/// <summary> /// Determines whether the HTTP request contains a non-canonical URL using <see cref="TryGetCanonicalUrl"/>, /// if it doesn't calls the <see cref="HandleNonCanonicalRequest"/> method. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute"/> attribute.</param> /// <exception cref="ArgumentNullException">The <paramref name="context"/> parameter is <c>null</c>.</exception> public override void OnAuthorization(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException("context"); } if (this.ignoreControllers != null) { // Ignore the given controllers. ControllerActionDescriptor controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor; if (controllerActionDescriptor != null) { string controllerName = controllerActionDescriptor.ControllerName; foreach (string ignoreController in this.ignoreControllers) { if (string.Equals(controllerName, ignoreController, StringComparison.Ordinal)) { return; } } } } string canonicalUrl; if (!this.TryGetCanonicalUrl(context, out canonicalUrl)) { this.HandleNonCanonicalRequest(context, canonicalUrl); } }
/// <summary> /// Determines whether a request contains a trailing slash and, if it does, calls the /// <see cref="HandleTrailingSlashRequest"/> method. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RequireHttpsAttribute"/> attribute.</param> public override void OnAuthorization(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException("context"); } string canonicalUrl = context.HttpContext.Request.Path.ToString(); int queryIndex = canonicalUrl.IndexOf(QueryCharacter); if (queryIndex == -1) { if (canonicalUrl[canonicalUrl.Length - 1] == SlashCharacter) { this.HandleTrailingSlashRequest(context); } } else { if (canonicalUrl[queryIndex - 1] == SlashCharacter) { this.HandleTrailingSlashRequest(context); } } }
public override void OnAuthorization(AuthorizationContext context) { if (context.ActionDescriptor.DisplayName == "FiltersWebSite.ProductsController.GetPrice") { context.HttpContext.Response.Headers.Append("filters", "Global Authorization Filter - OnAuthorization"); } }
public override void OnAuthorization(AuthorizationContext context) { var token = context.HttpContext?.Request?.Headers?["Authorization"]; if (!AuthCache.ChackAuthToken(token)) throw new AuthenticationException(); else AuthCache.KeepAlive(token); }
public override Task OnAuthorizationAsync(AuthorizationContext context) { return Task.Run(() => { var token = context.HttpContext?.Request?.Headers?["Authorization"]; if (!AuthCache.ChackAuthToken(token)) throw new AuthenticationException(); else AuthCache.KeepAlive(token); }); }
public override void OnAuthorization(AuthorizationContext context) { if (this.SecurityManager.IsAuthorized) { base.OnAuthorization(context); } else { this.HandleUnAuthorized(context); } }
/// <summary> /// Determines whether the HTTP request contains a non-canonical URL using <see cref="TryGetCanonicalUrl"/>, /// if it doesn't calls the <see cref="HandleNonCanonicalRequest"/> method. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute"/> attribute.</param> /// <exception cref="ArgumentNullException">The <paramref name="context"/> parameter is <c>null</c>.</exception> public override void OnAuthorization(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } string canonicalUrl; if (!this.TryGetCanonicalUrl(context, out canonicalUrl)) { this.HandleNonCanonicalRequest(context, canonicalUrl); } }
/// <summary> /// Determines whether a request contains a trailing slash and, if it does, calls the /// <see cref="HandleTrailingSlashRequest"/> method. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RequireHttpsAttribute"/> attribute.</param> public override void OnAuthorization(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException("context"); } string url = context.HttpContext.Request.Path.ToString(); if (url[url.Length - 1] == '/') { this.HandleTrailingSlashRequest(context); } }
public override void OnAuthorization(AuthorizationContext context) { base.OnAuthorization(context); //TODO: implement access_token_ttl https://msdn.microsoft.com/en-us/library/hh695362(v=office.12).aspx string fileIdentifier = context.RouteData.Values[Constants.FILE_IDENTIFIER_PARAM].ToString(); var accessToken = context.HttpContext.Request.Query[Constants.ACCESS_TOKEN_HTTP_PARAM] ?? context.HttpContext.Request.Headers[Constants.ACCESS_TOKEN_HTTP_PARAM]; //if (!SecurityHandler.ValidateAccessToken(fileIdentifier, accessToken)) //{ // // If the token validation fails return 'unauthorized' // context.Result = new HttpStatusCodeResult((int)HttpStatusCode.Unauthorized); //} }
