protected override async Task InternalInterceptAsynchronous(IInvocation invocation) { var proceedInfo = invocation.CaptureProceedInfo(); await _authorizationHelper.AuthorizeAsync(invocation.MethodInvocationTarget, invocation.TargetType); proceedInfo.Invoke(); var task = (Task)invocation.ReturnValue; await task.ConfigureAwait(false); }
public virtual async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync( HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { var methodInfo = actionContext.ActionDescriptor.GetMethodInfoOrNull(); if (methodInfo == null) { return(await continuation()); } if (actionContext.ActionDescriptor.IsDynamicAbpAction()) { return(await continuation()); } try { await _authorizationHelper.AuthorizeAsync(methodInfo); return(await continuation()); } catch (AbpAuthorizationException ex) { LogHelper.Logger.Warn(ex.ToString(), ex); _eventBus.Trigger(this, new AbpHandledExceptionData(ex)); return(CreateUnAuthorizedResponse(actionContext)); } }
public virtual async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync( HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any()) { return(await continuation()); } var methodInfo = actionContext.ActionDescriptor.GetMethodInfoOrNull(); if (methodInfo == null) { return(await continuation()); } if (actionContext.ActionDescriptor.IsDynamicInfrastructureAction()) { return(await continuation()); } try { await _authorizationHelper.AuthorizeAsync(methodInfo); return(await continuation()); } catch (AuthorizationException ex) { LogHelper.Logger.Warn(ex.ToString(), ex); _eventBus.Trigger(this, new HandledExceptionData(ex)); return(CreateUnAuthorizedResponse(actionContext)); } }
public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { // Allow Anonymous skips all authorization if (context.Filters.Any(item => item is IAllowAnonymousFilter)) { return; } //TODO: Avoid using try/catch, use conditional checking try { await _authorizationHelper.AuthorizeAsync( context.ActionDescriptor.GetMethodInfo(), context.ActionDescriptor.GetMethodInfo().DeclaringType ); } catch (AbpAuthorizationException ex) { Logger.Warn(ex.ToString(), ex); _eventBus.Trigger(this, new AbpHandledExceptionData(ex)); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true)) { StatusCode = context.HttpContext.User.Identity.IsAuthenticated ? (int)System.Net.HttpStatusCode.Forbidden : (int)System.Net.HttpStatusCode.Unauthorized }; } else { context.Result = new ChallengeResult(); } } catch (Exception ex) { Logger.Error(ex.ToString(), ex); _eventBus.Trigger(this, new AbpHandledExceptionData(ex)); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex))) { StatusCode = (int)System.Net.HttpStatusCode.InternalServerError }; } else { //TODO: How to return Error page? context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError); } } }
public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { // Allow Anonymous skips all authorization if (context.Filters.Any(item => item is IAllowAnonymousFilter)) { return; } if (!context.ActionDescriptor.IsControllerAction()) { return; } //TODO: Avoid using try/catch, use conditional checking try { await _authorizationHelper.AuthorizeAsync( context.ActionDescriptor.GetMethodInfo(), context.ActionDescriptor.GetMethodInfo().DeclaringType ); } catch (AuthorizationException ex) { LogUtil.Warn(ex); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { var isLogin = await _authorizationHelper.CheckLoginAsync(); var errorInfo = ExceptionConvertUtil.Convert(ex); context.Result = new ObjectResult(new AjaxResponse(errorInfo)) { StatusCode = isLogin ? (int)System.Net.HttpStatusCode.Forbidden : (int)System.Net.HttpStatusCode.Unauthorized }; } else { context.Result = new ChallengeResult(); } } catch (Exception ex) { LogUtil.Error(ex); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { context.Result = new ObjectResult(new OperateResult(ex)) { StatusCode = (int)System.Net.HttpStatusCode.InternalServerError }; } else { context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError); } } }
public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { // Allow Anonymous skips all authorization if (context.Filters.Any(item => item is IAllowAnonymousFilter)) { return; } try { //TODO: Avoid using try/catch, use conditional checking await _authorizationHelper.AuthorizeAsync(context.ActionDescriptor.GetMethodInfo()); } catch (ValidationException ex) { Logger.LogWarning(ex.ToString(), ex); //if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) //{ // context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true)) // { // StatusCode = context.HttpContext.User.Identity.IsAuthenticated // ? (int)System.Net.HttpStatusCode.Forbidden // : (int)System.Net.HttpStatusCode.Unauthorized // }; //} //else //{ context.Result = new ChallengeResult(); //} } catch (Exception ex) { Logger.LogError(ex.ToString(), ex); //if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) //{ // context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex))) // { // StatusCode = (int)System.Net.HttpStatusCode.InternalServerError // }; //} //else //{ //TODO: How to return Error page? context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError); // } } }
public async Task <IActionResult> Put(int compid, int id, [FromBody] Crew crew) { Models.Competition competition = await _context.Competitions.Include("Administrators.CompetitionAdministrator").FirstAsync(x => x.CompetitionId == compid); var authorizationResult = await _authorizationHelper.AuthorizeAsync(User, competition, "CanAdminCompetition"); if (!authorizationResult.Succeeded) { if (User.Identity.IsAuthenticated) { return(new ForbidResult()); } else { return(new ChallengeResult()); } } Models.Crew dbCrew = await _context.Crews.FirstOrDefaultAsync(x => x.BroeCrewId == id); if (dbCrew == null) { Models.Crew modelCrew = new Models.Crew { Competition = competition }; competition.Crews.Add(modelCrew); _mapper.Map(crew, modelCrew); await _context.SaveChangesAsync(); return(CreatedAtRoute("GetById", new { id = modelCrew.BroeCrewId })); } else { _mapper.Map(crew, dbCrew); await _context.SaveChangesAsync(); return(NoContent()); } }
