public override void OnActionExecuting(ActionExecutingContext actionContext)
{
var clientKeyString = actionContext.HttpContext.Request.Headers["ClientKey"];
if (string.IsNullOrWhiteSpace(clientKeyString))
{
var objectResult = new ObjectResult(ErrorDto.Create("ClientKey is not provided", DocumentationLinks.ClientKey));
objectResult.StatusCode = StatusCodes.Status403Forbidden;
actionContext.Result = objectResult;
return;
}
Guid clientKey = Guid.Empty;
if(!Guid.TryParse(clientKeyString, out clientKey))
{
var objectResult = new ObjectResult(ErrorDto.Create("ClientKey have bad format", DocumentationLinks.ClientKey));
objectResult.StatusCode = StatusCodes.Status403Forbidden;
actionContext.Result = objectResult;
return;
}
if(!_externalClientService.IsClientKeyValid(clientKey))
{
var objectResult = new ObjectResult(ErrorDto.Create("ClientKey is not authorized", DocumentationLinks.ClientKey));
objectResult.StatusCode = StatusCodes.Status403Forbidden;
actionContext.Result = objectResult;
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var uowParam = context.ActionDescriptor.Parameters.FirstOrDefault(x => x.ParameterType == typeof(IUnitOfWork));
if (uowParam != null)
{
var connectionKey = this.GetType().GetCustomAttribute<ConnectionKeyAttribute>();
if (connectionKey == null)
throw new ArgumentNullException("connectionKey");
this.connection = SqlConnections.NewByKey(connectionKey.Value);
this.unitOfWork = new UnitOfWork(connection);
context.ActionArguments[uowParam.Name] = this.unitOfWork;
base.OnActionExecuting(context);
return;
}
var cnnParam = context.ActionDescriptor.Parameters.FirstOrDefault(x => x.ParameterType == typeof(IDbConnection));
if (cnnParam != null)
{
var connectionKey = this.GetType().GetCustomAttribute<ConnectionKeyAttribute>();
if (connectionKey == null)
throw new ArgumentNullException("connectionKey");
this.connection = SqlConnections.NewByKey(connectionKey.Value);
context.ActionArguments[cnnParam.Name] = connection;
base.OnActionExecuting(context);
}
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.RouteData.Values[routeField] == null)
claimValue = null;
else
claimValue = context.RouteData.Values[routeField].ToString();
var user = context.HttpContext.User;
foreach (var r in roles)
{
if (user.IsInRole(r))
{
base.OnActionExecuting(context);
return;
}
}
if (!string.IsNullOrEmpty(claimValue))
{
foreach(var c in claimTypes)
{
if (user.HasClaim(c, claimValue))
{
base.OnActionExecuting(context);
return;
}
}
}
HandleUnauthorizedRequest(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!context.RouteData.DataTokens.ContainsKey("actionName"))
{
context.RouteData.DataTokens.Add("actionName", context.ActionDescriptor.Name);
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.HttpContext.User.Identity.IsAuthenticated)
HandleUnauthorizedRequest(context);
else
base.OnActionExecuting(context);
}
public bool HandleAuthorization(ActionExecutingContext context)
{
Console.WriteLine("[RecAaaService] Handling Authorization");
var controllerName = context.RouteData.Values["Controller"]?.ToString();
var errorType = string.Empty;
if (controllerName == null)
errorType = "Invalid Route";
else if (!FunctionList.Keys.Contains(controllerName))
errorType = "Invalid Controller";
else
{
//var roleService = AutoSessionServiceFactory.GetRoleService(ServiceDbConnStr);
//var permissions = roleService.GetPermissionsByCurrentUserID();
//if (!permissions.Contains(FunctionList[controllerName]))
// errorType = "No-Access-Right";
var sessonUserIdStr = context.HttpContext.Session.GetString("UI.CURRENT_USERID");
var sessonUserId = int.Parse(sessonUserIdStr);
var permissions = GetUserPermission(sessonUserId);
//or even just if(permissions.IndexOf(FunctionList[controllerName]) < 0)
if (Array.IndexOf(permissions.Split(','), FunctionList[controllerName]) < 0)
errorType = "No-Access-Right";
}
if (errorType.Equals(string.Empty)) return true; //No error
if (!IsAjaxRequest(context.HttpContext.Request))
context.Result = new RedirectResult(RedirectToWomUrl);
else
context.Result = new JsonResult(new { Data = new { isSuccess = false, errorType } });
return false;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!context.ModelState.IsValid)
{
context.Result = new BadRequestObjectResult(context.ModelState);
}
}
//parts that contains this.
