/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public virtual bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return true;
}
// Use child modules
bool result = true;
foreach (var module in ChildModules)
{
try
{
result &= module.IsAccessibleToUser(controllerTypeResolver, provider, context, node);
}
catch (AclModuleNotSupportedException)
{
result &= true; // Convention throughout the provider: if the IAclModule can not authenticate a user, true is returned.
}
if (result == false)
{
return false;
}
}
// Return
return result;
}
/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public virtual bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return(true);
}
// Use child modules
bool result = true;
foreach (var module in ChildModules)
{
try
{
result &= module.IsAccessibleToUser(controllerTypeResolver, provider, context, node);
}
catch (AclModuleNotSupportedException)
{
result &= true; // Convention throughout the provider: if the IAclModule can not authenticate a user, true is returned.
}
if (result == false)
{
return(false);
}
}
// Return
return(result);
}
/// <summary>
/// Resolves the action method parameters.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="areaName">Name of the area.</param>
/// <param name="controllerName">Name of the controller.</param>
/// <param name="actionMethodName">Name of the action method.</param>
/// <returns>
/// A action method parameters represented as a <see cref="string"/> instance
/// </returns>
public IEnumerable <string> ResolveActionMethodParameters(IControllerTypeResolver controllerTypeResolver,
string areaName, string controllerName,
string actionMethodName)
{
// Is the request cached?
string cacheKey = areaName + "_" + controllerName + "_" + actionMethodName;
if (Cache.ContainsKey(cacheKey))
{
return(Cache[cacheKey]);
}
// Get controller type
Type controllerType = controllerTypeResolver.ResolveControllerType(areaName, controllerName);
// Get action method information
var actionParameters = new List <string>();
if (controllerType != null)
{
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor[] actionDescriptors = controllerDescriptor.GetCanonicalActions()
.Where(a => a.ActionName == actionMethodName).ToArray();
if (actionDescriptors != null && actionDescriptors.Length > 0)
{
foreach (ActionDescriptor actionDescriptor in actionDescriptors)
{
actionParameters.AddRange(actionDescriptor.GetParameters().Select(p => p.ParameterName));
}
}
}
// Cache the result
if (!Cache.ContainsKey(cacheKey))
{
try
{
Cache.Add(cacheKey, actionParameters);
}
catch (ArgumentException)
{
// Nomnomnom... We're intentionally eating it here
}
}
// Return
return(actionParameters);
}
/// <summary>
/// Resolves the action method parameters.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="areaName">Name of the area.</param>
/// <param name="controllerName">Name of the controller.</param>
/// <param name="actionMethodName">Name of the action method.</param>
/// <returns>
/// A action method parameters represented as a <see cref="string"/> instance
/// </returns>
public IEnumerable<string> ResolveActionMethodParameters(IControllerTypeResolver controllerTypeResolver,
string areaName, string controllerName,
string actionMethodName)
{
// Is the request cached?
string cacheKey = areaName + "_" + controllerName + "_" + actionMethodName;
if (Cache.ContainsKey(cacheKey))
{
return Cache[cacheKey];
}
// Get controller type
Type controllerType = controllerTypeResolver.ResolveControllerType(areaName, controllerName);
// Get action method information
var actionParameters = new List<string>();
if (controllerType != null)
{
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor[] actionDescriptors = controllerDescriptor.GetCanonicalActions()
.Where(a => a.ActionName == actionMethodName).ToArray();
if (actionDescriptors != null && actionDescriptors.Length > 0)
{
foreach (ActionDescriptor actionDescriptor in actionDescriptors)
{
actionParameters.AddRange(actionDescriptor.GetParameters().Select(p => p.ParameterName));
}
}
}
// Cache the result
if (!Cache.ContainsKey(cacheKey))
{
try
{
Cache.Add(cacheKey, actionParameters);
}
catch (ArgumentException)
{
// Nomnomnom... We're intentionally eating it here
}
}
// Return
return actionParameters;
}
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
Ensure.ThatTypeFor(() => node).IsOfType<MvcSiteMapNode>();
HttpContextBase contextBase = context.Wrap();
MvcSiteMapNode mvc = (MvcSiteMapNode)node;
string controller = mvc.Controller;
string action = mvc.Action;
bool accessible = IsActionAccessibleToUser(controllerTypeResolver, contextBase, controller, action);
return accessible;
}
public MvcResolver(
IControllerTypeResolver controllerTypeResolver,
IActionMethodParameterResolver actionMethodParameterResolver
)
{
if (controllerTypeResolver == null)
throw new ArgumentNullException("controllerTypeResolver");
if (actionMethodParameterResolver == null)
throw new ArgumentNullException("actionMethodParameterResolver");
this.controllerTypeResolver = controllerTypeResolver;
this.actionMethodParameterResolver = actionMethodParameterResolver;
}
/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return(true);
}
// Is it a regular node?
var mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
if (provider.ParentProvider != null)
{
return(provider.ParentProvider.IsAccessibleToUser(context, node));
}
}
// If we have roles assigned, check them against the roles defined in the sitemap
if (node.Roles != null && node.Roles.Count > 0)
{
// if there is an authenticated user and the role allows anyone authenticated ("*"), show it
if ((context.User.Identity.IsAuthenticated) && node.Roles.Contains("*"))
{
return(true);
}
// if there is no user, but the role allows unauthenticated users ("?"), show it
if ((!context.User.Identity.IsAuthenticated) && node.Roles.Contains("?"))
{
return(true);
}
// if the user is in one of the listed roles, show it
if (node.Roles.OfType <string>().Any(role => context.User.IsInRole(role)))
{
return(true);
}
// if we got this far, deny showing
return(false);
}
// Everything seems OK...
return(true);
}
/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return true;
}
// Is it a regular node?
var mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
if (provider.ParentProvider != null)
{
return provider.ParentProvider.IsAccessibleToUser(context, node);
}
}
// If we have roles assigned, check them against the roles defined in the sitemap
if (node.Roles != null && node.Roles.Count > 0)
{
// if there is an authenticated user and the role allows anyone authenticated ("*"), show it
if ((context.User.Identity.IsAuthenticated) && node.Roles.Contains("*"))
{
return true;
}
// if there is no user, but the role allows unauthenticated users ("?"), show it
if ((!context.User.Identity.IsAuthenticated) && node.Roles.Contains("?"))
{
return true;
}
// if the user is in one of the listed roles, show it
if (node.Roles.OfType<string>().Any(role => context.User.IsInRole(role)))
{
return true;
}
// if we got this far, deny showing
return false;
}
// Everything seems OK...
return true;
}
public MvcResolver(
IControllerTypeResolver controllerTypeResolver,
IActionMethodParameterResolver actionMethodParameterResolver
)
{
if (controllerTypeResolver == null)
{
throw new ArgumentNullException("controllerTypeResolver");
}
if (actionMethodParameterResolver == null)
{
throw new ArgumentNullException("actionMethodParameterResolver");
}
this.controllerTypeResolver = controllerTypeResolver;
this.actionMethodParameterResolver = actionMethodParameterResolver;
}
/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return true;
}
// Is it an external node?
var nodeUrl = node.Url;
if (nodeUrl.StartsWith("http") || nodeUrl.StartsWith("ftp"))
{
return true;
}
// Is it a regular node?
var mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
throw new AclModuleNotSupportedException(
Resources.Messages.AclModuleDoesNotSupportRegularSiteMapNodes);
}
// Clickable? Always accessible.
if (mvcNode.Clickable == false)
{
return true;
}
// Time to delve into the AuthorizeAttribute defined on the node.
// Let's start by getting all metadata for the controller...
var controllerType = controllerTypeResolver.ResolveControllerType(mvcNode.Area, mvcNode.Controller);
if (controllerType == null)
{
return false;
}
// Find routes for the sitemap node's url
HttpContextBase httpContext = new HttpContextWrapper(context);
string originalPath = httpContext.Request.Path;
var originalRoutes = RouteTable.Routes.GetRouteData(httpContext);
httpContext.RewritePath(nodeUrl, true);
HttpContextBase httpContext2 = new HttpContext2(context);
RouteData routes = mvcNode.GetRouteData(httpContext2);
if (routes == null)
{
return true; // Static URL's will have no route data, therefore return true.
