private bool HasAllowAnonymousAttribute(ActionDescriptor actionDescriptor)
{
var allowAnonymousType = typeof(AllowAnonymousAttribute);
return(actionDescriptor.IsDefined(allowAnonymousType, true) ||
actionDescriptor.ControllerDescriptor.IsDefined(allowAnonymousType, true));
}
public bool HasRightsToAction(ActionDescriptor actionDescriptor)
{
var skipAuthorization = true;
if (actionDescriptor.IsDefined(typeof(CustomAuthorizeAttribute), true))
{
skipAuthorization = false;
}
else if (!actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) &&
actionDescriptor.ControllerDescriptor.IsDefined(typeof(CustomAuthorizeAttribute), true))
{
skipAuthorization = false;
}
return(skipAuthorization || HasRights());
}
protected virtual ActionResult HandleUnauthorizedRequest(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
bool hasApiAttr = actionDescriptor.IsDefined(typeof(ApiAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(ApiAttribute), true);
// 忽略 ActionResult 的返回类型
if (actionDescriptor is ReflectedActionDescriptor)
{
var reflectedActionDescriptor = (ReflectedActionDescriptor)actionDescriptor;
var returnType = reflectedActionDescriptor.MethodInfo.ReturnType;
if (returnType == typeof(ActionResult) || returnType.IsSubclassOf(typeof(ActionResult)))
{
hasApiAttr = false;
}
}
// 302
if (hasApiAttr)
{
return(new FrameworkHttpUnauthorizedResult());
}
var request = controllerContext.HttpContext.Request;
var url = request.HttpMethod.Equals("GET", StringComparison.CurrentCultureIgnoreCase) ? request.Url.ToString() : null;
return(new FrameworkHttpLoginRedirectResult(url));
}
public static bool HasAttribute <T>(this ActionDescriptor actionDescriptor) where T : Attribute
{
var attrType = typeof(T);
return(actionDescriptor.IsDefined(attrType, true) ||
actionDescriptor.ControllerDescriptor.IsDefined(attrType, true));
}
/// <summary>
/// 重定向方法(ajax和link)
/// </summary>
/// <param name="url">重定向的url</param>
/// <param name="action">产生重定向的action方法</param>
/// <returns>JSONRESULT REDIRECTRESULT</returns>
public ActionResult Redirect(string url, ActionDescriptor action, AjaxStatu ajaxStatu = AjaxStatu.noperm)
{
//如果是Ajax请求没有权限,那么就返回Json消息
if (action.IsDefined(typeof(Common.Attributes.AjaxRequestAttribute), false) ||
action.ControllerDescriptor.IsDefined(typeof(Common.Attributes.AjaxRequestAttribute), false))
{
if (ajaxStatu == AjaxStatu.nologin)
{
return(PackagingAjaxmsg(AjaxStatu.nologin, Message.NotLogin, null, url));
}
else if (ajaxStatu == AjaxStatu.none)
{
return(PackagingAjaxmsg(AjaxStatu.nologin, Message.NotNone, null, url));
}
else
{
string strAction = action.GetDescription();
string strController = action.ControllerDescriptor.GetDescription();
string msg = string.Format(Message.OptNoPermission, strAction);
return(PackagingAjaxmsg(AjaxStatu.noperm, msg, null, null));
}
}
else//如果是超链接或表单
{
return(new RedirectResult(url));
}
}
public static bool IsDefinedInActionOrController <T>(this ActionDescriptor actionDescriptor, bool inherit = true) where T : Attribute
{
var type = typeof(T);
return(actionDescriptor.IsDefined(type, inherit) ||
actionDescriptor.ControllerDescriptor.IsDefined(type, inherit));
}
/// <summary>
/// 是否 action / controller 有定义指定的特性
/// </summary>
/// <typeparam name="T">定义的特性类型</typeparam>
/// <param name="controller">控制器</param>
/// <param name="actionDescriptor">Action 描述</param>
/// <param name="inherit">特性是否允许继承,默认为 true</param>
/// <returns>是否允许继承,默认为 true</returns>
public static bool IsDefinedAttribute <T>(this Controller controller, ActionDescriptor actionDescriptor,
bool inherit = true) where T : Attribute
{
var controllerDescriptor = actionDescriptor.ControllerDescriptor;
return(actionDescriptor.IsDefined(typeof(T), true) ||
controllerDescriptor.IsDefined(typeof(T), true));
}
/// <summary>
/// Action执行之后验证
/// </summary>
/// <param name="filterContext"></param>
//public override void OnActionExecuted(ActionExecutedContext filterContext)
//{
// filterContext.HttpContext.Response.Write("Action执行之后验证事件~!OnActionExecuted<br/>");
// base.OnActionExecuted(filterContext);
//}
/// <summary>
/// 视图执行完成后执行
/// </summary>
/// <param name="filterContext"></param>
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