/*
1. This action filter attribute
---------------------------------------------------
2. CourseAdd - View =
@inject Microsoft.AspNet.Antiforgery.IAntiforgery Xsrf
@functions
{
public string GetAntiXsrfToken()
{
var tokens = Xsrf.GetTokens(Context);
return tokens.CookieToken + ":" + tokens.FormToken;
}
}
<form....>
<input type="hidden" name="__RequestVerificationToken" value="@GetAntiXsrfToken()" />
---------------------------------------------------
3. Angular controller
var token = $('[name=__RequestVerificationToken]').val();
var config = {
headers: {
'RequestVerificationToken': token
}
};
//$scope.model
$http.post('AddACourse', $scope.model, config)
.then(function (response) {
debugger;
var s = response;
$scope.model.Location = 'teststest';
// this callback will be called asynchronously
// when the response is available
}, function (response) {
var s = response;
// called asynchronously if an error occurs
// or server returns response with an error status.
});
4. Mvc Controller
[ValidateCustomAntiForgeryToken()]
*/
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
IAntiforgery antiforgery = actionContext.HttpContext.ApplicationServices.GetService(typeof(IAntiforgery)) as IAntiforgery;
var cookieToken = string.Empty;
var formToken = string.Empty;
StringValues tokenHeaders;
string[] tokens = null;
//go grab this token
if (actionContext.HttpContext.Request.Headers.TryGetValue("RequestVerificationToken", out tokenHeaders))
{
tokens = tokenHeaders.First().Split(':');
if (tokens != null && tokens.Length == 2)
{
cookieToken = tokens[0];
formToken = tokens[1];
}
else
{
throw new Exception("Can't Find Request Verification Token");
}
}
else
{
throw new Exception("Can't Find Request Verification Token");
}
antiforgery.ValidateTokens(actionContext.HttpContext, new AntiforgeryTokenSet(formToken, cookieToken));
base.OnActionExecuting(actionContext);
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
var messages = Convert.ToString(_httpContextAccessor.HttpContext.Request.Cookies[CookiePrefix]);
if (String.IsNullOrEmpty(messages))
{
return;
}
IList<NotifyEntry> messageEntries;
messageEntries = DeserializeNotifyEntries(messages);
if(messageEntries == null)
{
// An error occured during deserialization
_shouldDeleteCookie = true;
return;
}
if (!messageEntries.Any())
{
return;
}
// Make the notifications available for the rest of the current request.
_existingEntries = messageEntries;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var gitHubAccessToken = context.HttpContext.Session.GetString("GitHubAccessToken");
var gitHubName = context.HttpContext.Session.GetString("GitHubName");
// If session state didn't have our data, either there's no one logged in, or they just logged in
// but the claims haven't yet been read.