private void HandleUnAuthorized(AuthorizationContext context) { if (this.Output == OutputTypes.Json) { var response = new ObjectResult(OperationResult.ErrorResult("请登录")); response.StatusCode = StatusCodes.Status401Unauthorized; context.Result = response; } else { context.Result = new RedirectToActionResult("Login", "Account", null); } }
public override void OnAuthorization(AuthorizationContext context) { if (!HasAllowAnonymous(context)) { var user = context.HttpContext.User; var userIsAnonymous = user == null || user.Identity == null || !user.Identity.IsAuthenticated; if (userIsAnonymous) { base.Fail(context); } } }
/// <summary> /// Determines whether a request contains a trailing slash and, if it does, calls the /// <see cref="HandleTrailingSlashRequest"/> method. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RequireHttpsAttribute"/> attribute.</param> public override void OnAuthorization(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var path = context.HttpContext.Request.Path; if (path.HasValue) { if (path.Value[path.Value.Length - 1] == SlashCharacter) { this.HandleTrailingSlashRequest(context); } } }
protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext) { // only redirect for GET requests, otherwise the browser might not propagate the verb and request // body correctly. if (!string.Equals(filterContext.HttpContext.Request.Method, "GET", StringComparison.OrdinalIgnoreCase)) { filterContext.Result = new HttpStatusCodeResult(StatusCodes.Status403Forbidden); } else { var request = filterContext.HttpContext.Request; var newUrl = string.Concat( "https://", request.Host.ToUriComponent(), request.PathBase.ToUriComponent(), request.Path.ToUriComponent(), request.QueryString.ToUriComponent()); // redirect to HTTPS version of page filterContext.Result = new RedirectResult(newUrl, permanent: true); } }
/// <summary> /// Called when authorization is required. /// </summary> /// <param name="context">The filter context.</param> /// <returns>A task representing this function.</returns> /// <exception cref="System.ArgumentNullException">The <paramref name="context"/> parameter is <c>null</c>.</exception> public Task OnAuthorizationAsync(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } HttpRequest request = context.HttpContext.Request; string headerTokenValue = request.Headers[RequestVerificationTokenHttpHeaderName]; // Ajax POSTs using jquery have a header set that defines the token. // However using unobtrusive ajax the token is still submitted normally in the form. // if the header is present then use it, else fall back to processing the form like normal. if (headerTokenValue != null) { string antiForgeryCookieValue = request.Cookies[this.antiForgeryCookieName]; this.antiforgery.ValidateTokens(context.HttpContext, new AntiforgeryTokenSet(headerTokenValue, antiForgeryCookieValue)); return Task.FromResult<object>(null); } else { return this.antiforgery.ValidateRequestAsync(context.HttpContext); } }
public override void OnAuthorization(AuthorizationContext context) { context.HttpContext.Response.Headers.Append("filters", "On Controller Authorization Filter - OnAuthorization"); }
protected override void HandleNonHttpsRequest(AuthorizationContext filterContext) { filterContext.Result = new HttpStatusCodeResult(StatusCodes.Status404NotFound); }
/// <summary> /// Determines whether the specified URl is canonical and if it is not, outputs the canonical URL. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute" /> attribute.</param> /// <param name="canonicalUrl">The canonical URL.</param> /// <returns><c>true</c> if the URL is canonical, otherwise <c>false</c>.</returns> protected virtual bool TryGetCanonicalUrl(AuthorizationContext context, out string canonicalUrl) { bool isCanonical = true; canonicalUrl = context.HttpContext.Request.Path.ToString(); int queryIndex = canonicalUrl.IndexOf(QueryCharacter); if (queryIndex == -1) { bool hasTrailingSlash = canonicalUrl[canonicalUrl.Length - 1] == SlashCharacter; if (this.appendTrailingSlash) { // Append a trailing slash to the end of the URL. if (!hasTrailingSlash && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl += SlashCharacter; isCanonical = false; } } else { // Trim a trailing slash from the end of the URL. if (hasTrailingSlash) { canonicalUrl = canonicalUrl.TrimEnd(SlashCharacter); isCanonical = false; } } } else { bool hasTrailingSlash = canonicalUrl[queryIndex - 1] == SlashCharacter; if (this.appendTrailingSlash) { // Append a trailing slash to the end of the URL but before the query string. if (!hasTrailingSlash && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl = canonicalUrl.Insert(queryIndex, SlashCharacter.ToString()); isCanonical = false; } } else { // Trim a trailing slash to the end of the URL but before the query string. if (hasTrailingSlash) { canonicalUrl = canonicalUrl.Remove(queryIndex - 1, 1); isCanonical = false; } } } if (this.lowercaseUrls) { foreach (char character in canonicalUrl) { if (char.IsUpper(character) && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl = canonicalUrl.ToLower(); isCanonical = false; break; } } } return isCanonical; }
/// <summary> /// Handles HTTP requests that have a trailing slash but are not meant to. /// </summary> /// <param name="filterContext">An object that encapsulates information that is required in order to use the /// <see cref="RequireHttpsAttribute"/> attribute.</param> protected virtual void HandleTrailingSlashRequest(AuthorizationContext filterContext) { filterContext.Result = new HttpNotFoundResult(); }
#pragma warning restore 1998 public virtual void OnAuthorization([NotNull] AuthorizationContext context) { }
/// <summary> /// Determines whether the specified action or its controller has the <see cref="NoTrailingSlashAttribute"/> /// attribute specified. /// </summary> /// <param name="filterContext">The filter context.</param> /// <returns><c>true</c> if a <see cref="NoTrailingSlashAttribute"/> attribute is specified, otherwise /// <c>false</c>.</returns> private bool HasNoTrailingSlashAttribute(AuthorizationContext filterContext) { foreach (IFilter filter in filterContext.Filters) { if (filter is NoTrailingSlashAttribute) { return true; } } return false; }
/// <summary> /// Determines whether the specified action or its controller has the <see cref="NoTrailingSlashAttribute"/> /// attribute specified. /// </summary> /// <param name="filterContext">The filter context.</param> /// <returns><c>true</c> if a <see cref="NoTrailingSlashAttribute"/> attribute is specified, otherwise /// <c>false</c>.</returns> protected virtual bool HasNoTrailingSlashAttribute(AuthorizationContext filterContext) { foreach (IFilterMetadata filterMetadata in filterContext.Filters) { if (filterMetadata is NoTrailingSlashAttribute) { return true; } } return false; }
/// <summary> /// Determines whether the specified URl is canonical and if it is not, outputs the canonical URL. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute" /> attribute.</param> /// <param name="canonicalUrl">The canonical URL.</param> /// <returns><c>true</c> if the URL is canonical, otherwise <c>false</c>.</returns> protected virtual bool TryGetCanonicalUrl(AuthorizationContext context, out string canonicalUrl) { bool isCanonical = true; var path = context.HttpContext.Request.Path; canonicalUrl = path.ToString(); // If we are not dealing with the home page. Note, the home page is a special case and it doesn't matter // if there is a trailing slash or not. Both will be treated as the same by search engines. if (path.HasValue) { int queryIndex = canonicalUrl.IndexOf(QueryCharacter); if (queryIndex == -1) { bool hasTrailingSlash = canonicalUrl[canonicalUrl.Length - 1] == SlashCharacter; if (this.appendTrailingSlash) { // Append a trailing slash to the end of the URL. if (!hasTrailingSlash && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl += SlashCharacter; isCanonical = false; } } else { // Trim a trailing slash from the end of the URL. if (hasTrailingSlash) { canonicalUrl = canonicalUrl.TrimEnd(SlashCharacter); isCanonical = false; } } } else { bool hasTrailingSlash = canonicalUrl[queryIndex - 1] == SlashCharacter; if (this.appendTrailingSlash) { // Append a trailing slash to the end of the URL but before the query string. if (!hasTrailingSlash && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl = canonicalUrl.Insert(queryIndex, SlashCharacter.ToString()); isCanonical = false; } } else { // Trim a trailing slash to the end of the URL but before the query string. if (hasTrailingSlash) { canonicalUrl = canonicalUrl.Remove(queryIndex - 1, 1); isCanonical = false; } } } } if (this.lowercaseUrls) { foreach (char character in canonicalUrl) { if (char.IsUpper(character) && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl = canonicalUrl.ToLower(); isCanonical = false; break; } } } return isCanonical; }
