Esempio n. 1
0
 private static ActionDescriptor GetActionDescriptor(ControllerBase controller, RouteData routeData)
 {
     var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
     var actionName = routeData.GetRequiredString("action");
     var actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
     return actionDescriptor;
 }
Esempio n. 2
0
        public static bool ActionAuthorized(this HtmlHelper htmlHelper, string actionName, string controllerName)
        {
            ControllerBase controllerBase = string.IsNullOrEmpty(controllerName)
                                                ? htmlHelper.ViewContext.Controller
                                                : htmlHelper.GetControllerByName(controllerName);
            ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext,
                                                                        controllerBase);
            ControllerDescriptor controllerDescriptor =
                new ReflectedControllerDescriptor(controllerContext.Controller.GetType());
            ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);

            if (actionDescriptor == null)
                return false;

            FilterInfo filters =
                new FilterInfo(FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor));

            AuthorizationContext authorizationContext = new AuthorizationContext(controllerContext, actionDescriptor);
            foreach (IAuthorizationFilter authorizationFilter in filters.AuthorizationFilters)
            {
                authorizationFilter.OnAuthorization(authorizationContext);
                if (authorizationContext.Result != null)
                    return false;
            }
            return true;
        }
Esempio n. 3
0
 public ActionResult Index()
 {
     ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController));
     ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction");
     IEnumerable<Filter> filters = FilterProviders.Providers.GetFilters(ControllerContext, actionDescriptor);
     return View(filters);
 }
Esempio n. 4
0
 protected virtual Type FindModelType(ControllerBase controller, string actionName)
 {
     ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
     var actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
     var qry = from p in actionDescriptor.GetParameters()
               let paramType = p.ParameterType
               where typeof(Csla.Core.IBusinessObject).IsAssignableFrom(paramType)
               select paramType;
     return qry.SingleOrDefault();
 }
Esempio n. 5
0
 public ActionResult Index()
 {
     ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController));
     ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction");
     Dictionary<ParameterDescriptor, IModelBinder> binders = new Dictionary<ParameterDescriptor, IModelBinder>();
     foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters())
     {
         binders.Add(parameterDescriptor, this.GetModelBinder(parameterDescriptor));
     }
     return View(binders);
 }
Esempio n. 6
0
        static MethodInfo GetActionMethod(HttpContextBase context, RouteData routeData, ControllerBase controller)
        {
            var actionName = routeData.Values["action"] as string;
            if (actionName == null)
                return null;

            var controllerContext = new ControllerContext(context, routeData, controller);
            var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
            var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName) as ReflectedActionDescriptor;

            return actionDescriptor?.MethodInfo;
        }
Esempio n. 7
0
        internal static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName)
        {
            var controllerToLinkTo = string.IsNullOrEmpty(controllerName)
                ? htmlHelper.ViewContext.Controller
                : GetControllerByName(htmlHelper, controllerName);

            var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo);

            var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());
            var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);

            return ActionIsAuthorized(controllerContext, actionDescriptor);
        }
Esempio n. 8
0
        /// <summary>
        /// Avoids risking things like AmbiguousMatchException, by accessing the controller and action descriptors.
        /// </summary>
        internal IEnumerable<AuthorizeAttribute> GetAuthorizeAttributes(ControllerBase controller, string actionName)
        {
            ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
            ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);

            if (actionDescriptor == null)
            {
                // if we can't find a matching action descriptor, we just issue a warning log and trim the action from the site map.
                log.Warn(Exceptions.MiniAclModule_ActionDescriptorNotFound.FormatWith(controllerDescriptor.ControllerName, actionName));
                return new AuthorizeAttribute[] { new UnauthorizedAttribute() };
            }
            IEnumerable<AuthorizeAttribute> controllerAttributes = controllerDescriptor.GetAttributes<AuthorizeAttribute>();
            IEnumerable<AuthorizeAttribute> actionAttributes = actionDescriptor.GetAttributes<AuthorizeAttribute>();

            return controllerAttributes.Concat(actionAttributes);
        }
Esempio n. 9
0
        private Boolean IsJsonResponse(ControllerContext filterContext) {
            if (filterContext is ActionExecutedContext) {
                if (((ActionExecutedContext)filterContext).Result is JsonResult || filterContext.HttpContext.Response.ContentType.ToLower() == Curl.JsonType.ToLower()) {
                    return true;
                }
            } else if (filterContext is ExceptionContext) {
                if (filterContext.HttpContext.Response.ContentType.ToLower() == Curl.JsonType.ToLower()) return true;

