public void OnAuthorization(AuthorizationFilterContext context)
{
//OnAuthorization method will be called per http request
}
protected virtual void goToContractPage(AuthorizationFilterContext filterContext)
{
goTo(filterContext, "Users", "Contract");
}
protected virtual void goToUninvited(AuthorizationFilterContext filterContext)
{
goTo(filterContext, "Users", "LogOn");
}
private AuthorizationFilterContext GetAuthorizationContext(
bool anonymous = false,
Action <IServiceCollection> registerServices = null)
{
var basicPrincipal = new ClaimsPrincipal(
new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.Role, "User"),
new Claim(ClaimTypes.NameIdentifier, "John")
},
"Basic"));
var validUser = basicPrincipal;
var bearerIdentity = new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CupBearer"),
new Claim(ClaimTypes.Role, "Token"),
new Claim(ClaimTypes.NameIdentifier, "John Bear")
},
"Bearer");
var bearerPrincipal = new ClaimsPrincipal(bearerIdentity);
validUser.AddIdentity(bearerIdentity);
// ServiceProvider
var serviceCollection = new ServiceCollection();
var auth = new Mock <IAuthenticationService>();
serviceCollection.AddOptions();
serviceCollection.AddLogging();
serviceCollection.AddSingleton(auth.Object);
serviceCollection.AddAuthorization();
serviceCollection.AddAuthorizationPolicyEvaluator();
registerServices?.Invoke(serviceCollection);
var serviceProvider = serviceCollection.BuildServiceProvider();
// HttpContext
var httpContext = new Mock <HttpContext>();
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Bearer")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(bearerPrincipal, "Bearer")));
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Basic")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(basicPrincipal, "Basic")));
auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Fails")).ReturnsAsync(AuthenticateResult.Fail("Fails"));
httpContext.SetupProperty(c => c.User);
if (!anonymous)
{
httpContext.Object.User = validUser;
}
httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider);
var contextItems = new Dictionary <object, object>();
httpContext.SetupGet(c => c.Items).Returns(contextItems);
// AuthorizationFilterContext
var actionContext = new ActionContext(
httpContext: httpContext.Object,
routeData: new RouteData(),
actionDescriptor: new ActionDescriptor());
var authorizationContext = new AuthorizationFilterContext(
actionContext,
Enumerable.Empty <IFilterMetadata>().ToList()
);
return(authorizationContext);
}
/// <summary>
/// Called early in the filter pipeline to confirm request is authorized
/// </summary>
/// <param name="context">Authorization filter context</param>
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
await ValidateHoneypotAsync(context);
}
/// <summary>
/// 将当前请求结果重新描绘到新的内容结果中
/// </summary>
/// <param name="filterContext">The action context.</param>
/// <param name="status">The status.</param>
protected void SetHttpStatusCode(AuthorizationFilterContext filterContext, HttpStatusCode status)
{
filterContext.Result = new StatusCodeResult((int)status);
}
/// <summary>
/// 获取用户
/// </summary>
/// <param name="filterContext"></param>
/// <param name="ticket"></param>
/// <returns></returns>
public virtual IUser GetUser(AuthorizationFilterContext context, Microsoft.AspNetCore.Http.HttpRequest request)
{
return(null);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var actionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
//this.GetType().CustomAttributes
//.FirstOrDefault(r => r.AttributeType == typeof(RouteAttribute))
//.ConstructorArguments[0].Value.ToString()
//.Replace("[controller]", (string)this.RouteData.Values["controller"]);
var session = context.HttpContext.Session;
if (context != null)
{
Accounts account = UTILS.SessionExtensions.Get <Accounts>(session, UTILS.SessionExtensions.SessionAccount);
var permission = UTILS.SessionExtensions.Get <List <Role_Permissions> >(session, UTILS.SessionExtensions.SesscionPermission);
if (permission == null)
{
context.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "tai-khoan",
action = "dang-nhap"
}));
}
else
{
if (_actionCode == "NoCheck")
{
}
else
{
var path = context.HttpContext.Request.Path.Value.ToString();
//var controller = new ControllerContext().ActionDescriptor.ControllerName;
var controller = actionDescriptor.ControllerTypeInfo.CustomAttributes.FirstOrDefault().ConstructorArguments[0].Value.ToString();//lấy tên controll
var exist = permission.Where(c => c.MenuUrl.ToString().ToLower().Contains(controller)).ToList();
if (exist.Count == 0)
{
context.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "Error",
action = "NoPermission"
}
));
}
else
{
if (!string.IsNullOrEmpty(_actionCode))
{
var control = exist.Find(c => c.ActionCode == _actionCode);
if (control == null)
{
context.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "Error",
action = "NoPermission"
}
));
}
}
else
{
}
}
}
}
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
IServiceProvider services = context.HttpContext.RequestServices;
object authorization = services.GetRequiredService(serviceType);
