/// <summary> /// 检查用户是否有该Action执行的操作权限 /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(HttpActionContext actionContext) { //增加操作日志 var log = new Log() { Action = $"{actionContext.ControllerContext.ControllerDescriptor.ControllerName}/{actionContext.ActionDescriptor.ActionName}", Note = GetText(actionContext.ActionArguments) }; var b = actionContext.Request.Headers.Referrer; var attr = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(); if (attr.Any(a => a != null))//判断是否允许匿名调用 { base.OnActionExecuting(actionContext); } else if (b != null && CfgLoader.Instance.GetArraryConfig<string>("Csrf", "Address").Any(r => b.ToString().StartsWith(r))) { AuthFrom(actionContext, ref log); } else if (b == null) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); } base.OnActionExecuting(actionContext); log.Save(Guid.Empty); }
/// <summary> /// Logs an exception /// </summary> /// <param name="msg">Descriptive message</param> /// <param name="ex">Current exception</param> /// <param name="authName">Current users authentication name</param> /// <param name="errorType">Error type</param> /// <returns>bool Success</returns> private static bool LogException(string msg, Exception ex, LogMessageType errorType, string authName) { bool Success = true; try { string exMessage = string.Empty; string exType = string.Empty; StringBuilder exSource = new StringBuilder(); string exStackTrace = string.Empty; string scriptName; string userAgent = string.Empty; string referer = string.Empty; string remoteHost = string.Empty; string authUser = authName; string formData = string.Empty; string queryStringData = string.Empty; string cookiesData = string.Empty; if (ex != null) { while (ex != null) { if (ex.InnerException == null) { exMessage = ex.Message; exType = ex.GetType().ToString(); exStackTrace = ex.StackTrace; } exSource.Append("["); exSource.Append(ex.Source); exSource.Append("]"); ex = ex.InnerException; } } // Leave all HTTP-specific information out if this // method is being called from a Win/Console app. if (HttpContext.Current == null) scriptName = Environment.CommandLine; else { HttpContext thisContext = HttpContext.Current; HttpRequest thisRequest = thisContext.Request; scriptName = thisRequest.CurrentExecutionFilePath; userAgent = thisRequest.ServerVariables["HTTP_USER_AGENT"]; referer = thisRequest.ServerVariables["HTTP_REFERER"]; remoteHost = thisRequest.ServerVariables["HTTP_X_FORWARDED_FOR"]; if (string.IsNullOrEmpty(remoteHost)) remoteHost = thisRequest.ServerVariables["REMOTE_HOST"]; authUser = thisRequest.ServerVariables["AUTH_USER"]; formData = thisRequest.Form.ToString(); queryStringData = thisRequest.QueryString.ToString(); cookiesData = GetCookiesAsString(thisContext); } Log log = new Log(); log.AuthUser = authUser; log.Referer = referer; log.RemoteHost = remoteHost; log.Message = msg ?? string.Empty; log.UserAgent = userAgent; log.ScriptName = scriptName; log.ExceptionMessage = exMessage; log.ExceptionSource = exSource.ToString(); log.ExceptionStackTrace = exStackTrace; log.MachineName = Environment.MachineName; log.ExceptionType = exType; log.MessageType = (byte)errorType; log.CookiesData = cookiesData; log.FormData = formData; log.QueryStringData = queryStringData; log.LogDate = DateTime.UtcNow; log.Save(); } catch { Success = false; } return Success; }