if (loadAttribute.IsDefined(typeof(HCQ2_Common.Attributes.LoadAttribute), false))
{
filterContext.HttpContext.Response.Write(
"<script>parent.delLoadBoxs();</script>");
}
base.OnResultExecuted(filterContext);
}
public void IsDefinedThrowsIfAttributeTypeIsNull()
{
// Arrange
ActionDescriptor ad = GetActionDescriptor();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { ad.IsDefined(null /* attributeType */, true); }, "attributeType");
}
public void IsDefinedReturnsFalse()
{
// Arrange
ActionDescriptor ad = GetActionDescriptor();
// Act
bool isDefined = ad.IsDefined(typeof(object), true);
// Assert
Assert.IsFalse(isDefined);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
return;
var requestCookies = filterContext.RequestContext.HttpContext.Request.Cookies;
ActionDescriptor arg_34_0 = filterContext.ActionDescriptor;
bool inherit = true;
bool arg_5B_0;
if (!arg_34_0.IsDefined(typeof(AllowAnonymousAttribute), inherit))
{
ControllerDescriptor arg_53_0 = filterContext.ActionDescriptor.ControllerDescriptor;
bool inherit2 = true;
arg_5B_0 = arg_53_0.IsDefined(typeof(AllowAnonymousAttribute), inherit2);
}
else
{
arg_5B_0 = true;
}
bool flag = arg_5B_0;
if (flag)
{
if (requestCookies["UserCookie"] != null)
{
if (userDic.ContainsKey(requestCookies["UserCookie"].Value))
{
if (requestCookies[userDic[requestCookies["UserCookie"].Value]] != null)
{
filterContext.HttpContext.Response.Redirect("/admin/adminhome/index");
filterContext.HttpContext.ApplicationInstance.CompleteRequest();
}
}
}
return;
}
if (requestCookies["UserCookie"] == null)
{
filterContext.HttpContext.Response.Redirect("/admin");
filterContext.HttpContext.ApplicationInstance.CompleteRequest();
return;
}
var guidUName = requestCookies["UserCookie"].Value;
var userNameDic = "";
userDic.TryGetValue(guidUName, out userNameDic);
if (requestCookies[userNameDic] == null)
{
filterContext.HttpContext.Response.Redirect("/admin");
filterContext.HttpContext.ApplicationInstance.CompleteRequest();
return;
}
}
private static bool SkipAuthorization(ActionDescriptor actions)
{
if (actions.IsDefined(typeof(AllowAnonymousAttribute), true) ||
actions.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// 重定向方法 有两种情况:如果是Ajax请求,则返回 Json字符串;如果是普通请求,则 返回重定向命令
/// </summary>
/// <param name="url">重定向地址</param> <param name="action">访问的方法</param>
/// <returns></returns>
public ActionResult Redirect(string url, ActionDescriptor action)
{
//如果Ajax请求没有权限,就返回 Json消息
if (action.IsDefined(typeof(AjaxRequestAttribute), false) ||
action.ControllerDescriptor.IsDefined(typeof(AjaxRequestAttribute), false))
{
return(RedirectAjax("nologin", "您没有登陆或没有权限访问此页面~~", null, url));
}
else//如果 超链接或表单 没有权限访问,则返回 302重定向命令
{
return(new RedirectResult(url));
}
}
public IEnumerable <Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
List <Filter> filterSet = new List <Filter>();
// ValidateAntiForgeryToken for POST requests + Skip Actions with UnValidateAntiForgeryToken
string verb = controllerContext.HttpContext.Request.HttpMethod;
if (String.Equals(verb, "POST", StringComparison.OrdinalIgnoreCase) && !actionDescriptor.IsDefined(typeof(UnValidateAntiForgeryToken), true))
{
filterSet.Add(new Filter(new ValidateAntiForgeryTokenAttribute(), FilterScope.Global, null));
}
return(filterSet);
}
private bool NoAuthorize(AuthorizationContext filterContext)
{
ActionDescriptor actionDescriptor = filterContext.ActionDescriptor;
if (actionDescriptor.IsDefined(typeof(NoAuthorizeAttribute), false))
{
return(true);
}
if (actionDescriptor.ControllerDescriptor.IsDefined(typeof(NoAuthorizeAttribute), false))
{
return(true);
}
return(false);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
WebRequestState webRequestState = ContainerHome.Container.Resolve <WebRequestState>();
ActionDescriptor actionDescriptor = filterContext.ActionDescriptor;
if (actionDescriptor.IsDefined(typeof(StaffUserAuthorizeAttribute), true))
{
return;
}
if (!webRequestState.IsAuthenticated || webRequestState.ClientUser == null)
{
filterContext.Result = new HttpUnauthorizedResult();
return; // 401, always show log-in page
}
}
//Private
#region # Controller/Action是否有某特性标签 —— bool HasAttr<T>(ActionDescriptor...