IAuthorizationResultAccessor accessor = services.GetRequiredService <IAuthorizationResultAccessor>();
PolicyResult policyResult = (PolicyResult)tryAuthorizeMethod.Invoke(authorization, new object[] { policyExpression });
SortedSet <string> succeeded = new SortedSet <string>();
SortedSet <string> failed = new SortedSet <string>();
SortedSet <string> notHandled = new SortedSet <string>();
switch (policyResult)
{
case PolicyResult.Success:
succeeded.Add(policyExpression);
break;
case PolicyResult.Failed:
failed.Add(policyExpression);
break;
case PolicyResult.NotHandled:
default:
notHandled.Add(policyExpression);
break;
}
PolicyOnlyExpression exp = new PolicyOnlyExpression(policyExpression, policyResult);
PolicyExpressionRoot root = new PolicyExpressionRoot(exp);
AuthorizationResult result = new AuthorizationResult(root);
if (accessor.Result == null)
{
accessor.Result = result;
}
else
{
result.CombineAsAnd(accessor.Result);
accessor.Result = result;
}
bool overall = false;
switch (result.Result)
{
case PolicyResult.Success:
overall = true;
break;
case PolicyResult.Failed:
break;
case PolicyResult.NotHandled:
default:
if (!failedIfNotHandled)
{
overall = true;
}
break;
}
if (overall)
{
return;
}
switch (failedAction)
{
case AuthorizationFailedAction.KeepUnauthorized:
return;
case AuthorizationFailedAction.Return401:
context.Result = new HttpUnauthorizedResult();
return;
case AuthorizationFailedAction.CustomHandler:
break;
}
// custom handler
IAuthorizationDeclarationCache cache = services.GetRequiredService <IAuthorizationDeclarationCache>();
AuthorizationDeclarationInfo info = null;
switch (context.ActionDescriptor)
{
case ControllerActionDescriptor controllerActionDescriptor:
info = cache.Get(controllerActionDescriptor);
break;
case CompiledPageActionDescriptor compiledPageActionDescriptor:
info = cache.Get(compiledPageActionDescriptor);
break;
default:
throw new Exception($"not handled with action descriptor of type {context.ActionDescriptor.GetType().Name}");
}
if (info != null &&
info.Declaration != AuthorizationDeclaration.No &&
info.FailedAction == AuthorizationFailedAction.CustomHandler &&
info.FailedHandler != null)
{
IActionResult actionResult = info.FailedHandler.Execute(context.HttpContext, result);
if (actionResult != null)
{
context.Result = actionResult;
return;
}
else
{
// not handled
throw new Exception($"not handled");
}
}
throw new Exception($"no handler set for type {context.ActionDescriptor.GetType().Name}");
}
public void OnAuthorization(AuthorizationFilterContext context)
{
// =============================================================================
// Validate Authorization header
// =============================================================================
var __tokens = context.HttpContext
.Request
.Headers["Authorization"]
.ToString()
.Split(" ");
if (__tokens[0] != "Bearer")
{
context.Result = new UnauthorizedResult();
return;
}
if (__tokens.Length < 2)
{
context.Result = new UnauthorizedResult();
return;
}
// =============================================================================
// Validate token
// =============================================================================
try
{
var __SEPARATORS = ",;".ToCharArray();
var __secretKey = _config["JWTAutentication:Secret"];
var __claims = new JwtValidator().ValidateToken(__tokens[1], __secretKey)
.ToList();
// =============================================================================
// User Id
// =============================================================================
var __userId = __claims.Where(c => c.Type == "UserId")
.FirstOrDefault()
.Value;
// =============================================================================
// User roles
// =============================================================================
var __userRoles = __claims.Where(c => c.Type == "Roles")
.FirstOrDefault()
.Value.Split(__SEPARATORS,
StringSplitOptions.RemoveEmptyEntries);
// =============================================================================
// Valid roles
// =============================================================================
var __validRoles = _value.Split(__SEPARATORS,
StringSplitOptions.RemoveEmptyEntries);
if (0 == __validRoles.Intersect(__userRoles).ToList().Count)
{
context.Result = new UnauthorizedResult();
return;
}
context.HttpContext.Items.Add("userid", __userId);
context.HttpContext.Items.Add("roles", __userRoles);
}
catch (System.Exception)
{
context.Result = new UnauthorizedResult();
return;
}
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <remarks>用于统一过滤登录用户的状态是否有效,如果无效,拒绝请求</remarks>
public void OnAuthorization(AuthorizationFilterContext context)
{
return;
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
context.HttpContext.Items.Add("AuthorizationFilter", "Passed Authorization Filter");
context.HttpContext.Items.Add("Age", "20");
}
public virtual Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
return(Task.CompletedTask);
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
}
/// <summary>
/// Sets the status result to the appropriate StatusCodeResult specified in the constructor.
