId(Request["roleId"]).Select(p => { return(new RoleModel { RoleId = p.Id, RoleName = p.Name, RoleType = p.Type, Permissions = p.Permissions?.Select(per => per.PermissionId).ToList() }); }).FirstOrDefault(); ViewBag.RoleModel = roleModel; // D101 代理管理 M101 名家管理 S101用户服务 var query = from f in functionList where f.ParentId != "0" && roleModel.Permissions.Contains(f.Id) select new AdminPermissionModel { Id = f.Id == null ? string.Empty : f.Id, Name = f.Name == null ? string.Empty : f.Name, ParentId = f.ParentId == null ? string.Empty : f.ParentId, ParentPath = f.ParentPath == null ? string.Empty : f.ParentPath, }; //查询当前角色下的所有列表权限点 foreach (var item in firstPermissions) { var per = CreatePermissionModel(item, query.ToList(), roleModel.RoleType); permissions.Add(per); GetPermissionModels(per, item, query.ToList(), functionList, roleModel.RoleType); } } else { foreach (var item in firstPermissions) { var per = CreatePermissionModel(item, null, roleModel.RoleType); permissions.Add(per); GetPermissionModels(per, item, null, functionList, roleModel.RoleType); } } ViewBag.Permissions = JsonConvert.SerializeObject(permissions); return(View()); } catch (Exception ex) { throw ex; } }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } #region 允许匿名 //如果当前控制器或操作上拥有AllowAnonymousAttribute特性,那么跳过身份验证 //比如登录操作 if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Length > 0 | filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Length > 0) { return; } #endregion #region 是否登录 if (!filterContext.HttpContext.User.Identity.IsAuthenticated)//未登录情况 { //当没有登录时,默认返回未授权结果 ActionResult result = new HttpUnauthorizedResult(); //但是如果是Ajax操作,那么需要返回一个状态值,通过脚本返回指定页面 if (filterContext.HttpContext.Request.IsAjaxRequest()) { string url = FormsAuthentication.LoginUrl; //string url = UrlHelper.GenerateUrl("Default", "Login", "Account", filterContext.RouteData.Values, RouteTable.Routes, filterContext.RequestContext, true); result = new JsonResult() { Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } filterContext.Result = result; return; } #endregion #region Session是否过期 //通过登录界面登录的时候,会创建一个临时cookie,如果有这个cookie,并且session为null,就代表session过期了,那么就可以直接返回登录页 //如果是通过免登录并且关闭过浏览器上来的用户,肯定没有这个cookie值,所以直接对session赋值,并且创建该cookie //因此不管是哪种情况,只要有该cookie并且session为null就代表session过期,可以返回登录页 //当前登录凭证信息 用户编号|用户名|角色编号|角色名称|角色等级|用户昵称|单位ID|车辆查看模式 int userID = 0; string userName = string.Empty; int roleID = 0; string roleName = string.Empty; int roleLevel = 0; string nickName = string.Empty; int strucID = 0; bool vehicleViewMode = true; try { string identity = filterContext.HttpContext.User.Identity.Name; string[] identities = identity.Split('|'); userID = Convert.ToInt32(identities[0]); //用户编号 userName = identities[1]; //用户名 roleID = Convert.ToInt32(identities[2]); //角色编号 roleName = identities[3]; roleLevel = Convert.ToInt32(identities[4]); //角色等级 nickName = identities[5]; //用户昵称 strucID = Convert.ToInt32(identities[6]); //单位ID vehicleViewMode = Convert.ToBoolean(identities[7]); //车辆查看模式 } catch { //解析Cookie出错 FormsAuthentication.SignOut(); ActionResult result = new HttpUnauthorizedResult(); if (filterContext.HttpContext.Request.IsAjaxRequest()) { string url = FormsAuthentication.LoginUrl; result = new JsonResult() { Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } filterContext.Result = result; return; } HttpCookie ck = filterContext.HttpContext.Request.Cookies["loginflag"]; //登录标识cookie Asiatek.Model.UserSessionModel currentUser = filterContext.HttpContext.Session["currentUser"] as Asiatek.Model.UserSessionModel; //存储在session中的用户信息 if (ck != null && currentUser == null) //session过期,清除cookie信息,返回登录页 { ck.Expires = DateTime.Now.AddYears(-1); filterContext.HttpContext.Response.Cookies.Add(ck); FormsAuthentication.SignOut(); ActionResult result = new HttpUnauthorizedResult(); if (filterContext.HttpContext.Request.IsAjaxRequest()) { string url = FormsAuthentication.LoginUrl; //string url = UrlHelper.GenerateUrl("Default", "Login", "Account", filterContext.RouteData.Values, RouteTable.Routes, filterContext.RequestContext, true); result = new JsonResult() { Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } filterContext.Result = result; return; } //关闭浏览器后免登录上来的用户无登录标识cookie,并且session为null,此时对session赋值,并且发送登录标识cookie