}
foreach (var routeValue in mvcNode.RouteValues)
{
routes.Values[routeValue.Key] = routeValue.Value;
}
if (!routes.Route.Equals(originalRoutes.Route) || originalPath != nodeUrl || mvcNode.Area == String.Empty)
{
routes.DataTokens.Remove("area");
//routes.DataTokens.Remove("Namespaces");
//routes.Values.Remove("area");
}
var requestContext = new RequestContext(httpContext, routes);
// Create controller context
var controllerContext = new ControllerContext();
controllerContext.RequestContext = requestContext;
try
{
string controllerName = requestContext.RouteData.GetRequiredString("controller");
controllerContext.Controller = ControllerBuilder.Current.GetControllerFactory().CreateController(requestContext, controllerName) as ControllerBase;
}
catch
{
try
{
controllerContext.Controller = Activator.CreateInstance(controllerType) as ControllerBase;
}
catch
{
}
}
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor actionDescriptor = null;
try
{
actionDescriptor = controllerDescriptor.FindAction(controllerContext, mvcNode.Action);
}
catch
{
}
if (actionDescriptor == null)
{
actionDescriptor = controllerDescriptor.GetCanonicalActions().Where(a => a.ActionName == mvcNode.Action).FirstOrDefault();
}
// Verify security
try
{
if (actionDescriptor != null)
{
#if NET35
IEnumerable<AuthorizeAttribute> authorizeAttributesToCheck =
actionDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList()
.Union(
controllerDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList());
#else
IEnumerable<AuthorizeAttribute> authorizeAttributesToCheck =
FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor)
.Where(f => typeof(AuthorizeAttribute).IsAssignableFrom(f.Instance.GetType()))
.Select(f => f.Instance as AuthorizeAttribute);
#endif
// Verify all attributes
foreach (var authorizeAttribute in authorizeAttributesToCheck)
{
try
{
var currentAuthorizationAttributeType = authorizeAttribute.GetType();
var builder = new AuthorizeAttributeBuilder();
var subclassedAttribute =
currentAuthorizationAttributeType == typeof(AuthorizeAttribute) ?
new InternalAuthorize(authorizeAttribute) : // No need to use Reflection.Emit when ASP.NET MVC built-in attribute is used
(IAuthorizeAttribute)builder.Build(currentAuthorizationAttributeType).Invoke(null);
// Copy all properties
ObjectCopier.Copy(authorizeAttribute, subclassedAttribute);
if (!subclassedAttribute.IsAuthorized(controllerContext.HttpContext))
{
return false;
}
}
catch
{
// do not allow on exception
return false;
}
}
}
// No objection.
return true;
}
finally
{
// Restore HttpContext
httpContext.RewritePath(originalPath, true);
}
}
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider,
HttpContext context, SiteMapNode node)
{
// is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return true;
}
// external nodes
var nodeUrl = node.Url;
if (nodeUrl.StartsWith("http") || nodeUrl.StartsWith("ftp"))
{
return true;
}
// Is it a regular node?
var mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
return true;
}
var controllerType = controllerTypeResolver.ResolveControllerType(mvcNode.Area, mvcNode.Controller);
if (controllerType == null)
{
return false;
}
// Find routes for the sitemap node's url
HttpContextBase httpContext = new HttpContextMethodOverrider(context, null);
string originalPath = httpContext.Request.Path;
var originalRoutes = RouteTable.Routes.GetRouteData(httpContext);
httpContext.RewritePath(nodeUrl, true);
HttpContextBase httpContext2 = new HttpContext2(context);
RouteData routes = mvcNode.GetRouteData(httpContext2);
if (routes == null)
{
return true; // Static URL's will have no route data, therefore return true.
