public object Invoke(BaseHandler handler, HttpContext context) { MethodInfo m = null; if (string.IsNullOrEmpty(method)) { // call the request method // if no method is passed then well call the method by HTTP verb (GET, POST, DELETE, UPDATE) method = context.Request.RequestType.ToUpper(); } m = handler.GetType().GetMethod(method); List <object> a = new List <object>(); if (m == null) { if (method.ToLower() == "help") { m = handler.GetType().BaseType.GetMethod("Help"); } else { throw new Exception(string.Format("Method {0} not found on Handler {1}.", method, this.GetType().ToString())); } } else { // evaluate the handler and method attributes against Http allowed verbs /* * The logic here is: * -> if no attribute is found means it allows every verb * -> is a method have verb attbibutes defined then it will ignore the ones on the class * -> verb attributes on the class are applied to all methods without verb attribues */ var handlerSupportedVerbs = handler.GetType().GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast <HttpVerbAttribute>(); var methodSupportedVerbs = m.GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast <HttpVerbAttribute>(); bool VerbAllowedOnMethod = (methodSupportedVerbs.Count() == 0); bool VerbAllowedOnHandler = (handlerSupportedVerbs.Count() == 0); if (methodSupportedVerbs.Count() > 0) { VerbAllowedOnMethod = methodSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null; } else if (handlerSupportedVerbs.Count() > 0) { VerbAllowedOnHandler = handlerSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null; } if (!VerbAllowedOnMethod || !VerbAllowedOnHandler) { throw new HttpVerbNotAllowedException(); } // security validation: Search for RequireAuthenticationAttribute on the method // value=true the user must be authenticated (only supports FromsAuthentication for now // value=false invoke the method object[] attrs = m.GetCustomAttributes(typeof(RequireAuthenticationAttribute), true); if (attrs != null && attrs.Length > 0) { if (!context.Request.IsAuthenticated && ((RequireAuthenticationAttribute)attrs[0]).RequireAuthentication) { throw new InvalidOperationException("Method [" + m.Name + "] Requires authentication"); } } } foreach (var param in m.GetParameters()) { a.Add(ProcessProperty(param.Name, param.ParameterType, string.Empty)); } // OnMethodInvoke -> Invoke -> AfterMethodInvoke OnMethodInvokeArgs cancelInvoke = new OnMethodInvokeArgs(m); handler.OnMethodInvoke(cancelInvoke); object invokeResult = null; if (!cancelInvoke.Cancel) { invokeResult = m.Invoke(handler, a.ToArray()); handler.AfterMethodInvoke(invokeResult); } return(invokeResult); }
public object Invoke(BaseHandler handler, HttpContext context) { MethodInfo m = null; if (string.IsNullOrEmpty(method)) { // call the request method // if no method is passed then well call the method by HTTP verb (GET, POST, DELETE, UPDATE) method = context.Request.RequestType.ToUpper(); } m = handler.GetType().GetMethod(method); List<object> a = new List<object>(); if (m == null) { if (method.ToLower() == "help") { m = handler.GetType().BaseType.GetMethod("Help"); } else { throw new Exception(string.Format("Method {0} not found on Handler {1}.", method, this.GetType().ToString())); } } else { // evaluate the handler and method attributes against Http allowed verbs /* The logic here is: * -> if no attribute is found means it allows every verb * -> is a method have verb attbibutes defined then it will ignore the ones on the class * -> verb attributes on the class are applied to all methods without verb attribues */ var handlerSupportedVerbs = handler.GetType().GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast<HttpVerbAttribute>(); var methodSupportedVerbs = m.GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast<HttpVerbAttribute>(); bool VerbAllowedOnMethod = (methodSupportedVerbs.Count() == 0); bool VerbAllowedOnHandler = (handlerSupportedVerbs.Count() == 0); if (methodSupportedVerbs.Count() > 0) { VerbAllowedOnMethod = methodSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null; } else if (handlerSupportedVerbs.Count() > 0) { VerbAllowedOnHandler = handlerSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null; } if (!VerbAllowedOnMethod || !VerbAllowedOnHandler) { throw new HttpVerbNotAllowedException(); } // security validation: Search for RequireAuthenticationAttribute on the method // value=true the user must be authenticated (only supports FromsAuthentication for now // value=false invoke the method object[] attrs = m.GetCustomAttributes(typeof(RequireAuthenticationAttribute), true); if (attrs != null && attrs.Length > 0) { if (!context.Request.IsAuthenticated && ((RequireAuthenticationAttribute)attrs[0]).RequireAuthentication) { throw new InvalidOperationException("Method [" + m.Name + "] Requires authentication"); } } } foreach (var param in m.GetParameters()) { a.Add(ProcessProperty(param.Name, param.ParameterType, string.Empty)); } // OnMethodInvoke -> Invoke -> AfterMethodInvoke OnMethodInvokeArgs cancelInvoke = new OnMethodInvokeArgs(m); handler.OnMethodInvoke(cancelInvoke); object invokeResult = null; if (!cancelInvoke.Cancel) { invokeResult = m.Invoke(handler, a.ToArray()); handler.AfterMethodInvoke(invokeResult); } return invokeResult; }