/// The default is 400 Bad Request.
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleNonHttpsRequest(AuthorizationFilterContext filterContext)
{
filterContext.Result = new StatusCodeResult(StatusCode);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
string strUrl = "";
strUrl = context.HttpContext.Request.Path.Value;
if (context.HttpContext.Request.QueryString.HasValue)
{
strUrl += context.HttpContext.Request.QueryString.Value;
}
#region Session代码
if (context.HttpContext.Session.Get <UserViewModel>("UserInfo") == null) //没有登录系统直接访问控制器
{
//filterContext.Result = new RedirectResult("/Account/Login");
if (context.HttpContext.Request.IsAjaxRequest())
{
var data = new JsonModel {
Statu = "y", BackUrl = strUrl
};
context.Result = new JsonResult(data);
}
else
{
context.Result =
new RedirectToRouteResult
(
new RouteValueDictionary
(
new
{
controller = "Account",
action = "Login",
area = "",
ReturnUrl = strUrl,
}
)
);
}
return;
}
#endregion
return;
//判断类或方法上是否应用了“AllowAnonymousAttribute”特性,该特性表示要跳过权限认证
bool b = context.ActionDescriptor.FilterDescriptors.Any(t => t.Filter.ToString() == "Microsoft.AspNetCore.Mvc.Authorization.AllowAnonymousFilter");
if (b)
{
return;
}
string strControllerName = "";
string strActionName = "";
//获取控制器名称
context.ActionDescriptor.RouteValues.TryGetValue("controller", out strControllerName);
//获取操作名称
context.ActionDescriptor.RouteValues.TryGetValue("action", out strActionName);
string str = context.HttpContext.Request.Method;
// base.OnActionExecuting(filterContext);
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
if (context.ActionDescriptor.EndpointMetadata.OfType <AllowAnonymousAttribute>().Any())
{
return;
}
var userId = context.HttpContext.User.Claims
.SingleOrDefault(p => p.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")?.Value;
if (userId == null)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "無法識別使用者",
Status = 401
});
return;
}
var securityStamp = context.HttpContext.User.Claims
.SingleOrDefault(p => p.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid")?.Value;
if (securityStamp == null)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "無法識別使用者",
Status = 401
});
return;
}
try
{
var logger = (ILogger <AuthAuthorizeAttribute>)context.HttpContext.RequestServices
.GetService(typeof(ILogger <AuthAuthorizeAttribute>)) ?? throw new ArgumentNullException();
var userManager = (UserManager <ApplicationUser>)context.HttpContext.RequestServices
.GetService(typeof(UserManager <ApplicationUser>)) ?? throw new ArgumentNullException();
var user = await userManager.FindByIdAsync(userId);
if (user == null)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "無法識別使用者",
Status = 401
});
return;
}
if (securityStamp != user.SecurityStamp)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "無法識別SecurityStamp",
Status = 401
});
return;
}
if (!user.EmailConfirmed)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "帳戶未驗證",
Status = 401
});
return;
}
if (!user.IsEnable)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "帳戶未啟用",
Status = 401
});
return;
}
if (user.LockoutEnd != null)
{
if ((TimeComparisonStatus)DateTimeOffset.Compare(DateTimeOffset.UtcNow, (DateTimeOffset)user.LockoutEnd) != TimeComparisonStatus.Later)
{
context.Result = new UnauthorizedObjectResult(new
{
Type = "https://tools.ietf.org/html/rfc7231#section-6.5.3",
Title = "授權失敗",
Message = "帳戶鎖定",
Status = 401
});
return;
}
}
}
catch (ArgumentNullException)
{
context.Result = new StatusCodeResult(StatusCodes.Status500InternalServerError);
}
}
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.Request.TryGetHeader(_userTokenKey, out string accessToken))