public async Task OnAuthorizationAsync([NotNull] AuthorizationContext context) { await _antiforgery.ValidateRequestAsync(context.HttpContext); }
/// <summary> /// Determines whether the specified URl is canonical and if it is not, outputs the canonical URL. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute" /> attribute.</param> /// <param name="canonicalUrl">The canonical URL.</param> /// <returns><c>true</c> if the URL is canonical, otherwise <c>false</c>.</returns> protected virtual bool TryGetCanonicalUrl(AuthorizationContext context, out string canonicalUrl) { bool isCanonical = true; canonicalUrl = context.HttpContext.Request.Path.ToString(); bool hasTrailingSlash = canonicalUrl[canonicalUrl.Length - 1] == '/'; if (this.appendTrailingSlash) { if (!hasTrailingSlash && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl += '/'; isCanonical = false; } } else { if (hasTrailingSlash) { canonicalUrl = canonicalUrl.TrimEnd('/'); isCanonical = false; } } if (this.lowercaseUrls) { foreach (char character in canonicalUrl) { if (char.IsUpper(character) && !this.HasNoTrailingSlashAttribute(context)) { canonicalUrl = canonicalUrl.ToLower(); isCanonical = false; break; } } } return isCanonical; }
#pragma warning disable 1998 public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext context) { OnAuthorization(context); }
protected virtual void Fail([NotNull] AuthorizationContext context) { context.Result = new HttpStatusCodeResult(401); }
#pragma warning disable 1998 public override async Task OnAuthorizationAsync(AuthorizationContext context) { }
protected virtual bool HasAllowAnonymous([NotNull] AuthorizationContext context) { return(context.Filters.Any(item => item is IAllowAnonymous)); }
/// <summary> /// Handles HTTP requests for URL's that are not canonical. Performs a 301 Permanent Redirect to the canonical URL. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute" /> attribute.</param> /// <param name="canonicalUrl">The canonical URL.</param> protected virtual void HandleNonCanonicalRequest(AuthorizationContext context, string canonicalUrl) { context.Result = new RedirectResult(canonicalUrl, true); }
public override void OnAuthorization(AuthorizationContext context) { throw new InvalidProgramException("Authorization Filter Threw"); }
/// <summary> /// Determines whether the specified URl is canonical and if it is not, outputs the canonical URL. /// </summary> /// <param name="context">An object that encapsulates information that is required in order to use the /// <see cref="RedirectToCanonicalUrlAttribute" /> attribute.</param> /// <param name="canonicalUrl">The canonical URL.</param> /// <returns><c>true</c> if the URL is canonical, otherwise <c>false</c>.</returns> protected virtual bool TryGetCanonicalUrl(AuthorizationContext context, out string canonicalUrl) { bool isCanonical = true; var request = context.HttpContext.Request; // If we are not dealing with the home page. Note, the home page is a special case and it doesn't matter // if there is a trailing slash or not. Both will be treated as the same by search engines. if (request.Path.HasValue && (request.Path.Value.Length > 1)) { bool hasTrailingSlash = request.Path.Value[request.Path.Value.Length - 1] == SlashCharacter; if (this.appendTrailingSlash) { // Append a trailing slash to the end of the URL. if (!hasTrailingSlash && !this.HasNoTrailingSlashAttribute(context)) { request.Path = new PathString(request.Path.Value + SlashCharacter); isCanonical = false; } } else { // Trim a trailing slash from the end of the URL. if (hasTrailingSlash) { request.Path = new PathString(request.Path.Value.TrimEnd(SlashCharacter)); isCanonical = false; } } if (this.lowercaseUrls && !this.HasNoTrailingSlashAttribute(context)) { foreach (char character in request.Path.Value) { if (char.IsUpper(character)) { request.Path = new PathString(request.Path.Value.ToLower()); isCanonical = false; break; } } if (request.QueryString.HasValue) { foreach (char character in request.QueryString.Value) { if (char.IsUpper(character)) { request.QueryString = new QueryString(request.QueryString.Value.ToLower()); isCanonical = false; break; } } } } } if (isCanonical) { canonicalUrl = null; } else { canonicalUrl = UriHelper.GetEncodedUrl(request); } return isCanonical; }
public sealed override void OnAuthorization([NotNull] AuthorizationContext context) { // The async filter will be called by the filter pipeline. throw new NotImplementedException(Resources.AuthorizeAttribute_OnAuthorizationNotImplemented); }