public override void OnException(ExceptionContext filterContext) { Exception ex = filterContext.Exception; filterContext.ExceptionHandled = true; filterContext.Result = new JsonResult { Data = JsonError.Throw(filterContext.RouteData.Values["action"].ToString(), ex), JsonRequestBehavior = JsonRequestBehavior.AllowGet, ContentEncoding = Encoding.UTF8, ContentType = "application/json" }; }
public override void OnAuthorization(AuthorizationContext filterContext) { // no permission if (AccessLevel == RFAccessLevel.NotSet && string.IsNullOrWhiteSpace(Permission)) { SetCachePolicy(filterContext); return; } if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { if (RFSettings.GetAppSetting("DisableAuthentication", false)) { return; } // auth failed, redirect to login page filterContext.Result = new HttpUnauthorizedResult(); } var userName = filterContext.HttpContext.User.Identity.Name; var controllerName = filterContext.RouteData.GetRequiredString("controller"); var areaName = filterContext.RouteData.DataTokens["area"]?.ToString() ?? "Core"; var actionName = filterContext.RouteData.GetRequiredString("action"); var accessOk = AccessLevel == RFAccessLevel.NotSet || RIFFStart.UserRole.HasPermission(userName, areaName, controllerName, AccessLevel.ToString()); var permissionOk = string.IsNullOrWhiteSpace(Permission) || RIFFStart.UserRole.HasPermission(userName, areaName, controllerName, Permission); if (!accessOk || !permissionOk) { RFStatic.Log.Warning(this, "Denying authorization to user {0} to area {1}/{2}/{3}:{4}", userName, areaName, controllerName, AccessLevel.ToString(), Permission); var message = String.Format("Unauthorized - permission required: {0}/{1}/{2}/{3}", areaName, controllerName, AccessLevel.ToString(), Permission); switch (ResponseType) { case ResponseType.Page: { var viewData = new ViewDataDictionary(new RIFF.Web.Core.Models.ErrorModel { Message = message }); viewData.Add("Title", "Unauthorized"); filterContext.Result = new ViewResult { ViewName = "RIFFError", ViewData = viewData }; } break; case ResponseType.Json: filterContext.Result = new JsonResult { ContentType = "application/json", Data = JsonError.Throw(actionName, message) }; break; } } else { SetCachePolicy(filterContext); } }