private bool HasAllowAnonymousAttribute(ActionDescriptor actionDescriptor) { var allowAnonymousType = typeof(AllowAnonymousAttribute); return(actionDescriptor.IsDefined(allowAnonymousType, true) || actionDescriptor.ControllerDescriptor.IsDefined(allowAnonymousType, true)); }
public bool HasRightsToAction(ActionDescriptor actionDescriptor) { var skipAuthorization = true; if (actionDescriptor.IsDefined(typeof(CustomAuthorizeAttribute), true)) { skipAuthorization = false; } else if (!actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) && actionDescriptor.ControllerDescriptor.IsDefined(typeof(CustomAuthorizeAttribute), true)) { skipAuthorization = false; } return(skipAuthorization || HasRights()); }
protected virtual ActionResult HandleUnauthorizedRequest(ControllerContext controllerContext, ActionDescriptor actionDescriptor) { bool hasApiAttr = actionDescriptor.IsDefined(typeof(ApiAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(ApiAttribute), true); // 忽略 ActionResult 的返回类型 if (actionDescriptor is ReflectedActionDescriptor) { var reflectedActionDescriptor = (ReflectedActionDescriptor)actionDescriptor; var returnType = reflectedActionDescriptor.MethodInfo.ReturnType; if (returnType == typeof(ActionResult) || returnType.IsSubclassOf(typeof(ActionResult))) { hasApiAttr = false; } } // 302 if (hasApiAttr) { return(new FrameworkHttpUnauthorizedResult()); } var request = controllerContext.HttpContext.Request; var url = request.HttpMethod.Equals("GET", StringComparison.CurrentCultureIgnoreCase) ? request.Url.ToString() : null; return(new FrameworkHttpLoginRedirectResult(url)); }
public static bool HasAttribute <T>(this ActionDescriptor actionDescriptor) where T : Attribute { var attrType = typeof(T); return(actionDescriptor.IsDefined(attrType, true) || actionDescriptor.ControllerDescriptor.IsDefined(attrType, true)); }
/// <summary> /// 重定向方法(ajax和link) /// </summary> /// <param name="url">重定向的url</param> /// <param name="action">产生重定向的action方法</param> /// <returns>JSONRESULT REDIRECTRESULT</returns> public ActionResult Redirect(string url, ActionDescriptor action, AjaxStatu ajaxStatu = AjaxStatu.noperm) { //如果是Ajax请求没有权限,那么就返回Json消息 if (action.IsDefined(typeof(Common.Attributes.AjaxRequestAttribute), false) || action.ControllerDescriptor.IsDefined(typeof(Common.Attributes.AjaxRequestAttribute), false)) { if (ajaxStatu == AjaxStatu.nologin) { return(PackagingAjaxmsg(AjaxStatu.nologin, Message.NotLogin, null, url)); } else if (ajaxStatu == AjaxStatu.none) { return(PackagingAjaxmsg(AjaxStatu.nologin, Message.NotNone, null, url)); } else { string strAction = action.GetDescription(); string strController = action.ControllerDescriptor.GetDescription(); string msg = string.Format(Message.OptNoPermission, strAction); return(PackagingAjaxmsg(AjaxStatu.noperm, msg, null, null)); } } else//如果是超链接或表单 { return(new RedirectResult(url)); } }
public static bool IsDefinedInActionOrController <T>(this ActionDescriptor actionDescriptor, bool inherit = true) where T : Attribute { var type = typeof(T); return(actionDescriptor.IsDefined(type, inherit) || actionDescriptor.ControllerDescriptor.IsDefined(type, inherit)); }
/// <summary> /// 是否 action / controller 有定义指定的特性 /// </summary> /// <typeparam name="T">定义的特性类型</typeparam> /// <param name="controller">控制器</param> /// <param name="actionDescriptor">Action 描述</param> /// <param name="inherit">特性是否允许继承,默认为 true</param> /// <returns>是否允许继承,默认为 true</returns> public static bool IsDefinedAttribute <T>(this Controller controller, ActionDescriptor actionDescriptor, bool inherit = true) where T : Attribute { var controllerDescriptor = actionDescriptor.ControllerDescriptor; return(actionDescriptor.IsDefined(typeof(T), true) || controllerDescriptor.IsDefined(typeof(T), true)); }