{
var result = new SysApiResult <string>()
{
Status = SysApiStatus.未授权, Message = "您的登陆身份已过期,请重新登陆"
};
filterContext.Result = new JsonNetResult(value: result);
return;
}
var tokenModel = _tokenSvc.DecodeToken(accessToken);
//从数据库获取客户信息
if (tokenModel == null)
{
var result = new SysApiResult <string>()
{
Status = SysApiStatus.未授权, Message = "您的身份未授权"
};
filterContext.Result = new JsonNetResult(value: result);
return;
}
//时间过期
if (tokenModel.TokenExpireTime <= DateTime.Now)
{
var result = new SysApiResult <string>()
{
Status = SysApiStatus.未授权, Message = "token已过期,请重新登陆"
};
filterContext.Result = new JsonNetResult(value: result);
return;
}
if (!filterContext.HttpContext.Request.TryGetHeader("DeviceType", out string deviceTypeStr) ||
!Enum.TryParse(deviceTypeStr, out DeviceType deviceType))
{
var result = new SysApiResult <string>()
{
Status = SysApiStatus.异常, Message = "缺失DeviceType"
};
filterContext.Result = new JsonNetResult(value: result);
return;
}
bool isOk = _tokenSvc.检查用户登陆是否合法(tokenModel.UserId, deviceType, accessToken, isAdmin: false, isSingleLogin: true, out string errorMsg);
if (!isOk)
{
var result = new SysApiResult <string>()
{
Status = SysApiStatus.未授权, Message = errorMsg
};
filterContext.Result = new JsonNetResult(value: result);
return;
}
}
/// <summary>
/// 当验证完成后怎么做
/// </summary>
/// <param name="context"></param>
/// <param name="user">用户</param>
protected virtual void OnAuthorizeCompleted(AuthorizationFilterContext context, IUser user)
{
}
// /// <summary>返回结果并跳转</summary>
// /// <param name="data">结果。可以是错误文本、成功文本、其它结构化数据</param>
// /// <param name="url">提示信息后跳转的目标地址,[refresh]表示刷新当前页</param>
// /// <returns></returns>
// public static ActionResult JsonTips(Object data, String url = null)
// {
// object value;
// if (data is Exception ex)
// value = new { result = false, data = ex.GetTrue()?.Message, url };
// else
// value = new { result = true, data, url };
//#if __CORE__
// var vr = new JsonResult(value);
//#else
// var vr = new JsonResult()
// {
// Data = value,
// JsonRequestBehavior = JsonRequestBehavior.AllowGet
// };
//#endif
// return vr;
// }
// /// <summary>返回结果并刷新</summary>
// /// <param name="data">消息</param>
// /// <returns></returns>
// public static ActionResult JsonRefresh(Object data) => JsonTips(data, "[refresh]");
#endregion
/// <summary>无权访问</summary>
/// <param name="filterContext"></param>
/// <param name="pm"></param>
/// <returns></returns>
#if __CORE__
public static ActionResult NoPermission(this AuthorizationFilterContext filterContext, PermissionFlags pm)
{
var act = (ControllerActionDescriptor)filterContext.ActionDescriptor;
var ctrl = act;
/// <summary>
///
/// </summary>
/// <param name="filterContext"></param>
/// <returns></returns>
protected void SetUnauthorized(AuthorizationFilterContext filterContext)
{
filterContext.Result = new UnauthorizedResult();
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var action = context.RouteData.Values["action"];
var controller = context.RouteData.Values["controller"];
}
public async Task AuthorizeAsync(AuthorizationFilterContext context, string api, string key, string verb)
{
//Put your authorization here
await Task.CompletedTask;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
if (controllerActionDescriptor != null)
{
var service = controllerActionDescriptor.ControllerTypeInfo.Namespace.Replace("Advice.", "").Replace(".Services.WebApi", "");
var controller = controllerActionDescriptor.ControllerName.Replace("Controller", "");
var methodName = controllerActionDescriptor.MethodInfo.Name;
//procura o controller no cache pra ver se tem.