if (string.IsNullOrEmpty(gitHubAccessToken))
{
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
// Not authenticated at all? Go to GitHub to authorize the app
context.Result = new ChallengeResult(
authenticationScheme: "GitHub",
properties: new AuthenticationProperties { RedirectUri = "/" });
return;
}
// Authenticated but haven't read the claims? Process the claims
gitHubAccessToken = context.HttpContext.User.FindFirst("access_token")?.Value;
gitHubName = context.HttpContext.User.Identity.Name;
context.HttpContext.Session.SetString("GitHubAccessToken", gitHubAccessToken);
context.HttpContext.Session.SetString("GitHubName", gitHubName);
}
context.ActionArguments.Add("gitHubAccessToken", gitHubAccessToken);
context.ActionArguments.Add("gitHubName", gitHubName);
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (context.HttpContext.Request.Method == "GET")
{
await HandleQueryRequest(context, next);
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
context.Result = new HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
}
else
{
var scopeAttribute = (ScopeAttribute)context.Controller.GetType().GetTypeInfo().GetCustomAttribute(typeof(ScopeAttribute));
var result = from claim in context.HttpContext.User.Claims
where claim.Type == "scope"
select claim;
if (!result.Any())
{
context.Result = new HttpStatusCodeResult((int) System.Net.HttpStatusCode.Forbidden);
return;
}
var scopeClaim = result.First();
if (!scopeAttribute.Values.Contains(scopeClaim.Value))
{
context.Result = new HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
return;
}
}
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
object age = null;
var controller = context.Controller as FiltersController;
if (controller != null)
{
controller.CustomUser.Log += "Age Enhanced!" + Environment.NewLine;
}
if (context.ActionArguments.TryGetValue("age", out age))
{
if (age is int)
{
var intAge = (int)age;
if (intAge < 21)
{
intAge += 5;
}
else if (intAge > 30)
{
intAge = 29;
}
context.ActionArguments["age"] = intAge;
}
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
userAgent = Request?.UserAgent();
IsMobile = Request != null ? Request.IsMobileBrowser() : false;
ViewData["IsMobile"] = IsMobile;
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.HttpContext.Session.GetString("Admin") != "true")
context.Result = new RedirectResult("/Admin/Login");
else
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var httpsPort = Convert.ToInt32(ConfigurationManager.AppSettings["httpsPort"]);
var httpPort = Convert.ToInt32(ConfigurationManager.AppSettings["httpPort"]);
var request = filterContext.HttpContext.Request;
var response = filterContext.HttpContext.Response;
if (httpsPort > 0 && RequireSecure)
{
string url = null;
if (httpsPort > 0)
{
url = "https://" + request.Url.Host + request.RawUrl;
if (httpsPort != 443)
{
var builder = new UriBuilder(url) { Port = httpsPort };
url = builder.Uri.ToString();
}
}
if (httpsPort != request.Url.Port)
{
filterContext.Result = new RedirectResult(url);
}
}
// se for uma conexao segura e não está requerendo um SSL, retira o ssl e volta para http.
else if (filterContext.HttpContext.Request.IsSecureConnection && !RequireSecure)
{
filterContext.Result = new RedirectResult(filterContext.HttpContext.Request.Url.ToString().Replace("https:", "http:").Replace(httpsPort.ToString(), httpPort.ToString()));
filterContext.Result.ExecuteResult(filterContext);
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!context.ModelState.IsValid)
{
var bodyParameter = context.ActionDescriptor
.Parameters
.FirstOrDefault(parameter => IsBodyBindingSource(
parameter.BindingInfo?.BindingSource));
if (bodyParameter != null)
{
// Body model binder normally reports errors for parameters using the empty name.
var parameterBindingErrors = context.ModelState[bodyParameter.Name]?.Errors ??
context.ModelState[string.Empty]?.Errors;
if (parameterBindingErrors != null && parameterBindingErrors.Count != 0)
{
var errorInfo = new ErrorInfo
{
ActionName = context.ActionDescriptor.Name,
ParameterName = bodyParameter.Name,
Errors = parameterBindingErrors.Select(x => x.ErrorMessage).ToList(),
Source = "filter"
};
context.Result = new ObjectResult(errorInfo);
}
}
}
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
context.Result = new ContentResult
{
Content = "The Action was never executed",
ContentType = new MediaTypeHeaderValue("text/plain")
};
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!string.IsNullOrEmpty(context.HttpContext.Request.Query["culture"]))
{
CultureInfo.DefaultThreadCurrentCulture = CultureInfo.DefaultThreadCurrentUICulture = new CultureInfo(context.HttpContext.Request.Query["culture"]);
}
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.ActionDescriptor.DisplayName == "FiltersWebSite.ActionFilterController.GetHelloWorld")
{
(context.ActionArguments["fromGlobalActionFilter"] as List<ContentResult>).