                var actionName = (String)filterContext.RouteData.Values["action"];
                Type controllerType = filterContext.Controller.GetType();
                ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
                var action = (ReflectedActionDescriptor)controllerDescriptor.FindAction(filterContext.Controller.ControllerContext, actionName);
                return action.MethodInfo.ReturnType == typeof(JsonResult);
            }
            return false;
        }
Esempio n. 10
0
        /// <summary>
        /// Returns true if a specific controller action exists and
        /// the user has the ability to access it.
        /// </summary>
        /// <param name="htmlHelper"></param>
        /// <param name="actionName"></param>
        /// <param name="controllerName"></param>
        /// <returns></returns>
        public static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName)
        {
            //if the controller name is empty the ASP.NET convention is:
            //"we are linking to a different controller
            ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName)
                                                    ? htmlHelper.ViewContext.Controller
                                                    : GetControllerByName(htmlHelper, controllerName);

            var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo);

            var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());

            var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);

            return ActionIsAuthorized(controllerContext, actionDescriptor);
        }
Esempio n. 11
0
        public override void OnException(ExceptionContext filterContext)
        {
            ExceptionHandlerAreaAttribute RegisteredExceptionArea = null;

            ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(filterContext.Controller.GetType());
            ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(filterContext.Controller.ControllerContext, filterContext.RouteData.Values["action"].ToString());

            if (controllerDescriptor.IsDefined(typeof(ExceptionHandlerAreaAttribute), true))
                RegisteredExceptionArea = controllerDescriptor.GetCustomAttributes(typeof(ExceptionHandlerAreaAttribute), true).First() as ExceptionHandlerAreaAttribute;
            else if (actionDescriptor != null && actionDescriptor.IsDefined(typeof(ExceptionHandlerAreaAttribute), true))
                RegisteredExceptionArea = actionDescriptor.GetCustomAttributes(typeof(ExceptionHandlerAreaAttribute), true).First() as ExceptionHandlerAreaAttribute;

            if (RegisteredExceptionArea != null)
                Debug.WriteLine(RegisteredExceptionArea.RegisteredAreaName);

            base.OnException(filterContext);
        }
Esempio n. 12
0
        protected ActionResult InvokeAction(string actionName)
        {
            ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(this.GetType());
            ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName);
            Dictionary<string, object> parameters = new Dictionary<string, object>();
            foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters())
            {
                string modelName = parameterDescriptor.BindingInfo.Prefix?? parameterDescriptor.ParameterName;

                ModelBindingContext bindingContext = new ModelBindingContext
                {
                    FallbackToEmptyPrefix = parameterDescriptor.BindingInfo.Prefix == null,
                    ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(null, parameterDescriptor.ParameterType),
                    ModelName = modelName,
                    ModelState = ModelState,
                    ValueProvider = this.ValueProvider
                };
                parameters.Add(parameterDescriptor.ParameterName,this.ModelBinder.BindModel(ControllerContext, bindingContext));
            }
            return (ActionResult)actionDescriptor.Execute(ControllerContext,parameters);
        }
Esempio n. 13
0
 public static object InvokeAction(this Controller controller, string actionName)
 {
     IModelBinder modelBinder = new MyDefaultModelBinder();
     ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
     ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
     Dictionary<string, object> arguments = new Dictionary<string, object>();
     foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters())
     {
         string modelName = parameterDescriptor.BindingInfo.Prefix ?? parameterDescriptor.ParameterName;
         ModelBindingContext bindingContext = new ModelBindingContext
         {
             FallbackToEmptyPrefix = parameterDescriptor.BindingInfo.Prefix == null,
             ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(null, parameterDescriptor.ParameterType),
             ModelName = modelName,
             ModelState = controller.ModelState,
             ValueProvider = controller.ValueProvider
         };
         object argument = modelBinder.BindModel(controller.ControllerContext, bindingContext);
         arguments.Add(parameterDescriptor.ParameterName, argument);
     }
     return actionDescriptor.Execute(controller.ControllerContext, arguments);
 }
Esempio n. 14
0
        /// <summary>
        /// Determines if specified action is accessible to current user.
        /// </summary>
        /// <param name="htmlHelper">HtmlHelper object.</param>
        /// <param name="actionName">Action name to test.</param>
        /// <param name="controllerBase">Controller to test.</param>
        /// <returns>True/false if action is accessible to current user.</returns>
        private static bool ActionIsAccessibleToUser(this HtmlHelper htmlHelper, string actionName, ControllerBase controllerBase)
        {
            // Get controller context.
            var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerBase);