ControllerRegistry registry = null;
if (!_cache.TryGetValue(controller, out registry))
{
//Roadmap:
//(1) - Fazer fetch via REST quando precisar
//(2) - Mover tudo para Core/Nugets
//(3) - Testar se Attribute herda com classe
//(4) - Endpoint para resetar cache
String token = "";
IRestClient client;
IRestRequest request;
IRestResponse response;
if (!_cache.TryGetValue("Token", out token))
{
client = new RestClient("http://localhost:1241");
request = new RestRequest("api/Token", Method.POST);
var body = new { Login = "******", Password = "******" };
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
//request.AddParameter("application/json", body, ParameterType.RequestBody);
request.AddJsonBody(body);
response = client.Execute(request);
token = response.Content.Replace("\"", "");
_cache.Set("Token", token);
}
client = new RestClient("http://localhost:1240"); //8080 8000
request = new RestRequest("api/services/{id}");
request.AddUrlSegment("id", service + "." + controller);
request.AddHeader("Authorization", "Bearer " + token);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
response = client.Execute(request);
var content = response.Content.Replace("[", "").Replace("]", "").Split(',').Select(x => x.Replace("\"", ""));
registry = new ControllerRegistry();
registry.Name = controller;
foreach (var item in content)
{
registry.Methods.Add(item);
}
_cache.Set(controller, registry);
}
var methodIndex = registry.Methods.IndexOf(methodName);
var claim = context.HttpContext.User.Claims.SingleOrDefault(x => x.Type.Equals("Service." + service + "." + controller));
if (claim == null)
{
context.Result = new UnauthorizedResult();
}
var claimValue = claim.Value.ElementAt(methodIndex);
if (claimValue != '1')
{
context.Result = new UnauthorizedResult();
}
}
}
private Task Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
{
switch (next)
{
case State.InvokeBegin:
{
goto case State.AuthorizationBegin;
}
case State.AuthorizationBegin:
{
_cursor.Reset();
goto case State.AuthorizationNext;
}
case State.AuthorizationNext:
{
var current = _cursor.GetNextFilter <IAuthorizationFilter, IAsyncAuthorizationFilter>();
if (current.FilterAsync != null)
{
if (_authorizationContext == null)
{
_authorizationContext = new AuthorizationFilterContext(_actionContext, _filters);
}
state = current.FilterAsync;
goto case State.AuthorizationAsyncBegin;
}
else if (current.Filter != null)
{
if (_authorizationContext == null)
{
_authorizationContext = new AuthorizationFilterContext(_actionContext, _filters);
}
state = current.Filter;
goto case State.AuthorizationSync;
}
else
{
goto case State.AuthorizationEnd;
}
}
case State.AuthorizationAsyncBegin:
{
Debug.Assert(state != null);
Debug.Assert(_authorizationContext != null);
var filter = (IAsyncAuthorizationFilter)state;
var authorizationContext = _authorizationContext;
_diagnosticSource.BeforeOnAuthorizationAsync(authorizationContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.AuthorizationFilter,
nameof(IAsyncAuthorizationFilter.OnAuthorizationAsync),
filter);
var task = filter.OnAuthorizationAsync(authorizationContext);
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.AuthorizationAsyncEnd;
return(task);
}
goto case State.AuthorizationAsyncEnd;
}
case State.AuthorizationAsyncEnd:
{
Debug.Assert(state != null);
Debug.Assert(_authorizationContext != null);
var filter = (IAsyncAuthorizationFilter)state;
var authorizationContext = _authorizationContext;
_diagnosticSource.AfterOnAuthorizationAsync(authorizationContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.AuthorizationFilter,
nameof(IAsyncAuthorizationFilter.OnAuthorizationAsync),
filter);
if (authorizationContext.Result != null)
{
goto case State.AuthorizationShortCircuit;
}
goto case State.AuthorizationNext;
}
case State.AuthorizationSync:
{
Debug.Assert(state != null);
Debug.Assert(_authorizationContext != null);
var filter = (IAuthorizationFilter)state;
var authorizationContext = _authorizationContext;
_diagnosticSource.BeforeOnAuthorization(authorizationContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.AuthorizationFilter,
nameof(IAuthorizationFilter.OnAuthorization),
filter);
filter.OnAuthorization(authorizationContext);
_diagnosticSource.AfterOnAuthorization(authorizationContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.AuthorizationFilter,
nameof(IAuthorizationFilter.OnAuthorization),
filter);
if (authorizationContext.Result != null)
{
goto case State.AuthorizationShortCircuit;
}
goto case State.AuthorizationNext;
}
case State.AuthorizationShortCircuit:
{
Debug.Assert(state != null);
Debug.Assert(_authorizationContext != null);
Debug.Assert(_authorizationContext.Result != null);
_logger.AuthorizationFailure((IFilterMetadata)state);
// This is a short-circuit - execute relevant result filters + result and complete this invocation.
