private void HandlerUnAuthorization(AuthorizationFilterContext context, SecurityException ex)
{
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
{
StatusCode = context.HttpContext.User.Identity.IsAuthenticated
? (int)System.Net.HttpStatusCode.Forbidden
: (int)System.Net.HttpStatusCode.Unauthorized
};
}
else
{
context.Result = new ChallengeResult();
}
}
public ActionResult Index()
{
var exHandlerFeature = HttpContext.Features.Get <IExceptionHandlerFeature>();
var exception = exHandlerFeature != null
? exHandlerFeature.Error
: new Exception("Unhandled exception!");
return(View(
"Error",
new ErrorViewModel(
_errorInfoBuilder.BuildForException(exception),
exception
)
));
}
private void HandleWrapException(ExceptionContext context)
{
context.HttpContext.Response.StatusCode = GetStatusCode(context);
var unathorized = context.HttpContext.Response.StatusCode == (int)HttpStatusCode.Unauthorized;
context.Result = new ObjectResult(
new ApiResponse(_errorInfoBuilder.BuildForException(context.Exception, _serviceInfo?.NameVersion),
unathorized)
{
// __traceId = TracingExtensions.GetCompactTraceId()
});
//EventBus.Trigger(this, new AbpHandledExceptionData(context.Exception));
//context.Exception = null; // Handled! // TODO: I'll uncomment it after a while
context.ExceptionHandled = true;
}
private void HandleAndWrapException(ExceptionContext context)
{
if (!ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
return;
}
context.HttpContext.Response.StatusCode = GetStatusCode(context);
context.Result = new ObjectResult(
new AjaxResponse(
_errorInfoBuilder.BuildForException(context.Exception),
context.Exception is SecurityException
)
);
context.Exception = null; // Handled!
}
private void HandleAndWrapException(ExceptionContext context)
{
if (!IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
return;
}
context.HttpContext.Response.Clear();
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Result = new ObjectResult(
new AjaxResponse(
_errorInfoBuilder.BuildForException(context.Exception),
context.Exception is AbpAuthorizationException
)
);
context.Exception = null; //Handled!
}
private void HandleAndWrapException(ExceptionContext context)
{
if (!ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
return;
}
context.HttpContext.Response.StatusCode = GetStatusCode(context);
context.Result = new ObjectResult(
new AjaxResponse(
_errorInfoBuilder.BuildForException(context.Exception),
context.Exception is AbpAuthorizationException
)
);
EventBus.Trigger(this, new AbpHandledExceptionData(context.Exception));
context.Exception = null; //Handled!
}
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
await next(context);
if (IsAuthorizationExceptionStatusCode(context))
{
var exception = new AbpAuthorizationException(GetAuthorizationExceptionMessage(context));
Logger.Error(exception.Message);
await context.Response.WriteAsync(
JsonConvert.SerializeObject(
new AjaxResponse(
_errorInfoBuilder.BuildForException(exception),
true
)
)
);
EventBus.Trigger(this, new AbpHandledExceptionData(exception));
}
}
protected virtual void HandleAndWrapException(ExceptionContext context, WrapResultAttribute wrapResultAttribute)
{
if (!ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
return;
}
context.HttpContext.Response.StatusCode = GetStatusCode(context, wrapResultAttribute.WrapOnError);
if (!wrapResultAttribute.WrapOnError)
{
return;
}
context.Result = new ObjectResult(
new AjaxResponse(
_errorInfoBuilder.BuildForException(context.Exception)
)
);
EventBus.Trigger(this, new SharePlatformHandledExceptionData(context.Exception));
context.Exception = null; //Handled!
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var endpoint = context?.HttpContext?.GetEndpoint();
// Allow Anonymous skips all authorization
if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null)
{
return;
}
if (!context.ActionDescriptor.IsControllerAction())
{
return;
}
//TODO: Avoid using try/catch, use conditional checking
try
{
await _authorizationHelper.AuthorizeAsync(
context.ActionDescriptor.GetMethodInfo(),
context.ActionDescriptor.GetMethodInfo().DeclaringType
);
}
catch (AbpAuthorizationException ex)
{
Logger.Warn(ex.ToString(), ex);
await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
{
StatusCode = context.HttpContext.User.Identity.IsAuthenticated
? (int)System.Net.HttpStatusCode.Forbidden
: (int)System.Net.HttpStatusCode.Unauthorized
};
}
else
{
context.Result = new ChallengeResult();
}
}
catch (Exception ex)
{
Logger.Error(ex.ToString(), ex);
await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
{
StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
};
}
else
{
//TODO: How to return Error page?