Add(Helpers.GetContentResult(context.Result, "Action Filter - OnActionExecuting"));
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.ModelState.IsValid == false)
{
context.Result = new BadRequestObjectResult(context.ModelState.Values
.SelectMany(p=>p.Errors).First(p=>p.ErrorMessage!="" || p.Exception!=null).ErrorMessage);
}
}
public void OnActionExecuting(ActionExecutingContext context)
{
var controller = context.Controller as Controller;
if (controller != null)
{
var modelBinderAccessor = context.HttpContext.RequestServices.GetRequiredService<IModelUpdaterAccessor>();
modelBinderAccessor.ModelUpdater = new ControllerModelUpdater(controller);
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.HttpContext.Request.Headers["private-key"].ToString() != Configuration["PrivateKey"].ToString())
{
context.Result = new ChallengeResult();
return;
}
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
context.Result = new HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
return;
}
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (IsAuthorized())
{
StaticManager.UserName = User.Identity.Name;
}
base.OnActionExecuting(context);
}
public override Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (context.HttpContext.Request.Headers["private-key"].ToString() != Configuration["PrivateKey"].ToString())
{
context.Result = new ChallengeResult();
return Task.FromResult(403);
}
return base.OnActionExecutionAsync(context, next);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var pk = context.HttpContext.Request.Headers["PrivateKey"].ToString();
if (DB.Nodes.Where(x => x.PrivateKey == pk).Count() == 0)
{
context.Result = new ChallengeResult();
return;
}
base.OnActionExecuting(context);
}
/// <summary>
/// Forces us into the target area if MVC Framework hasn't already figured it out
/// </summary>
/// <param name="filterContext">The executing context</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
var controllerContext = filterContext.Controller.ControllerContext;
if (!controllerContext.RouteData.DataTokens.ContainsKey(DataTokenKey))
{
controllerContext.RouteData.DataTokens.Add(DataTokenKey, _areaName);
}
}
/// <summary>
/// check if request is authorized
/// </summary>
/// <param name="context"></param>
/// <param name="roles"></param>
/// <returns></returns>
private bool IsAuthorized(ActionExecutingContext context, string[] roles)
{
var principal = context.HttpContext.User;
if (principal == null)
return false;
var identity = principal.Identity as ErpIdentity;
return identity != null;
}
public override Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var pk = context.HttpContext.Request.Headers["PrivateKey"].ToString();
if (DB.Nodes.Where(x => x.PrivateKey == pk).Count() == 0)
{
context.Result = new ChallengeResult();
return Task.FromResult(403);
}
return base.OnActionExecutionAsync(context, next);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
logValues(filterContext.RouteData);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (HttpContext.Session.TryGetValue("user", out byte[] data) && data != null && data.Length == 4)
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
LoginCheck(HttpContext.Current);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Log("OnActionExecuting", filterContext.ActionDescriptor.ControllerDescriptor, filterContext.ActionDescriptor, filterContext.ActionParameters);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
Repo.ChainQueryable(q => q.Include(b => b.User).Include(b => b.Address));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var httpContext = filterContext.HttpContext;
var controller = filterContext.Controller as GalleryController;
if (controller == null)
{
throw new InvalidOperationException("This attribute can only be used for GalleryController");
}
DateTime lastModified;
if (!string.IsNullOrEmpty(GalleryNameParameter))
{
// Get the last change date for the specified gallery
var galleryName = filterContext.ActionParameters[GalleryNameParameter] as string;