isCompleted = true;
_result = _authorizationContext.Result;
return(InvokeAlwaysRunResultFilters());
}
case State.AuthorizationEnd:
{
goto case State.ResourceBegin;
}
case State.ResourceBegin:
{
_cursor.Reset();
goto case State.ResourceNext;
}
case State.ResourceNext:
{
var current = _cursor.GetNextFilter <IResourceFilter, IAsyncResourceFilter>();
if (current.FilterAsync != null)
{
if (_resourceExecutingContext == null)
{
_resourceExecutingContext = new ResourceExecutingContext(
_actionContext,
_filters,
_valueProviderFactories);
}
state = current.FilterAsync;
goto case State.ResourceAsyncBegin;
}
else if (current.Filter != null)
{
if (_resourceExecutingContext == null)
{
_resourceExecutingContext = new ResourceExecutingContext(
_actionContext,
_filters,
_valueProviderFactories);
}
state = current.Filter;
goto case State.ResourceSyncBegin;
}
else
{
// All resource filters are currently on the stack - now execute the 'inside'.
goto case State.ResourceInside;
}
}
case State.ResourceAsyncBegin:
{
Debug.Assert(state != null);
Debug.Assert(_resourceExecutingContext != null);
var filter = (IAsyncResourceFilter)state;
var resourceExecutingContext = _resourceExecutingContext;
_diagnosticSource.BeforeOnResourceExecution(resourceExecutingContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.ResourceFilter,
nameof(IAsyncResourceFilter.OnResourceExecutionAsync),
filter);
var task = filter.OnResourceExecutionAsync(resourceExecutingContext, InvokeNextResourceFilterAwaitedAsync);
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ResourceAsyncEnd;
return(task);
}
goto case State.ResourceAsyncEnd;
}
case State.ResourceAsyncEnd:
{
Debug.Assert(state != null);
Debug.Assert(_resourceExecutingContext != null);
var filter = (IAsyncResourceFilter)state;
if (_resourceExecutedContext == null)
{
// If we get here then the filter didn't call 'next' indicating a short circuit.
_resourceExecutedContext = new ResourceExecutedContext(_resourceExecutingContext, _filters)
{
Canceled = true,
Result = _resourceExecutingContext.Result,
};
_diagnosticSource.AfterOnResourceExecution(_resourceExecutedContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.ResourceFilter,
nameof(IAsyncResourceFilter.OnResourceExecutionAsync),
filter);
// A filter could complete a Task without setting a result
if (_resourceExecutingContext.Result != null)
{
goto case State.ResourceShortCircuit;
}
}
goto case State.ResourceEnd;
}
case State.ResourceSyncBegin:
{
Debug.Assert(state != null);
Debug.Assert(_resourceExecutingContext != null);
var filter = (IResourceFilter)state;
var resourceExecutingContext = _resourceExecutingContext;
_diagnosticSource.BeforeOnResourceExecuting(resourceExecutingContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.ResourceFilter,
nameof(IResourceFilter.OnResourceExecuting),
filter);
filter.OnResourceExecuting(resourceExecutingContext);
_diagnosticSource.AfterOnResourceExecuting(resourceExecutingContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.ResourceFilter,
nameof(IResourceFilter.OnResourceExecuting),
filter);
if (resourceExecutingContext.Result != null)
{
_resourceExecutedContext = new ResourceExecutedContext(resourceExecutingContext, _filters)
{
Canceled = true,
Result = _resourceExecutingContext.Result,
};
goto case State.ResourceShortCircuit;
}
var task = InvokeNextResourceFilter();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ResourceSyncEnd;
return(task);
}
goto case State.ResourceSyncEnd;
}
case State.ResourceSyncEnd:
{
Debug.Assert(state != null);
Debug.Assert(_resourceExecutingContext != null);
Debug.Assert(_resourceExecutedContext != null);
var filter = (IResourceFilter)state;
var resourceExecutedContext = _resourceExecutedContext;
_diagnosticSource.BeforeOnResourceExecuted(resourceExecutedContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.ResourceFilter,