            // Get controller descriptor.
            var controllerDescriptor = new ReflectedControllerDescriptor(controllerBase.GetType());

            // Get action descriptor.
            var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);

            // Check on authorization.
            return ActionIsAuthorized(actionDescriptor, controllerContext);
        }
Esempio n. 15
0
        /// <summary>
        ///     Find Session Attribute in the Action or Controller.
        /// </summary>
        /// <param name="controllerContext"></param>
        private SessionWrapper Initilize(ControllerContext controllerContext)
        {
            var reflectedControllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType());

            //find on Action, sessionAttribute 's priority on action is heiher than on controller.
            string actionname = controllerContext.RouteData.Values["Action"].ToString();
            ActionDescriptor action = reflectedControllerDescriptor.FindAction(controllerContext, actionname);

            //Find session attribute on the action.
            var customAttributeSet = new[]
            {
                action.GetCustomAttributes(typeof (SessionAttribute), true)
                , controllerContext.Controller.GetType().GetCustomAttributes(typeof (SessionAttribute), true)
            };
            SessionWrapper wrapper = null;
            if (customAttributeSet.Any(customAttributes => TryEnableSession(customAttributes, out wrapper)))
            {
                return wrapper;
            }
            return null;

            /*throw new NHModelBinderException(
                "can't find any enabled SessionAttribute on controller or action ,please special session attribute and make sure it's enabled.");*/
        }
Esempio n. 16
0
        protected override void OnModelUpdated(ControllerContext controllerContext, ModelBindingContext bindingContext)
        {
            base.OnModelUpdated(controllerContext, bindingContext);

            ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType());
            ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, controllerContext.RouteData.Values["action"].ToString());
            ParameterDescriptor paramDescriptor = actionDescriptor.GetParameters()
                                                                  .FirstOrDefault(p => p.ParameterType == bindingContext.ModelMetadata.ModelType);

            if (null != paramDescriptor)
            {
                foreach (var propertyName in paramDescriptor.BindingInfo.Exclude)
                {
                    bindingContext.ModelState.Remove(propertyName);
                }
                if (paramDescriptor.BindingInfo.Include != null && paramDescriptor.BindingInfo.Include.Count > 0)
                {
                    var models = bindingContext.ModelState.ToList();
                    foreach (var item in models)
                    {
                        if (!paramDescriptor.BindingInfo.Include.Contains(item.Key))
                        {
                            bindingContext.ModelState.Remove(item.Key);
                        }
                    }
                }
            }

            Dictionary<string, bool> startedValid = new Dictionary<string, bool>(StringComparer.OrdinalIgnoreCase);
            var regStringList = new List<String> ()
            { 
                @"<script[\s\S]+</script *>",
                @"on\w+=\s*(['""\s]?)([/s/S]*[^\1]*?)\1[\s]*",
                @"<ScriptBlock>on\w+=\s*(['""\s]?)([/s/S]*[^\1]*?)\1[\s|>|/>]",
                @"href[ ^=]*=\s*(['""\s]?)[\w]*script+?([/s/S]*[^\1]*?)\1[\s]*"
            };
            
            //验证每个属性中的值是否包含有危险字段.
            foreach (var item in bindingContext.PropertyMetadata)
            {
                if (item.Value.ModelType.FullName.EndsWith("String"))
                {
                    if (item.Value.Model != null)
                    {
                        var propertyValue = item.Value.Model.ToString();
                        Regex reg;
                        bool flag = false;
                        foreach (var pattern in regStringList)
                        {
                            reg = new Regex(pattern);
                            if (reg.Match(propertyValue).Success)
                            {
                                bindingContext.ModelState.AddModelError(item.Key, "提交的信息中包含有非法字符");
                                flag = true;
                                break;
                            }
                        }
                        if (flag)
                        {
                            break;
                        }
                    }
                    