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
}
}
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
// Allow Anonymous skips all authorization
if (context.Filters.Any(item => item is IAllowAnonymousFilter))
{
return;
}
if (!context.ActionDescriptor.IsControllerAction())
{
return;
}
var wrapResultAttribute =
AttributeHelper.GetSingleAttributeOfMemberOrDeclaringTypeOrDefault(
context.ActionDescriptor.GetMethodInfo(),
_configuration.DefaultWrapResultAttribute
);
//TODO: Avoid using try/catch, use conditional checking
try
{
await _authorizationHelper.AuthorizeAsync(
context.ActionDescriptor.GetMethodInfo(),
context.ActionDescriptor.GetMethodInfo().DeclaringType
);
}
catch (AbpAuthorizationException ex)
{
Logger.Warn(ex.ToString(), ex);
_eventBus.Trigger(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
if (wrapResultAttribute.WrapOnError)
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
{
StatusCode = context.HttpContext.User.Identity.IsAuthenticated
? (int)System.Net.HttpStatusCode.Forbidden
: (int)System.Net.HttpStatusCode.Unauthorized
};
}
else
{
context.Result = new ObjectResult(_errorInfoBuilder.BuildForException(ex))
{
StatusCode = context.HttpContext.User.Identity.IsAuthenticated
? (int)System.Net.HttpStatusCode.Forbidden
: (int)System.Net.HttpStatusCode.Unauthorized
};
}
}
else
{
context.Result = new ChallengeResult();
}
}
catch (Exception ex)
{
Logger.Error(ex.ToString(), ex);
_eventBus.Trigger(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
if (wrapResultAttribute.WrapOnError)
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
{
StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
};
}
else
{
context.Result = new ObjectResult(_errorInfoBuilder.BuildForException(ex))
{
StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
};
}
}
else
{
//TODO: How to return Error page?
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
}
}
}
public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var endpoint = context?.HttpContext?.GetEndpoint();
// 如果注入了 IAllowAnonymous 接口则允许所有匿名用户的请求
// Allow Anonymous skips all authorization
if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null)
{
return;
}
// 如果不是一个控制器方法则直接返回
if (!context.ActionDescriptor.IsControllerAction())
{
return;
}
//TODO: Avoid using try/catch, use conditional checking
// 开始使用 IAuthorizationHelper 对象来进行权限校验
try
{
await _authorizationHelper.AuthorizeAsync(
context.ActionDescriptor.GetMethodInfo(),
context.ActionDescriptor.GetMethodInfo().DeclaringType
);
}
// 如果是未授权异常的处理逻辑
catch (AbpAuthorizationException ex)
{
// 记录日志
Logger.Warn(ex.ToString(), ex);
// 触发异常事件
await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));
// 如果接口的返回类型为 ObjectResult,则采用 AjaxResponse 对象进行封装信息
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
//context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
//{
// StatusCode = context.HttpContext.User.Identity.IsAuthenticated
// ? (int)System.Net.HttpStatusCode.Forbidden
// : (int)System.Net.HttpStatusCode.Unauthorized
//};
//获取错误信息
var errorInfo = _errorInfoBuilder.BuildForException(ex);
//code设置状态码数据
errorInfo.Code = (context.HttpContext.User.Identity.IsAuthenticated ? (int)System.Net.HttpStatusCode.Forbidden : (int)System.Net.HttpStatusCode.Unauthorized);
//返回结果
context.Result = new ObjectResult(new AjaxResponse(errorInfo, unAuthorizedRequest: true))
{
//默认状态
StatusCode = (int)System.Net.HttpStatusCode.OK
};
}
else
{
context.Result = new ChallengeResult();
}
}
// 其他异常则显示为服务器内部异常
catch (Exception ex)
{
Logger.Error(ex.ToString(), ex);
await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
//context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
//{
// StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
//};
//获取错误信息
var errorInfo = _errorInfoBuilder.BuildForException(ex);
errorInfo.Details = ex.Message;
errorInfo.Code = (int)System.Net.HttpStatusCode.InternalServerError;
context.Result = new ObjectResult(new AjaxResponse(errorInfo))
{
StatusCode = (int)System.Net.HttpStatusCode.OK
};
}
else
{
//TODO: How to return Error page?
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
}
}
}
protected virtual ActionResult GenerateNonJsonExceptionResult(ExceptionContext context)
{
return(new ViewResult
{
ViewName = "Error",
MasterName = string.Empty,
ViewData = new ViewDataDictionary <ErrorViewModel>(new ErrorViewModel(_errorInfoBuilder.BuildForException(context.Exception), context.Exception)),
TempData = context.Controller.TempData
});
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
// Allow Anonymous skips all authorization
if (context.Filters.Any(item => item is IAllowAnonymousFilter))
{
return;
}
if (!context.ActionDescriptor.IsControllerAction())
{
return;
}
var isWebserviceWay = false;
if (context.HttpContext.Request.Headers.ContainsKey("requestWay") || context.HttpContext.Request.Headers["requestWay"].ToString() != "webapi")
{
isWebserviceWay = true;
}
//TODO: Avoid using try/catch, use conditional checking
try
{
await _authorizationHelper.AuthorizeAsync(
context.ActionDescriptor.GetMethodInfo(),
context.ActionDescriptor.GetMethodInfo().DeclaringType
);
}
catch (AbpAuthorizationException ex)
{
Logger.Warn(ex.ToString(), ex);
_eventBus.Trigger(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
if (isWebserviceWay)
{
context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.Auth_Error, "authorization failure"));
}
else
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true))
{
StatusCode = context.HttpContext.User.Identity.IsAuthenticated? (int)System.Net.HttpStatusCode.Forbidden:(int)System.Net.HttpStatusCode.Unauthorized
};
}
}
else
{
if (isWebserviceWay)
{
context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.Auth_Error, "authorization failure"));
}
else
{
context.Result = new ChallengeResult();
}
}
}
catch (Exception ex)
{
Logger.Error(ex.ToString(), ex);
_eventBus.Trigger(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
if (isWebserviceWay)
{
context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.SytemError, "Unknown exception"));
}
else
{
context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
{
StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
};
}
}
else
{
if (isWebserviceWay)
{
context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.SytemError, "Unknown exception"));
}
else
{
//TODO: How to return Error page?
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
}
}
}
}