}
foreach (var routeValue in mvcNode.RouteValues)
{
routes.Values[routeValue.Key] = routeValue.Value;
}
if (originalRoutes != null && (!routes.Route.Equals(originalRoutes.Route) || originalPath != nodeUrl || mvcNode.Area == String.Empty))
{
routes.DataTokens.Remove("area");
//routes.DataTokens.Remove("Namespaces");
//routes.Values.Remove("area");
}
var requestContext = new RequestContext(httpContext, routes);
// Create controller context
var controllerContext = new ControllerContext();
controllerContext.RequestContext = requestContext;
// Whether controller is built by the ControllerFactory (or otherwise by Activator)
bool factoryBuiltController = false;
try
{
string controllerName = requestContext.RouteData.GetRequiredString("controller");
controllerContext.Controller = ControllerBuilder.Current.GetControllerFactory().CreateController(requestContext, controllerName) as ControllerBase;
factoryBuiltController = true;
}
catch
{
try
{
controllerContext.Controller = Activator.CreateInstance(controllerType) as ControllerBase;
}
catch
{
}
}
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor actionDescriptor = null;
try
{
actionDescriptor = controllerDescriptor.FindAction(controllerContext, mvcNode.Action);
}
catch
{
}
if (actionDescriptor == null)
{
actionDescriptor = controllerDescriptor.GetCanonicalActions().FirstOrDefault(a => a.ActionName == mvcNode.Action);
}
// Verify security
try
{
if (actionDescriptor != null)
{
// fixes #130 - Check whether we have an AllowAnonymous Attribute
var ignoreAuthorization = actionDescriptor.HasAttribute<AllowAnonymousAttribute>();
if (ignoreAuthorization)
return true;
if (actionDescriptor.HasAttribute<OnlyAnonymousAttribute>())
return !requestContext.HttpContext.Request.IsAuthenticated;
IFilterProvider filterProvider = ResolveFilterProvider();
IEnumerable<Filter> filters;
// If depencency resolver has an IFilterProvider registered, use it
if (filterProvider != null)
{
filters = filterProvider.GetFilters(controllerContext, actionDescriptor);
}
// Otherwise use FilterProviders.Providers
else
{
filters = FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor);
}
IEnumerable<AuthorizeAttribute> authorizeAttributesToCheck =
filters
.Where(f => f.Instance is AuthorizeAttribute)
.Select(f => f.Instance as AuthorizeAttribute);
// Verify all attributes
foreach (var authorizeAttribute in authorizeAttributesToCheck)
{
try
{
var currentAuthorizationAttributeType = authorizeAttribute.GetType();
var builder = new AuthorizeAttributeBuilder();
var subclassedAttribute =
currentAuthorizationAttributeType == typeof(AuthorizeAttribute) ?
new InternalAuthorize(authorizeAttribute) : // No need to use Reflection.Emit when ASP.NET MVC built-in attribute is used
(IAuthorizeAttribute)builder.Build(currentAuthorizationAttributeType).Invoke(null);
// Copy all properties
ObjectCopier.Copy(authorizeAttribute, subclassedAttribute);
if (!subclassedAttribute.IsAuthorized(controllerContext.HttpContext))
{
return false;
}
}
catch
{
// do not allow on exception
return false;
}
}
}
// No objection.
return true;
}
finally
{
// Restore HttpContext
httpContext.RewritePath(originalPath, true);
// Release controller
if (factoryBuiltController)
ControllerBuilder.Current.GetControllerFactory().ReleaseController(controllerContext.Controller);
}
}
public IMvcResolver Create(
IControllerTypeResolver controllerTypeResolver,
IActionMethodParameterResolver actionMethodParameterResolver)
{
return new MvcResolver(controllerTypeResolver, actionMethodParameterResolver);
}
public IMvcResolver Create(
IControllerTypeResolver controllerTypeResolver,
IActionMethodParameterResolver actionMethodParameterResolver)
{
return(new MvcResolver(controllerTypeResolver, actionMethodParameterResolver));
}
internal bool IsActionAccessibleToUser(IControllerTypeResolver resolver, HttpContextBase context, string controllerName, string actionName)
{
ControllerBase controller = GetController(context, controllerName, actionName);
if (controller == null)
{
return false;
}
// find all AuthorizeAttributes on the controller class and action method.
IList<AuthorizeAttribute> authorizeAttributes = GetAuthorizeAttributes(controller, actionName).ToList();
bool validationResult = ValidateAuthorizeAttributes(context.User, authorizeAttributes);
return validationResult;
}
/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return(true);
}
// Is it an external node?
var nodeUrl = node.Url;
if (nodeUrl.StartsWith("http") || nodeUrl.StartsWith("ftp"))
{
return(true);
}
// Is it a regular node?
var mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
throw new AclModuleNotSupportedException(
Resources.Messages.AclModuleDoesNotSupportRegularSiteMapNodes);
}
// Clickable? Always accessible.
if (mvcNode.Clickable == false)
{
return(true);
}
// Time to delve into the AuthorizeAttribute defined on the node.