nameof(IResourceFilter.OnResourceExecuted),
filter);
filter.OnResourceExecuted(resourceExecutedContext);
_diagnosticSource.AfterOnResourceExecuted(resourceExecutedContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.ResourceFilter,
nameof(IResourceFilter.OnResourceExecuted),
filter);
goto case State.ResourceEnd;
}
case State.ResourceShortCircuit:
{
Debug.Assert(state != null);
Debug.Assert(_resourceExecutingContext != null);
Debug.Assert(_resourceExecutedContext != null);
_logger.ResourceFilterShortCircuited((IFilterMetadata)state);
_result = _resourceExecutingContext.Result;
var task = InvokeAlwaysRunResultFilters();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ResourceEnd;
return(task);
}
goto case State.ResourceEnd;
}
case State.ResourceInside:
{
goto case State.ExceptionBegin;
}
case State.ExceptionBegin:
{
_cursor.Reset();
goto case State.ExceptionNext;
}
case State.ExceptionNext:
{
var current = _cursor.GetNextFilter <IExceptionFilter, IAsyncExceptionFilter>();
if (current.FilterAsync != null)
{
state = current.FilterAsync;
goto case State.ExceptionAsyncBegin;
}
else if (current.Filter != null)
{
state = current.Filter;
goto case State.ExceptionSyncBegin;
}
else if (scope == Scope.Exception)
{
// All exception filters are on the stack already - so execute the 'inside'.
goto case State.ExceptionInside;
}
else
{
// There are no exception filters - so jump right to the action.
Debug.Assert(scope == Scope.Invoker || scope == Scope.Resource);
goto case State.ActionBegin;
}
}
case State.ExceptionAsyncBegin:
{
var task = InvokeNextExceptionFilterAsync();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ExceptionAsyncResume;
return(task);
}
goto case State.ExceptionAsyncResume;
}
case State.ExceptionAsyncResume:
{
Debug.Assert(state != null);
var filter = (IAsyncExceptionFilter)state;
var exceptionContext = _exceptionContext;
// When we get here we're 'unwinding' the stack of exception filters. If we have an unhandled exception,
// we'll call the filter. Otherwise there's nothing to do.
if (exceptionContext?.Exception != null && !exceptionContext.ExceptionHandled)
{
_diagnosticSource.BeforeOnExceptionAsync(exceptionContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.ExceptionFilter,
nameof(IAsyncExceptionFilter.OnExceptionAsync),
filter);
var task = filter.OnExceptionAsync(exceptionContext);
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ExceptionAsyncEnd;
return(task);
}
goto case State.ExceptionAsyncEnd;
}
goto case State.ExceptionEnd;
}
case State.ExceptionAsyncEnd:
{
Debug.Assert(state != null);
Debug.Assert(_exceptionContext != null);
var filter = (IAsyncExceptionFilter)state;
var exceptionContext = _exceptionContext;
_diagnosticSource.AfterOnExceptionAsync(exceptionContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.ExceptionFilter,
nameof(IAsyncExceptionFilter.OnExceptionAsync),
filter);
if (exceptionContext.Exception == null || exceptionContext.ExceptionHandled)
{
// We don't need to do anything to trigger a short circuit. If there's another
// exception filter on the stack it will check the same set of conditions
// and then just skip itself.
_logger.ExceptionFilterShortCircuited(filter);
}
goto case State.ExceptionEnd;
}
case State.ExceptionSyncBegin:
{
var task = InvokeNextExceptionFilterAsync();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ExceptionSyncEnd;
return(task);
}
goto case State.ExceptionSyncEnd;
}
case State.ExceptionSyncEnd:
{
Debug.Assert(state != null);
var filter = (IExceptionFilter)state;
var exceptionContext = _exceptionContext;
// When we get here we're 'unwinding' the stack of exception filters. If we have an unhandled exception,
// we'll call the filter. Otherwise there's nothing to do.