else if (ck == null && currentUser == null) { //临时的登录标识cookie,关闭浏览器后消失 ck = new HttpCookie("loginflag"); ck.Expires = DateTime.MinValue; filterContext.HttpContext.Response.Cookies.Add(ck); //进行当前用户的信息绑定 currentUser = new Asiatek.Model.UserSessionModel() { UserName = userName, UserId = userID, NickName = nickName, StrucID = strucID, RoleInfo = new Asiatek.Model.RoleInfoModel() { RoleID = roleID, RoleName = roleName, RoleLevel = (Asiatek.Model.RoleLevelEnum)roleLevel }, VehicleViewMode = vehicleViewMode }; //这里查询出该用户的权限信息,赋值给currentUser对象 if (currentUser.RoleInfo.RoleLevel == Model.RoleLevelEnum.SuperAdmin) { currentUser.Functions = FunctionBLL.GetAllFunctions(); } else { currentUser.Functions = FunctionBLL.GetFunctionsByUserID(currentUser.UserId); } //重新添加回session中 filterContext.HttpContext.Session["currentUser"] = currentUser; } #endregion #region 是否是超级管理员(超级管理员拥有全部权限,可以不用验证) if (currentUser.RoleInfo.RoleLevel == RoleLevelEnum.SuperAdmin) { return; } #endregion #region 权限 #region 跳过权限 //拥有PassPremissionAttribute的可以跳过数据库权限验证 //比如有些操作中的ajax操作,这些操作完全可以跳过权限验证,比如动态刷新时间,否则权限设定处还需要将这些操作列出来赋给用户,毫无意义 if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(AsiatekPassPremissionAttribute), true).Length > 0 | filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AsiatekPassPremissionAttribute), true).Length > 0) { return; } #endregion #region 是否具有权限 //当前访问控制器名称 string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; //当前访问的操作名称 string actionName = filterContext.ActionDescriptor.ActionName; //当前访问的区域名称 没有指定区域 结果为null var routeData = filterContext.HttpContext.Request.RequestContext.RouteData; var area = routeData.DataTokens["area"]; string areaName = "DefaultArea";//默认的区域是空 我们系统默认为DefaultArea if (area != null) { areaName = area.ToString(); } #region 欢迎页无需权限 if (areaName == "DefaultArea" && controllerName == "Home" && actionName == "Welcome") { return; } #endregion #region 是否是从属功能 //当前行为具有从属特性,检查上级内容是否在用户权限中 var subAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AsiatekSubordinateFunctionAttribute), true); if (subAttributes.Length > 0) { foreach (var item in subAttributes) { AsiatekSubordinateFunctionAttribute temp = item as AsiatekSubordinateFunctionAttribute; string superiorAreaName = temp.SuperiorAreaName; string superiorControllerName = temp.SuperiorControllerName; string superiorActionName = temp.SuperiorActionName; //如果superiorControllerName或superiorControllerName是NULL,则默认为当前值 var tempQuery = from c in currentUser.Functions where c.AreaName == (superiorAreaName == null ? areaName : superiorAreaName) && c.ControllerName == (superiorControllerName == null ? controllerName : superiorControllerName) && c.ActionName == superiorActionName select c; if (tempQuery.Count() != 0)//拥有权限 { return; } } } #endregion //查询当前登录用户的权限中是否包含目前访问的区域、控制器与操作 //只有三个条件均包含才算拥有权限 var query = from c in currentUser.Functions where c.ControllerName == controllerName && c.ActionName == actionName && c.AreaName == areaName select c; if (query.Count() != 0)//拥有权限 { return; } #endregion #region 包含权限的逻辑 //不包含权限的处理 //通过Html.Action或Html.RenderAction方式执行的操作算作子操作 //子操作不能执行重定向操作 //这里返回无权限的文字显示 if (filterContext.IsChildAction) { filterContext.Result = new ContentResult() { Content = Resource.UIText.NoPermission }; return; } //处理操作为Ajax操作 if (filterContext.HttpContext.Request.IsAjaxRequest()) { //没有权限的话,对于Ajax方法,返回一个json值,前端通过该值决定返回到哪个URL //这里返回无权限页面 string url = UrlHelper.GenerateUrl("Default", "UnAuth", "Account", filterContext.RouteData.Values, RouteTable.Routes, filterContext.RequestContext, true); filterContext.Result = new JsonResult() { Data = new { AsiatekError = true, Url = url, Message = string.Empty }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; return; } //普通操作,将用户重定向到无权限页面 RouteValueDictionary rvd = new RouteValueDictionary(); rvd.Add("controller", "Account"); rvd.Add("action", "UnAuth"); filterContext.Result = new RedirectToRouteResult("Default", rvd); #endregion #endregion }
// // HttpStatusUnauthorized // public HttpUnauthorizedResult Unauthorized() { var statusCode = new HttpUnauthorizedResult(); return(statusCode); }
public HttpUnauthorizedResult Unauthorized() { var httpUnauthorizedResult = new HttpUnauthorizedResult(); return(httpUnauthorizedResult); }