public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { // If a child action cache block is active, we need to fail immediately, even if authorization // would have succeeded. The reason is that there's no way to hook a callback to rerun // authorization before the fragment is served from the cache, so we can't guarantee that this // filter will be re-run on subsequent requests. throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache); } if (AuthorizeCore(filterContext.HttpContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { HandleUnauthorizedRequest(filterContext); } }
public override void OnAuthorization(AuthorizationContext filterContext) { /* var _context = _filterContext.HttpContext; * * //redirect if not authenticated * if (!_context.Request.IsAuthenticated || (!string.IsNullOrWhiteSpace(SessionId) && _context.Session[SessionId] == null)) * { * //use the current url for the redirect * if (_context.Request.Url != null) * { * string _redirectOnSuccess = _context.Server.UrlEncode(_context.Request.Url.ToString()); * //send them off to the login page * string _redirectUrl = string.Format("?ReturnUrl={0}", _redirectOnSuccess); * string _loginUrl = System.Configuration.ConfigurationManager.AppSettings["LoginUrl"]; * _loginUrl = (!string.IsNullOrWhiteSpace(_loginUrl) ? _loginUrl : FormsAuthentication.LoginUrl) + _redirectUrl; * * _context.Response.Redirect(_loginUrl, true); * } * }*/ if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException("Authorize Attribute Cannot Use Within Child Action Cache"); } ActionDescriptor actionDescriptor = filterContext.ActionDescriptor; bool flag1 = true; Type attributeType1 = typeof(AllowAnonymousAttribute); int num1 = flag1 ? 1 : 0; int num2; if (!actionDescriptor.IsDefined(attributeType1, num1 != 0)) { ControllerDescriptor controllerDescriptor = filterContext.ActionDescriptor.ControllerDescriptor; bool flag2 = true; Type attributeType2 = typeof(AllowAnonymousAttribute); int num3 = flag2 ? 1 : 0; num2 = controllerDescriptor.IsDefined(attributeType2, num3 != 0) ? 1 : 0; } else { num2 = 1; } if (num2 != 0) { return; } /* if (AuthorizeCore(filterContext.HttpContext)) * { * HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; * cache.SetProxyMaxAge(new TimeSpan(0L)); * throw new NotImplementedException(); * } * HandleUnauthorizedRequest(filterContext);*/ var _context = filterContext.HttpContext; if (!_context.Request.IsAuthenticated || (!string.IsNullOrWhiteSpace(SessionId) && _context.Session[SessionId] == null)) { //use the current url for the redirect if (_context.Request.Url != null) { string _redirectOnSuccess = _context.Server.UrlEncode(_context.Request.Url.ToString()); //send them off to the login page string _redirectUrl = string.Format("?ReturnUrl={0}", _redirectOnSuccess); string _loginUrl = System.Configuration.ConfigurationManager.AppSettings["LoginUrl"]; _loginUrl = (!string.IsNullOrWhiteSpace(_loginUrl) ? _loginUrl : FormsAuthentication.LoginUrl) + _redirectUrl; _context.Response.Redirect(_loginUrl, true); } } }