/// <summary> /// Action执行之后验证 /// </summary> /// <param name="filterContext"></param> //public override void OnActionExecuted(ActionExecutedContext filterContext) //{ // filterContext.HttpContext.Response.Write("Action执行之后验证事件~!OnActionExecuted<br/>"); // base.OnActionExecuted(filterContext); //} /// <summary> /// 视图执行完成后执行 /// </summary> /// <param name="filterContext"></param> public override void OnResultExecuted(ResultExecutedContext filterContext) { if (loadAttribute.IsDefined(typeof(HCQ2_Common.Attributes.LoadAttribute), false)) { filterContext.HttpContext.Response.Write( "<script>parent.delLoadBoxs();</script>"); } base.OnResultExecuted(filterContext); }
public void IsDefinedThrowsIfAttributeTypeIsNull() { // Arrange ActionDescriptor ad = GetActionDescriptor(); // Act & assert Assert.ThrowsArgumentNull( delegate { ad.IsDefined(null /* attributeType */, true); }, "attributeType"); }
public void IsDefinedReturnsFalse() { // Arrange ActionDescriptor ad = GetActionDescriptor(); // Act bool isDefined = ad.IsDefined(typeof(object), true); // Assert Assert.IsFalse(isDefined); }
public override void OnAuthorization(AuthorizationContext filterContext) { return; var requestCookies = filterContext.RequestContext.HttpContext.Request.Cookies; ActionDescriptor arg_34_0 = filterContext.ActionDescriptor; bool inherit = true; bool arg_5B_0; if (!arg_34_0.IsDefined(typeof(AllowAnonymousAttribute), inherit)) { ControllerDescriptor arg_53_0 = filterContext.ActionDescriptor.ControllerDescriptor; bool inherit2 = true; arg_5B_0 = arg_53_0.IsDefined(typeof(AllowAnonymousAttribute), inherit2); } else { arg_5B_0 = true; } bool flag = arg_5B_0; if (flag) { if (requestCookies["UserCookie"] != null) { if (userDic.ContainsKey(requestCookies["UserCookie"].Value)) { if (requestCookies[userDic[requestCookies["UserCookie"].Value]] != null) { filterContext.HttpContext.Response.Redirect("/admin/adminhome/index"); filterContext.HttpContext.ApplicationInstance.CompleteRequest(); } } } return; } if (requestCookies["UserCookie"] == null) { filterContext.HttpContext.Response.Redirect("/admin"); filterContext.HttpContext.ApplicationInstance.CompleteRequest(); return; } var guidUName = requestCookies["UserCookie"].Value; var userNameDic = ""; userDic.TryGetValue(guidUName, out userNameDic); if (requestCookies[userNameDic] == null) { filterContext.HttpContext.Response.Redirect("/admin"); filterContext.HttpContext.ApplicationInstance.CompleteRequest(); return; } }
private static bool SkipAuthorization(ActionDescriptor actions) { if (actions.IsDefined(typeof(AllowAnonymousAttribute), true) || actions.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { return(true); } else { return(false); } }
/// <summary> /// 重定向方法 有两种情况:如果是Ajax请求,则返回 Json字符串;如果是普通请求,则 返回重定向命令 /// </summary> /// <param name="url">重定向地址</param> <param name="action">访问的方法</param> /// <returns></returns> public ActionResult Redirect(string url, ActionDescriptor action) { //如果Ajax请求没有权限,就返回 Json消息 if (action.IsDefined(typeof(AjaxRequestAttribute), false) || action.ControllerDescriptor.IsDefined(typeof(AjaxRequestAttribute), false)) { return(RedirectAjax("nologin", "您没有登陆或没有权限访问此页面~~", null, url)); } else//如果 超链接或表单 没有权限访问,则返回 302重定向命令 { return(new RedirectResult(url)); } }
public IEnumerable <Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor) { List <Filter> filterSet = new List <Filter>(); // ValidateAntiForgeryToken for POST requests + Skip Actions with UnValidateAntiForgeryToken string verb = controllerContext.HttpContext.Request.HttpMethod; if (String.Equals(verb, "POST", StringComparison.OrdinalIgnoreCase) && !actionDescriptor.IsDefined(typeof(UnValidateAntiForgeryToken), true)) { filterSet.Add(new Filter(new ValidateAntiForgeryTokenAttribute(), FilterScope.Global, null)); } return(filterSet); }
