public async Task OnPageHandlerExecutionAsync(PageHandlerExecutingContext context, PageHandlerExecutionDelegate next)
{
//在调用处理程序方法前,但在模型绑定结束后,进行异步调用。
//context.ActionDescriptor.FilterDescriptors
var authenticateResult = await context.HttpContext.AuthenticateAsync(AdminAuthorizeAttribute.AuthenticationScheme);
if (authenticateResult.Succeeded && !context.Filters.Any(_ => _ is AllowAnonymousFilter))
{
AdminPageModelBase adminPageModel = context.HandlerInstance as AdminPageModelBase;
//adminPageModel.SysMenuDtos = await _sysMenuService.GetMenuTreeDtoByCacheAsync();
adminPageModel.AdminWorkContext = _adminWorkContextProvider.GetAdminWorkContext();
bool hasPageRoute = context.RouteData.Values.TryGetValue("page", out object page);
bool hasAreaRoute = context.RouteData.Values.TryGetValue("area", out object area);
bool hasRight = hasPageRoute && hasAreaRoute;
if (hasRight)
{
var url = context.HttpContext.Request.Path; /*.GetEncodedPathAndQuery()*/;
hasRight = await _sysPermissionService.HasPermissionAsync(url /*string.Concat("/", area, page)*/);
}
if (!hasRight /*&& !(adminPageModel is Pages.IndexModel)*/)
{
IActionResult actionResult = new Microsoft.AspNetCore.Mvc.RedirectResult("/Admin/Forbidden");
//跳出
if (context.HttpContext.Request.Headers.TryGetValue("x-requested-with", out Microsoft.Extensions.Primitives.StringValues strings))
{
if (strings.Contains("XMLHttpRequest"))
{
actionResult = new JsonResult(new AjaxReturnModel()
{
Success = false, Msg = "您没有权限访问"
})
{
StatusCode = 401
};
}
}
context.Result = actionResult;
return;//If an IAsyncPageFilter provides a result value by setting the Result property of PageHandlerExecutingContext to a non-null value, then it cannot call the next filter by invoking PageHandlerExecutionDelegate.
}
}
await next.Invoke();
}
public override async Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
{
//context.ActionDescriptor.FilterDescriptors
var authenticateResult = await context.HttpContext.AuthenticateAsync(AdminAuthorizeAttribute.AuthenticationScheme);
if (authenticateResult.Succeeded && !context.Filters.Any(_ => _ is AllowAnonymousFilter))
{
BaseAdminPageModel adminPageModel = context.Controller as BaseAdminPageModel;
//adminPageModel.SysMenuDtos = await _sysMenuService.GetMenuTreeDtoByCacheAsync();
adminPageModel.AdminWorkContext = _adminWorkContextProvider.GetAdminWorkContext();
bool hasPageRoute = context.RouteData.Values.TryGetValue("page", out object page);
bool hasAreaRoute = context.RouteData.Values.TryGetValue("area", out object area);
bool hasRight = hasPageRoute && hasAreaRoute;
if (hasRight)
{
hasRight = await _sysPermissionService.HasPermissionAsync(string.Concat("/", area, page));
}
if (!hasRight && !(adminPageModel is Pages.IndexModel))
{
IActionResult actionResult = new Microsoft.AspNetCore.Mvc.RedirectResult("/Admin/Forbidden");
//跳出
if (context.HttpContext.Request.Headers.TryGetValue("x-requested-with", out Microsoft.Extensions.Primitives.StringValues strings))
{
if (strings.Contains("XMLHttpRequest"))
{
actionResult = new JsonResult(new AjaxReturnModel()
{
Success = false, Msg = "您没有权限访问"
})
{
StatusCode = 401
};
}
}
context.Result = actionResult;
}
}
await base.OnResultExecutionAsync(context, next);
}