if (exceptionContext?.Exception != null && !exceptionContext.ExceptionHandled)
{
_diagnosticSource.BeforeOnException(exceptionContext, filter);
_logger.BeforeExecutingMethodOnFilter(
FilterTypeConstants.ExceptionFilter,
nameof(IExceptionFilter.OnException),
filter);
filter.OnException(exceptionContext);
_diagnosticSource.AfterOnException(exceptionContext, filter);
_logger.AfterExecutingMethodOnFilter(
FilterTypeConstants.ExceptionFilter,
nameof(IExceptionFilter.OnException),
filter);
if (exceptionContext.Exception == null || exceptionContext.ExceptionHandled)
{
// We don't need to do anything to trigger a short circuit. If there's another
// exception filter on the stack it will check the same set of conditions
// and then just skip itself.
_logger.ExceptionFilterShortCircuited(filter);
}
}
goto case State.ExceptionEnd;
}
case State.ExceptionInside:
{
goto case State.ActionBegin;
}
case State.ExceptionHandled:
{
// We arrive in this state when an exception happened, but was handled by exception filters
// either by setting ExceptionHandled, or nulling out the Exception or setting a result
// on the ExceptionContext.
//
// We need to execute the result (if any) and then exit gracefully which unwinding Resource
// filters.
Debug.Assert(state != null);
Debug.Assert(_exceptionContext != null);
if (_exceptionContext.Result == null)
{
_exceptionContext.Result = new EmptyResult();
}
_result = _exceptionContext.Result;
var task = InvokeAlwaysRunResultFilters();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ResourceInsideEnd;
return(task);
}
goto case State.ResourceInsideEnd;
}
case State.ExceptionEnd:
{
var exceptionContext = _exceptionContext;
if (scope == Scope.Exception)
{
isCompleted = true;
return(Task.CompletedTask);
}
if (exceptionContext != null)
{
if (exceptionContext.Result != null ||
exceptionContext.Exception == null ||
exceptionContext.ExceptionHandled)
{
goto case State.ExceptionHandled;
}
Rethrow(exceptionContext);
Debug.Fail("unreachable");
}
var task = InvokeResultFilters();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ResourceInsideEnd;
return(task);
}
goto case State.ResourceInsideEnd;
}
case State.ActionBegin:
{
var task = InvokeInnerFilterAsync();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ActionEnd;
return(task);
}
goto case State.ActionEnd;
}
case State.ActionEnd:
{
if (scope == Scope.Exception)
{
// If we're inside an exception filter, let's allow those filters to 'unwind' before
// the result.
isCompleted = true;
return(Task.CompletedTask);
}
Debug.Assert(scope == Scope.Invoker || scope == Scope.Resource);
var task = InvokeResultFilters();
if (task.Status != TaskStatus.RanToCompletion)
{
next = State.ResourceInsideEnd;
return(task);
}
goto case State.ResourceInsideEnd;
}
case State.ResourceInsideEnd:
{
if (scope == Scope.Resource)
{
_resourceExecutedContext = new ResourceExecutedContext(_actionContext, _filters)
{
Result = _result,
};
goto case State.ResourceEnd;
}
goto case State.InvokeEnd;
}
case State.ResourceEnd:
{
if (scope == Scope.Resource)
{
isCompleted = true;
return(Task.CompletedTask);
}
Debug.Assert(scope == Scope.Invoker);
Rethrow(_resourceExecutedContext);
goto case State.InvokeEnd;
}
case State.InvokeEnd:
{
isCompleted = true;
return(Task.CompletedTask);
}
default:
throw new InvalidOperationException();
}
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <param name="target"></param>
public AnnotationAuthorizer(AuthorizationFilterContext context, Permission?target)
: base(context, target)
{
}
protected virtual void goToTFA(AuthorizationFilterContext filterContext)
{
goTo(filterContext, "Users", "TFA");
}
/// <summary> /// /// </summary> /// <param name="context"></param> /// <param name="target"></param> public static void Authorize(AuthorizationFilterContext context, Permission?target) => new AnnotationAuthorizer(context, target).Authorize();
public void OnAuthorization(AuthorizationFilterContext context)
{
// context可以包含所有的上下文信息,包括请求信息、cookie信息
Console.WriteLine("授权过滤器,执行OnAuthorization方法");
}
public bool HasActionAttribute <T>(AuthorizationFilterContext context) where T : ActionFilterAttribute
{
return(context.Filters.Any(p => p is T));
}