lastModified = controller.GalleryService.GetLastChange(galleryName);
}
else
{
// Get the last changed date for all galleries
lastModified = controller.GalleryService.GetLastChange();
}
var lastLogin = httpContext.Session["LastLoginDate"] as DateTime?;
if (lastLogin != null && lastLogin > lastModified)
{
lastModified = lastLogin.Value;
}
//
// decide if the page should be rendered again or not, use ETAG
//
var etag = string.Format("\"{0}\"", lastModified.ToFileTime());
lastModified = new DateTime(lastModified.Year, lastModified.Month, lastModified.Day, lastModified.Hour, lastModified.Minute, lastModified.Second);
var incomingDate = httpContext.Request.Headers["If-Modified-Since"];
DateTime incommingParsed;
if (DateTime.TryParse(incomingDate, out incommingParsed) && incommingParsed == lastModified)
{
filterContext.Result = new HttpStatusCodeResult((int)HttpStatusCode.NotModified);
return; // Terminate action, abort all further processing
}
var ifNoneMatch = httpContext.Request.Headers["If-None-Match"];
if (ifNoneMatch != null && ifNoneMatch.Contains(","))
{
ifNoneMatch = ifNoneMatch.Substring(0, ifNoneMatch.IndexOf(",", StringComparison.Ordinal));
}
if (etag == ifNoneMatch)
{
filterContext.Result = new HttpStatusCodeResult((int)HttpStatusCode.NotModified);
return; // Terminate action, abort all further processing
}
httpContext.Response.Cache.SetCacheability(HttpCacheability.Private);
httpContext.Response.Expires = -600;
//httpContext.Response.Cache.SetNoStore();
httpContext.Response.AddHeader("ETag", etag);
httpContext.Response.AddHeader("Last-Modified", lastModified.ToUniversalTime().ToString("r"));
// Continue processing
base.OnActionExecuting(filterContext);
}
public void OnActionExecuting(ActionExecutingContext context)
{
//throw new NotImplementedException();
}
public override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
AllowOriginAttribute.onExcute(filterContext, AllowSites);
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
context.HttpContext.Items[URLHELPER] = this.Url;
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Log("OnActionExecuting", filterContext.RouteData);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Ensure ASP.NET Simple Membership is initialized only once per app start
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
bool hasPermission = false;
OperatorInfo user = await Operator.Instance.Current();
if (user == null || user.UserId == 0)
{
#region 没有登录
if (context.HttpContext.Request.IsAjaxRequest())
{
TData obj = new TData();
obj.Message = "抱歉,没有登录或登录已超时";
context.Result = new CustomJsonResult {
Value = obj
};
return;
}
else
{
context.Result = new RedirectResult("~/Home/Login");
return;
}
#endregion
}
else
{
// 系统用户拥有所有权限
if (user.IsSystem == 1)
{
hasPermission = true;
}
else
{
// 权限判断
if (!string.IsNullOrEmpty(Authorize))
{
string[] authorizeList = Authorize.Split(',');
TData <List <MenuAuthorizeInfo> > objMenuAuthorize = await new MenuAuthorizeBLL().GetAuthorizeList(user);
List <MenuAuthorizeInfo> authorizeInfoList = objMenuAuthorize.Result.Where(p => authorizeList.Contains(p.Authorize)).ToList();
if (authorizeInfoList.Any())
{
hasPermission = true;
#region 新增和修改判断
if (context.RouteData.Values["Action"].ToString() == "SaveFormJson")
{
var id = context.HttpContext.Request.Form["Id"];
if (id.ParseToLong() > 0)
{
if (!authorizeInfoList.Where(p => p.Authorize.Contains("edit")).Any())
{
hasPermission = false;
}
}
else
{
if (!authorizeInfoList.Where(p => p.Authorize.Contains("add")).Any())
{
hasPermission = false;
}
}
}
#endregion
}
if (!hasPermission)
{
if (context.HttpContext.Request.IsAjaxRequest())
{
TData obj = new TData();
obj.Message = "抱歉,没有权限";
context.Result = new CustomJsonResult {
Value = obj
};
}
else
{
context.Result = new RedirectResult("~/Home/NoPermission");
}
}
}
else
{
hasPermission = true;
}
}
if (hasPermission)
{
var resultContext = await next();
}
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
this._unitOfWork = UnitOfWorkFactory.Create();