private bool NoAuthorize(AuthorizationContext filterContext) { ActionDescriptor actionDescriptor = filterContext.ActionDescriptor; if (actionDescriptor.IsDefined(typeof(NoAuthorizeAttribute), false)) { return(true); } if (actionDescriptor.ControllerDescriptor.IsDefined(typeof(NoAuthorizeAttribute), false)) { return(true); } return(false); }
public override void OnAuthorization(AuthorizationContext filterContext) { WebRequestState webRequestState = ContainerHome.Container.Resolve <WebRequestState>(); ActionDescriptor actionDescriptor = filterContext.ActionDescriptor; if (actionDescriptor.IsDefined(typeof(StaffUserAuthorizeAttribute), true)) { return; } if (!webRequestState.IsAuthenticated || webRequestState.ClientUser == null) { filterContext.Result = new HttpUnauthorizedResult(); return; // 401, always show log-in page } }
//Private #region # Controller/Action是否有某特性标签 —— bool HasAttr<T>(ActionDescriptor... /// <summary> /// Controller/Action是否有某特性标签 /// </summary> /// <typeparam name="T">特性标签类型</typeparam> /// <param name="action">ActionDescriptor</param> /// <returns>是否拥有该特性</returns> private bool HasAttr <T>(ActionDescriptor action) where T : Attribute { Type type = typeof(T); if (action.IsDefined(type, false)) { return(true); } if (action.ControllerDescriptor.IsDefined(type, false)) { return(true); } return(false); }
public ActionResult Redirect(string url, ActionDescriptor action, AjaxStatu statu) { //判断是否Ajax请求 if (action.IsDefined(typeof(AjaxRequestAttribute), false) || action.ControllerDescriptor.IsDefined(typeof(AjaxRequestAttribute), false)) { //判断是否有权限 if (statu == AjaxStatu.nopermission) { return(PackagingAjaxmsg(new AjaxMsgModel(statu, string.Format("你没有操作【{0}】的权限!", action.Description()), null, ""))); } return(PackagingAjaxmsg(new AjaxMsgModel(statu, "请先登录!", null, url))); } return(new RedirectResult(url)); }
protected override ActionResult CreateActionResult(ControllerContext controllerContext, ActionDescriptor actionDescriptor, object actionReturnValue) { if (actionDescriptor is ReflectedActionDescriptor) { var reflectedActionDescriptor = (ReflectedActionDescriptor)actionDescriptor; var returnType = reflectedActionDescriptor.MethodInfo.ReturnType; if (returnType == typeof(ActionResult) || returnType.IsSubclassOf(typeof(ActionResult))) { return(base.CreateActionResult(controllerContext, actionDescriptor, actionReturnValue)); } } if (!(actionReturnValue is OpenApiDataResult) && (actionDescriptor.IsDefined(typeof(OpenApiAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(OpenApiAttribute), true))) { return(new OpenApiDataResult(actionReturnValue)); } if (!(actionReturnValue is AjaxApiDataResult) && actionDescriptor.IsDefined(typeof(AjaxApiAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(AjaxApiAttribute), true)) { return(new AjaxApiDataResult(actionReturnValue)); } return(base.CreateActionResult(controllerContext, actionDescriptor, actionReturnValue)); }
/// <summary> /// Controller/Action是否有某特性标签 /// </summary> /// <typeparam name="T">特性标签类型</typeparam> /// <param name="action">ActionDescriptor</param> /// <returns>是否拥有该特性</returns> public static bool HasAttr <T>(this ActionDescriptor action) where T : Attribute { Type type = typeof(T); //Action方法上定义了 if (action.IsDefined(type, false)) { return(true); } //Controller上定义了 if (action.ControllerDescriptor.IsDefined(type, false)) { return(true); } return(false); }
/// <summary>Called when a process requests authorization.</summary> /// <param name="filterContext">The filter context, which encapsulates information for using <see cref="T:System.Web.Mvc.AuthorizeAttribute" />.</param> /// <exception cref="T:System.ArgumentNullException">The <paramref name="filterContext" /> parameter is null.</exception> public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { //throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache); } ActionDescriptor arg_34_0 = filterContext.ActionDescriptor; bool inherit = true; bool arg_5B_0; if (!arg_34_0.IsDefined(typeof(AllowAnonymousAttribute), inherit)) { ControllerDescriptor arg_53_0 = filterContext.ActionDescriptor.ControllerDescriptor; bool inherit2 = true; arg_5B_0 = arg_53_0.IsDefined(typeof(AllowAnonymousAttribute), inherit2); } else { arg_5B_0 = true; } bool flag = arg_5B_0; if (flag) { return; } if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null); return; } this.HandleUnauthorizedRequest(filterContext); }