public static void Authorize(this IAuthorizationHelper authorizationHelper, MethodInfo methodInfo, Type type) { AsyncHelper.RunSync(() => authorizationHelper.AuthorizeAsync(methodInfo, type)); }
public static void Authorize(this IAuthorizationHelper authorizationHelper, IEnumerable <IStudioXAuthorizeAttribute> authorizeAttributes) { AsyncHelper.RunSync(() => authorizationHelper.AuthorizeAsync(authorizeAttributes)); }
public static async Task AuthorizeAsync(this IAuthorizationHelper authorizationHelper, IStudioXAuthorizeAttribute authorizeAttribute) { await authorizationHelper.AuthorizeAsync(new[] { authorizeAttribute }); }
public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext context) { var endpoint = context?.HttpContext?.GetEndpoint(); // 如果注入了 IAllowAnonymous 接口则允许所有匿名用户的请求 // Allow Anonymous skips all authorization if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null) { return; } // 如果不是一个控制器方法则直接返回 if (!context.ActionDescriptor.IsControllerAction()) { return; } //TODO: Avoid using try/catch, use conditional checking // 开始使用 IAuthorizationHelper 对象来进行权限校验 try { await _authorizationHelper.AuthorizeAsync( context.ActionDescriptor.GetMethodInfo(), context.ActionDescriptor.GetMethodInfo().DeclaringType ); } // 如果是未授权异常的处理逻辑 catch (AbpAuthorizationException ex) { // 记录日志 Logger.Warn(ex.ToString(), ex); // 触发异常事件 await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex)); // 如果接口的返回类型为 ObjectResult,则采用 AjaxResponse 对象进行封装信息 if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { //context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true)) //{ // StatusCode = context.HttpContext.User.Identity.IsAuthenticated // ? (int)System.Net.HttpStatusCode.Forbidden // : (int)System.Net.HttpStatusCode.Unauthorized //}; //获取错误信息 var errorInfo = _errorInfoBuilder.BuildForException(ex); //code设置状态码数据 errorInfo.Code = (context.HttpContext.User.Identity.IsAuthenticated ? (int)System.Net.HttpStatusCode.Forbidden : (int)System.Net.HttpStatusCode.Unauthorized); //返回结果 context.Result = new ObjectResult(new AjaxResponse(errorInfo, unAuthorizedRequest: true)) { //默认状态 StatusCode = (int)System.Net.HttpStatusCode.OK }; } else { context.Result = new ChallengeResult(); } } // 其他异常则显示为服务器内部异常 catch (Exception ex) { Logger.Error(ex.ToString(), ex); await _eventBus.TriggerAsync(this, new AbpHandledExceptionData(ex)); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { //context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex))) //{ // StatusCode = (int)System.Net.HttpStatusCode.InternalServerError //}; //获取错误信息 var errorInfo = _errorInfoBuilder.BuildForException(ex); errorInfo.Details = ex.Message; errorInfo.Code = (int)System.Net.HttpStatusCode.InternalServerError; context.Result = new ObjectResult(new AjaxResponse(errorInfo)) { StatusCode = (int)System.Net.HttpStatusCode.OK }; } else { //TODO: How to return Error page? context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError); } } }
public static async Task AuthorizeAsync(this IAuthorizationHelper authorizationHelper, IInfrastructureAuthorizeAttribute authorizeAttribute) { await authorizationHelper.AuthorizeAsync(new[] { authorizeAttribute }); }
public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { // Allow Anonymous skips all authorization if (context.Filters.Any(item => item is IAllowAnonymousFilter)) { return; } if (!context.ActionDescriptor.IsControllerAction()) { return; } var isWebserviceWay = false; if (context.HttpContext.Request.Headers.ContainsKey("requestWay") || context.HttpContext.Request.Headers["requestWay"].ToString() != "webapi") { isWebserviceWay = true; } //TODO: Avoid using try/catch, use conditional checking try { await _authorizationHelper.AuthorizeAsync( context.ActionDescriptor.GetMethodInfo(), context.ActionDescriptor.GetMethodInfo().DeclaringType ); } catch (AbpAuthorizationException ex) { Logger.Warn(ex.ToString(), ex); _eventBus.Trigger(this, new AbpHandledExceptionData(ex)); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { if (isWebserviceWay) { context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.Auth_Error, "authorization failure")); } else { context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex), true)) { StatusCode = context.HttpContext.User.Identity.IsAuthenticated? (int)System.Net.HttpStatusCode.Forbidden:(int)System.Net.HttpStatusCode.Unauthorized }; } } else { if (isWebserviceWay) { context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.Auth_Error, "authorization failure")); } else { context.Result = new ChallengeResult(); } } } catch (Exception ex) { Logger.Error(ex.ToString(), ex); _eventBus.Trigger(this, new AbpHandledExceptionData(ex)); if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType)) { if (isWebserviceWay) { context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.SytemError, "Unknown exception")); } else { context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex))) { StatusCode = (int)System.Net.HttpStatusCode.InternalServerError }; } } else { if (isWebserviceWay) { context.Result = new ObjectResult(new ResultMessage <object>(ResultCode.SytemError, "Unknown exception")); } else { //TODO: How to return Error page? context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError); } } } }