                }
            }
            //获取模型的验证结果
            //var results = ModelValidator.GetModelValidator(bindingContext.ModelMetadata, controllerContext).Validate(bindingContext.Model);
            
            //foreach (ModelValidationResult validationResult in results)
            //{
            //    string subPropertyName = CreateSubPropertyName(bindingContext.ModelName, validationResult.MemberName);

            //    //if(bindingContext.PropertyFilter(subPropertyName)) {
            //    //bindingContext.PropertyFilter 是一个 delegate, 如果指定的 member 在 BindAttribute 的 Include 的列表内(或者非 Exclude 的列表内),返回 true, 否则为 false
            //    //部分验证的功能就是通过它的结果来实现的
            //    if (bindingContext.PropertyFilter(validationResult.MemberName))
            //    {
            //        if (!startedValid.ContainsKey(subPropertyName))
            //        {
            //            startedValid[subPropertyName] = bindingContext.ModelState.IsValidField(subPropertyName);
            //        }

            //        if (startedValid[subPropertyName])
            //        {
            //            bindingContext.ModelState.AddModelError(subPropertyName, validationResult.Message);
            //        }

                    
            //    }
            //}


        }
Esempio n. 17
0
 public ActionResult Index()
 {
     ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController));
     ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction");
     return View(actionDescriptor);
 }
Esempio n. 18
0
        private bool ShouldBeSecure(RequestContext requestContext, ActionExecutingContext actionContext) {
            var controllerName = (string) requestContext.RouteData.Values["controller"];
            if (controllerName == null) return false;
            var actionName = (string) requestContext.RouteData.Values["action"];
            if (actionName == null) return false;

            var settings = GetSettings();
            if (settings == null || !settings.Enabled) {
                return false;
            }

            if (actionName.EndsWith("Ssl") || controllerName.EndsWith("Ssl")) {
                return true;
            }

            var controller = (actionContext != null
                ? actionContext.Controller
                : ControllerBuilder.Current.GetControllerFactory()
                    .CreateController(requestContext, controllerName)) as ControllerBase;
            if (controller != null) {
                var controllerType = controller.GetType();
                if (controllerType.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Any()) {
                    return true;
                }
                ActionDescriptor actionDescriptor;
                if (actionContext != null) {
                    actionDescriptor = actionContext.ActionDescriptor;
                }
                else {
                    var controllerContext = new ControllerContext(requestContext, controller);
                    var controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
                    actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
                }
                if (actionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Any()) {
                    return true;
                }
            }

            if (settings.SecureEverything) return true;

            if (controllerName == "Account" &&
                (actionName == "LogOn"
                 || actionName == "ChangePassword"
                 || actionName == "AccessDenied"
                 || actionName == "Register"
                 || actionName.StartsWith("ChallengeEmail", StringComparison.OrdinalIgnoreCase))) {
                return true;
            }

            if (controllerName == "Admin" || AdminFilter.IsApplied(requestContext)) {
                return true;
            }

            if (!settings.CustomEnabled) return false;

            var urlHelper = new UrlHelper(requestContext);
            var url = urlHelper.Action(actionName, controllerName, requestContext.RouteData);

            if (String.IsNullOrWhiteSpace(url)) {
                return false;
            }

            return IsRequestProtected(
                url, requestContext.HttpContext.Request.ApplicationPath, settings);
        }
Esempio n. 19
0
 internal static ActionDescriptor GetActionDescriptor(this ControllerContext controllerContext, string actionName)
 {
     var controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType());
     return controllerDescriptor.FindAction(controllerContext, actionName);
 }
Esempio n. 20
0
        public ActionResult Yes(ConfirmationActionViewModel model)
        {
            if (!model.HttpPost)
                return Redirect(model.YesUrl);

            ConfirmationData data = ConfirmationService.GetData(model.Id);

            RouteData route = RoutesHelper.GetRouteDataByUrl("/" + model.YesUrl);

            //var controllerDescriptor = new ReflectedControllerDescriptor(GetType());
            string controllerName = (String)route.Values["controller"];
            string actionName = (String)route.Values["action"];
            //string values = RouteData.GetRequiredString("id");

            //IControllerActivator
            DefaultControllerFactory d = new DefaultControllerFactory();

            IController controller = d.CreateController(HttpContext.Request.RequestContext, controllerName);

            ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
            //d.ReleaseController(controller);

            ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName);

            RequestContext requestContext = new RequestContext(new RoutesHelper.RewritedHttpContextBase("/" + model.YesUrl), route);

            requestContext.HttpContext.Request.Form.Add((NameValueCollection)data.PostData);

            ControllerContext ctx = new ControllerContext(requestContext, (ControllerBase)controller);
            IDictionary<string, object> parameters2 = GetParameterValues(ctx, actionDescriptor);
            IDictionary<string, object> parameters = new Dictionary<string,object>();

            ControllerContext.HttpContext.Response.Clear();
            NameValueCollection nameValueCollection = data.PostData as NameValueCollection;
            //nameValueCollection.
            actionDescriptor.Execute(ControllerContext, (IDictionary<string, object>)data.PostData);

            //var viewResult = new ViewResult
            //{
            //    ViewName = "",
            //    MasterName = "",
            //    ViewData = new ViewDataDictionary(data.PostData),
            //    TempData = null
            //};

            //return viewResult;
            return new EmptyResult();
        }
Esempio n. 21
0
        protected override void OnException(ExceptionContext filterContext)
        {
            //TODO: подумать о том чтобы делать параметризированный ендВорк без савечангес

            var exception = filterContext.Exception;

            Logger.Write("Message: " + exception.Message + "\r\n Data: \r\n" + exception.Data + "\r\n Trace:\r\n" + exception.StackTrace, "Exceptions", 0, 32667, TraceEventType.Error);//TODO: подкрутить вывод в лог

            #region Системные ошибки
            if (exception is SystemException)
            {
                var result = new ViewResult//TODO: Глобальная ошбика, например отключение бд, привелет к показу! Нужно редиректить на специальный лайаут, без пользовательских данных, который точно не ебнеться, и адльше смотреть, если нет коннекта к БД писать прямо об этом
                {
                    ViewName = "Error",
                    MasterName = "",
                    ViewData = null,
                    TempData = filterContext.Controller.TempData
                };

                result.ViewBag.Exception = exception;
                result.ViewBag.ExceptionText =
                    "Возникла ошибка, обратитесь к команде разработчиков через <a href='" + Url.Action("index", "feedback") + "'>форму обратной связи</a> или по <a href='mailto:[email protected]'>email</a>";

                filterContext.Result = result;
                filterContext.ExceptionHandled = true;
                filterContext.HttpContext.Response.Clear();
                filterContext.HttpContext.Response.StatusCode = 500;
            }
            #endregion

            #region Ошибки приложения
            if (exception is ApplicationException)
            {
                #region Ошибки редиректа

                if (filterContext.Exception is RedirectException)
                {
                    RedirectException redirectException = (RedirectException)filterContext.Exception;

                    string url = "";

                    if (!string.IsNullOrWhiteSpace(redirectException.RedirectUrl))
                        url = redirectException.RedirectUrl;
                    else
                        url = ConstHelper.HomeUrl;

                    List<string> urlParameters = new List<string>();

                    if (!String.IsNullOrEmpty(redirectException.Message))
                        urlParameters.Add(ConstHelper.ErrorCode + "=" + ErrorService.Add(redirectException.Message));

                    if (filterContext.Exception is AuthenticationException)
                        urlParameters.Add("returnUrl" + "=" + HttpUtility.UrlEncode(HttpContext.Request.Url.ToString()));//TODO: вынести returl или внести ErrorCode

                    StringBuilder finallyUrl = new StringBuilder(url);
                    finallyUrl.Append("?");
                    for (int i = 0; i < urlParameters.Count; i++)
                    {
                        finallyUrl.Append(urlParameters[i]);

                        if (i != urlParameters.Count - 1)
                            finallyUrl.Append("&");
                    }

                    filterContext.Result = new RedirectResult(finallyUrl.ToString());
                    filterContext.ExceptionHandled = true;
                    filterContext.HttpContext.Response.Clear();
                    filterContext.HttpContext.Response.StatusCode = 500;
                    return;
                }

                if (filterContext.Exception is MvcActionRedirectException)
                {
                    MvcActionRedirectException mvcRredirectException = (MvcActionRedirectException)filterContext.Exception;
                    var result = RedirectToAction(mvcRredirectException.ActionName, mvcRredirectException.ControllerName, mvcRredirectException.RouteValues);

                    if (!String.IsNullOrEmpty(mvcRredirectException.Message))
                        result.RouteValues.Add(ConstHelper.ErrorCode, ErrorService.Add(mvcRredirectException.Message));

                    filterContext.Result = result;
                    filterContext.ExceptionHandled = true;
                    filterContext.HttpContext.Response.Clear();
                    filterContext.HttpContext.Response.StatusCode = 500;
                    return;
                }