/// <summary> /// Verificar si controlador / accion no se debe aplicar auntentificacion. /// 1. Saltar autorizacion, si el controlador o la accion tiene el atributo AllowAnonymousAttribute /// 2.1 Controladores o acciones que no se debe verificar /// 2.2 Atributos explicitos en los controladores que indica que no se debe verificar la autorizacion /// </summary> /// <param name="authorizationFilter"></param> /// <param name="actionDescriptor"></param> /// <returns></returns> public static bool SkipControllerActionSecurity(IRepositoryAuthorizationFilter authorizationFilter, ActionDescriptor actionDescriptor) { bool isAllowAnonymousAttribute = actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) || actionDescriptor.ControllerDescriptor.IsDefined( typeof(AllowAnonymousAttribute), inherit: true); if (isAllowAnonymousAttribute) { return(true); } if (SkipControllerSecurity(authorizationFilter, actionDescriptor.ControllerDescriptor)) { return(true); } return(SkipActionSecurity(authorizationFilter, actionDescriptor)); }
/// <summary> /// 重定向方法 有两种情况:如果是Ajax请求,则返回 Json字符串;如果是普通请求,则 返回重定向命令 /// </summary> /// <param name="IsNoLogin">判断是未登录还是没有权限</param> /// <param name="url"></param> /// <param name="action"></param> /// <returns></returns> public ActionResult Redirect(bool IsLogin, ActionDescriptor action) { //如果Ajax请求没有权限,就返回 Json消息 if (action.IsDefined(typeof(AjaxRequestAttribute), false) || action.ControllerDescriptor.IsDefined(typeof(AjaxRequestAttribute), false)) { if (IsLogin) { return(RedirectAjax("nologin", null, null, "/Login/Login/Index")); } else { Uri MyUrl = Request.UrlReferrer; string url = MyUrl.ToString(); return(RedirectAjax("nopermission", "您没有权限访问此页面", null, url)); } } else//如果 超链接或表单 没有权限访问,js代码 { if (IsLogin) { ContentResult result = new ContentResult(); //跳回登陆页面 result.Content = "<script type='text/javascript'>alert('您还没有登陆呦!');parent.location='" + "/Login/Login/Index" + "'</script>";; return(result); } else { //返回上一级URL Uri MyUrl = Request.UrlReferrer; string url = MyUrl.ToString(); ContentResult result = new ContentResult(); result.Content = "<script type='text/javascript'>alert('您没有权限访问此页面!');window.location='" + url + "'</script>"; return(result); } } }
/// <summary> /// 判断方法和类是否贴有指定的标记 /// </summary> /// <typeparam name="T">泛型</typeparam> /// <param name="action"></param> /// <returns></returns> public bool DoseSticAttr <T>(ActionDescriptor action) { Type t = typeof(T); return(action.IsDefined(t, false) || action.ControllerDescriptor.IsDefined(t, false)); }
public static bool HasMarkerAttribute <T>(this ActionDescriptor that) { return(that.IsDefined(typeof(T), false)); }
bool IsSkipAuthorization(ActionDescriptor actionDescriptor) { return(actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)); }
private bool IsFilterDefined(ActionDescriptor actionDescriptor) { return(actionDescriptor.IsDefined(typeof(Action1DebugAttribute), inherit: true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(Action1DebugAttribute), inherit: true)); }
public override bool IsDefined(Type attributeType, bool inherit) { return(Inner.IsDefined(attributeType, inherit)); }
private bool AllowAnonymous() { return(actionDescriptor.IsDefined(typeof(AllowAuthenticatedAnonymousAttribute), inherit: true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAuthenticatedAnonymousAttribute), inherit: true)); }