/// <summary>
/// Controller/Action是否有某特性标签
/// </summary>
/// <typeparam name="T">特性标签类型</typeparam>
/// <param name="action">ActionDescriptor</param>
/// <returns>是否拥有该特性</returns>
private bool HasAttr <T>(ActionDescriptor action) where T : Attribute
{
Type type = typeof(T);
if (action.IsDefined(type, false))
{
return(true);
}
if (action.ControllerDescriptor.IsDefined(type, false))
{
return(true);
}
return(false);
}
public ActionResult Redirect(string url, ActionDescriptor action, AjaxStatu statu)
{
//判断是否Ajax请求
if (action.IsDefined(typeof(AjaxRequestAttribute), false) ||
action.ControllerDescriptor.IsDefined(typeof(AjaxRequestAttribute), false))
{
//判断是否有权限
if (statu == AjaxStatu.nopermission)
{
return(PackagingAjaxmsg(new AjaxMsgModel(statu, string.Format("你没有操作【{0}】的权限!", action.Description()), null, "")));
}
return(PackagingAjaxmsg(new AjaxMsgModel(statu, "请先登录!", null, url)));
}
return(new RedirectResult(url));
}
protected override ActionResult CreateActionResult(ControllerContext controllerContext, ActionDescriptor actionDescriptor, object actionReturnValue)
{
if (actionDescriptor is ReflectedActionDescriptor)
{
var reflectedActionDescriptor = (ReflectedActionDescriptor)actionDescriptor;
var returnType = reflectedActionDescriptor.MethodInfo.ReturnType;
if (returnType == typeof(ActionResult) || returnType.IsSubclassOf(typeof(ActionResult)))
{
return(base.CreateActionResult(controllerContext, actionDescriptor, actionReturnValue));
}
}
if (!(actionReturnValue is OpenApiDataResult) && (actionDescriptor.IsDefined(typeof(OpenApiAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(OpenApiAttribute), true)))
{
return(new OpenApiDataResult(actionReturnValue));
}
if (!(actionReturnValue is AjaxApiDataResult) && actionDescriptor.IsDefined(typeof(AjaxApiAttribute), true) || actionDescriptor.ControllerDescriptor.IsDefined(typeof(AjaxApiAttribute), true))
{
return(new AjaxApiDataResult(actionReturnValue));
}
return(base.CreateActionResult(controllerContext, actionDescriptor, actionReturnValue));
}
/// <summary>
/// Controller/Action是否有某特性标签
/// </summary>
/// <typeparam name="T">特性标签类型</typeparam>
/// <param name="action">ActionDescriptor</param>
/// <returns>是否拥有该特性</returns>
public static bool HasAttr <T>(this ActionDescriptor action) where T : Attribute
{
Type type = typeof(T);
//Action方法上定义了
if (action.IsDefined(type, false))
{
return(true);
}
//Controller上定义了
if (action.ControllerDescriptor.IsDefined(type, false))
{
return(true);
}
return(false);
}
/// <summary>Called when a process requests authorization.</summary>
/// <param name="filterContext">The filter context, which encapsulates information for using <see cref="T:System.Web.Mvc.AuthorizeAttribute" />.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="filterContext" /> parameter is null.</exception>
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
//throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache);
}
ActionDescriptor arg_34_0 = filterContext.ActionDescriptor;
bool inherit = true;
bool arg_5B_0;
if (!arg_34_0.IsDefined(typeof(AllowAnonymousAttribute), inherit))
{
ControllerDescriptor arg_53_0 = filterContext.ActionDescriptor.ControllerDescriptor;
bool inherit2 = true;
arg_5B_0 = arg_53_0.IsDefined(typeof(AllowAnonymousAttribute), inherit2);
}
else
{
arg_5B_0 = true;
}
bool flag = arg_5B_0;
if (flag)
{
return;
}
if (this.AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null);
return;
}
this.HandleUnauthorizedRequest(filterContext);
}
/// <summary>
/// Verificar si controlador / accion no se debe aplicar auntentificacion.