// Let's start by getting all metadata for the controller...
var controllerType = controllerTypeResolver.ResolveControllerType(mvcNode.Area, mvcNode.Controller);
if (controllerType == null)
{
return(false);
}
// Find routes for the sitemap node's url
HttpContextBase httpContext = new HttpContextWrapper(context);
string originalPath = httpContext.Request.Path;
var originalRoutes = RouteTable.Routes.GetRouteData(httpContext);
httpContext.RewritePath(nodeUrl, true);
HttpContextBase httpContext2 = new HttpContext2(context);
RouteData routes = mvcNode.GetRouteData(httpContext2);
if (routes == null)
{
return(true); // Static URL's will have no route data, therefore return true.
}
foreach (var routeValue in mvcNode.RouteValues)
{
routes.Values[routeValue.Key] = routeValue.Value;
}
if (!routes.Route.Equals(originalRoutes.Route) || originalPath != nodeUrl || mvcNode.Area == String.Empty)
{
routes.DataTokens.Remove("area");
//routes.DataTokens.Remove("Namespaces");
//routes.Values.Remove("area");
}
var requestContext = new RequestContext(httpContext, routes);
// Create controller context
var controllerContext = new ControllerContext();
controllerContext.RequestContext = requestContext;
// Whether controller is built by the ControllerFactory (or otherwise by Activator)
bool factoryBuiltController = false;
try
{
string controllerName = requestContext.RouteData.GetRequiredString("controller");
controllerContext.Controller = ControllerBuilder.Current.GetControllerFactory().CreateController(requestContext, controllerName) as ControllerBase;
factoryBuiltController = true;
}
catch
{
try
{
controllerContext.Controller = Activator.CreateInstance(controllerType) as ControllerBase;
}
catch
{
}
}
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor actionDescriptor = null;
try
{
actionDescriptor = controllerDescriptor.FindAction(controllerContext, mvcNode.Action);
}
catch
{
}
if (actionDescriptor == null)
{
actionDescriptor = controllerDescriptor.GetCanonicalActions().Where(a => a.ActionName == mvcNode.Action).FirstOrDefault();
}
// Verify security
try
{
if (actionDescriptor != null)
{
#if NET35
IEnumerable <AuthorizeAttribute> authorizeAttributesToCheck =
actionDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList()
.Union(
controllerDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList());
#else
IFilterProvider filterProvider = ResolveFilterProvider();
IEnumerable <Filter> filters;
// If depencency resolver has an IFilterProvider registered, use it
if (filterProvider != null)
{
filters = filterProvider.GetFilters(controllerContext, actionDescriptor);
}
// Otherwise use FilterProviders.Providers
else
{
filters = FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor);
}
IEnumerable <AuthorizeAttribute> authorizeAttributesToCheck =
filters
.Where(f => typeof(AuthorizeAttribute).IsAssignableFrom(f.Instance.GetType()))
.Select(f => f.Instance as AuthorizeAttribute);
#endif
// Verify all attributes
foreach (var authorizeAttribute in authorizeAttributesToCheck)
{
try
{
var currentAuthorizationAttributeType = authorizeAttribute.GetType();
var builder = new AuthorizeAttributeBuilder();
var subclassedAttribute =
currentAuthorizationAttributeType == typeof(AuthorizeAttribute) ?
new InternalAuthorize(authorizeAttribute) : // No need to use Reflection.Emit when ASP.NET MVC built-in attribute is used
(IAuthorizeAttribute)builder.Build(currentAuthorizationAttributeType).Invoke(null);
// Copy all properties
ObjectCopier.Copy(authorizeAttribute, subclassedAttribute);
if (!subclassedAttribute.IsAuthorized(controllerContext.HttpContext))
{
return(false);
}
}
catch
{
// do not allow on exception
return(false);
}
}
}
// No objection.
return(true);
}
finally
{
// Restore HttpContext
httpContext.RewritePath(originalPath, true);
// Release controller
if (factoryBuiltController)
{
ControllerBuilder.Current.GetControllerFactory().ReleaseController(controllerContext.Controller);
}
}
}
public HelpController(
HttpConfiguration config, IiQApiExplorer apiExplorer, IControllerTypeResolver typeResolver,
IApiBaseAddressPathProvider basePathProvider)
: base(config, apiExplorer, typeResolver, basePathProvider)
{
}
public ControllerFactory(IDependencyResolver dependencyResolver, IControllerTypeResolver resolver)
{
_controllerTypeResolver = (t) => resolver[t];
_dependencyResolver = dependencyResolver;
}