                #endregion

                #region Ошибки ведущие на остование на этой же странице

                #region Ошибки бизнес логики
                //чтобы заюзать внутренний кеш, можно поробовать обкаст к коетроллер акстион енвокер
                if (filterContext.Exception is BusinessLogicException)
                {
                    BusinessLogicException businessLogicException = (BusinessLogicException)filterContext.Exception;

                    var controllerDescriptor = new ReflectedControllerDescriptor(GetType());
                    string actionName = RouteData.GetRequiredString("action");
                    ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName);
                    IDictionary<string, object> parameters = GetParameterValues(ControllerContext, actionDescriptor);

                    object model = null;
                    if (parameters.Keys.Contains("model"))
                        model = parameters["model"];

                    var viewResult = new ViewResult
                    {
                        ViewName = "",
                        MasterName = "",
                        ViewData = new ViewDataDictionary(model),
                        TempData = filterContext.Controller.TempData
                    };

                    viewResult.ViewBag.Exception = businessLogicException;
                    viewResult.ViewBag.ExceptionText = String.Format(businessLogicException.Message);

                    ControllerContext context = ControllerContext;
                    try
                    {
                        viewResult.ExecuteResult(context);
                    }
                    catch//TODO: URLREFERER case
                    {
                        //if (HttpContext.Request.UrlReferrer != null)
                        //{
                        //    if(Core.UrlHelper.IsInnerUrl(HttpContext.Request.UrlReferrer.ToString()))
                        //    {
                        //    }

                        //}
                        //else
                        //{
                        var result = new ViewResult//TODO: Глобальная ошбика, например отключение бд, привелет к показу! Нужно редиректить на специальный лайаут, без пользовательских данных, который точно не ебнеться, и адльше смотреть, если нет коннекта к БД писать прямо об этом
                        {
                            ViewName = "Error",
                            MasterName = "",
                            ViewData = null,
                            TempData = filterContext.Controller.TempData
                        };

                        result.ViewBag.Exception = businessLogicException;
                        result.ViewBag.ExceptionText = String.Format(businessLogicException.Message);

                        filterContext.Result = result;
                        filterContext.ExceptionHandled = true;
                        filterContext.HttpContext.Response.Clear();
                        filterContext.HttpContext.Response.StatusCode = 500;
                        return;
                        //}
                    }

                    filterContext.Result = viewResult;
                    filterContext.ExceptionHandled = true;
                    filterContext.HttpContext.Response.Clear();
                    filterContext.HttpContext.Response.StatusCode = 500;
                    return;
                }
                #endregion

                #region Ошибки валидации
                //чтобы заюзать внутренний кеш, можно поробовать обкаст к коетроллер акстион енвокер
                if (filterContext.Exception is ValidationException)
                {
                    ValidationException validationException = (ValidationException)filterContext.Exception;

                    var controllerDescriptor = new ReflectedControllerDescriptor(GetType());
                    string actionName = RouteData.GetRequiredString("action");
                    ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName);
                    IDictionary<string, object> parameters = GetParameterValues(ControllerContext, actionDescriptor);

                    object model = null;
                    if (parameters.Keys.Contains("model"))
                        model = parameters["model"];

                    var viewResult = new ViewResult
                    {
                        ViewName = "",
                        MasterName = "",
                        ViewData = new ViewDataDictionary(model),
                        TempData = filterContext.Controller.TempData
                    };

                    viewResult.ViewBag.ValidationException = validationException;
                    viewResult.ViewBag.ValidationExceptionText = String.Format(validationException.Message);
                    //viewResult.ExecuteResult();
                    filterContext.Result = viewResult;
                    filterContext.ExceptionHandled = true;
                    filterContext.HttpContext.Response.Clear();
                    filterContext.HttpContext.Response.StatusCode = 500;
                    return;
                }

                #endregion

                #endregion
            }
            #endregion

            base.OnException(filterContext);
        }