/// 1. Saltar autorizacion, si el controlador o la accion tiene el atributo AllowAnonymousAttribute
/// 2.1 Controladores o acciones que no se debe verificar
/// 2.2 Atributos explicitos en los controladores que indica que no se debe verificar la autorizacion
/// </summary>
/// <param name="authorizationFilter"></param>
/// <param name="actionDescriptor"></param>
/// <returns></returns>
public static bool SkipControllerActionSecurity(IRepositoryAuthorizationFilter authorizationFilter, ActionDescriptor actionDescriptor)
{
bool isAllowAnonymousAttribute =
actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) ||
actionDescriptor.ControllerDescriptor.IsDefined(
typeof(AllowAnonymousAttribute), inherit: true);
if (isAllowAnonymousAttribute)
{
return(true);
}
if (SkipControllerSecurity(authorizationFilter, actionDescriptor.ControllerDescriptor))
{
return(true);
}
return(SkipActionSecurity(authorizationFilter, actionDescriptor));
}
/// <summary>
/// 重定向方法 有两种情况:如果是Ajax请求,则返回 Json字符串;如果是普通请求,则 返回重定向命令
/// </summary>
/// <param name="IsNoLogin">判断是未登录还是没有权限</param>
/// <param name="url"></param>
/// <param name="action"></param>
/// <returns></returns>
public ActionResult Redirect(bool IsLogin, ActionDescriptor action)
{
//如果Ajax请求没有权限,就返回 Json消息
if (action.IsDefined(typeof(AjaxRequestAttribute), false) ||
action.ControllerDescriptor.IsDefined(typeof(AjaxRequestAttribute), false))
{
if (IsLogin)
{
return(RedirectAjax("nologin", null, null, "/Login/Login/Index"));
}
else
{
Uri MyUrl = Request.UrlReferrer;
string url = MyUrl.ToString();
return(RedirectAjax("nopermission", "您没有权限访问此页面", null, url));
}
}
else//如果 超链接或表单 没有权限访问,js代码
{
if (IsLogin)
{
ContentResult result = new ContentResult();
//跳回登陆页面
result.Content = "<script type='text/javascript'>alert('您还没有登陆呦!');parent.location='" + "/Login/Login/Index" + "'</script>";;
return(result);
}
else
{
//返回上一级URL
Uri MyUrl = Request.UrlReferrer;
string url = MyUrl.ToString();
ContentResult result = new ContentResult();
result.Content = "<script type='text/javascript'>alert('您没有权限访问此页面!');window.location='" + url + "'</script>";
return(result);
}
}
}
/// <summary>
/// 判断方法和类是否贴有指定的标记
/// </summary>
/// <typeparam name="T">泛型</typeparam>
/// <param name="action"></param>
/// <returns></returns>
public bool DoseSticAttr <T>(ActionDescriptor action)
{
Type t = typeof(T);
return(action.IsDefined(t, false) || action.ControllerDescriptor.IsDefined(t, false));
}
public static bool HasMarkerAttribute <T>(this ActionDescriptor that)
{
return(that.IsDefined(typeof(T), false));
}
bool IsSkipAuthorization(ActionDescriptor actionDescriptor)
{
return(actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
actionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true));
}
private bool IsFilterDefined(ActionDescriptor actionDescriptor)
{
return(actionDescriptor.IsDefined(typeof(Action1DebugAttribute), inherit: true) ||
actionDescriptor.ControllerDescriptor.IsDefined(typeof(Action1DebugAttribute), inherit: true));
}
public override bool IsDefined(Type attributeType, bool inherit)
{
return(Inner.IsDefined(attributeType, inherit));
}
private bool AllowAnonymous()
{
return(actionDescriptor.IsDefined(typeof(AllowAuthenticatedAnonymousAttribute), inherit: true) ||
actionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAuthenticatedAnonymousAttribute), inherit: true));
}