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
context.Result = new JsonResult("MyActionFilter设置:" + context.ModelState.AllModelStateErrors().FirstOrDefault().Message);
}
public void OnActionExecuting(ActionExecutingContext context)
{
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
base.OnActionExecuting(filterContext);
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
SetCurrentThreadCulture(filterContext.RouteData);
}
private WebResponseContent OnActionExecutionPermission(ActionExecutingContext context)
{
//!context.Filters.Any(item => item is IFixedTokenFilter))固定token的是否验证权限
//if ((context.Filters.Any(item => item is IAllowAnonymousFilter)
// && !context.Filters.Any(item => item is IFixedTokenFilter))
// || UserContext.Current.IsSuperAdmin
// )
if (context.Filters.Any(item => item is IAllowAnonymousFilter) ||
UserContext.Current.IsSuperAdmin)
{
return(ResponseContent.OK());
}
//演示环境除了admin帐号,其他帐号都不能增删改等操作
if (!_userContext.IsSuperAdmin && AppSetting.GlobalFilter.Enable &&
AppSetting.GlobalFilter.Actions.Contains(((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor).ActionName))
{
return(ResponseContent.Error(AppSetting.GlobalFilter.Message));
}
//如果没有指定表的权限,则默认为代码生成的控制器,优先获取PermissionTableAttribute指定的表,如果没有数据则使用当前控制器的名作为表名权限
if (ActionPermission.SysController)
{
object[] permissionArray = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor)?.ControllerTypeInfo.GetCustomAttributes(typeof(PermissionTableAttribute), false);
if (permissionArray == null || permissionArray.Length == 0)
{
ActionPermission.TableName = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor).ControllerName;
}
else
{
ActionPermission.TableName = (permissionArray[0] as PermissionTableAttribute).Name;
}
if (string.IsNullOrEmpty(ActionPermission.TableName))
{
//responseType = ResponseType.ParametersLack;
return(ResponseContent.Error(ResponseType.ParametersLack));
}
}
//如果没有给定权限,不需要判断
if (string.IsNullOrEmpty(ActionPermission.TableName) &&
string.IsNullOrEmpty(ActionPermission.TableAction) &&
(ActionPermission.RoleIds == null || ActionPermission.RoleIds.Length == 0))
{
return(ResponseContent.OK());
}
//是否限制的角色ID称才能访问
//权限判断角色ID,
if (ActionPermission.RoleIds != null && ActionPermission.RoleIds.Length > 0)
{
if (ActionPermission.RoleIds.Contains(_userContext.UserInfo.Role_Id))
{
return(ResponseContent.OK());
}
//如果角色ID没有权限。并且也没控制器权限
if (string.IsNullOrEmpty(ActionPermission.TableAction))
{
return(ResponseContent.Error(ResponseType.NoRolePermissions));
}
}
//2020.05.05移除x.TableName.ToLower()转换,获取权限时已经转换成为小写
var actionAuth = _userContext.GetPermissions(x => x.TableName == ActionPermission.TableName.ToLower())?.UserAuthArr;
if (actionAuth == null ||
actionAuth.Count() == 0 ||
!actionAuth.Contains(ActionPermission.TableAction))
{
Logger.Info(LoggerType.Authorzie, $"没有权限操作," +
$"用户ID{_userContext.UserId}:{_userContext.UserTrueName}," +
$"角色ID:{_userContext.RoleId}:{_userContext.UserInfo.RoleName}," +
$"操作权限{ActionPermission.TableName}:{ActionPermission.TableAction}");
return(ResponseContent.Error(ResponseType.NoPermissions));
}
return(ResponseContent.OK());
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
actionStartTime = Helper.GetLocalDate();
userName = Helper.GetLoggedInUserID();
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.Controller.ViewBag.Message = "Your application description page.";
base.OnActionExecuting(filterContext);
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
if (controllerName == "Account" && actionName == "Login")
{
return;
}
HttpCookie coockie = filterContext.RequestContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (coockie == null)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
else
{
try
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(coockie.Value);
string token = ticket.Name;
TokenModel tokenModel = Account.GetTokenModel(token);
if (tokenModel == null)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
if (tokenModel.IpAddress != ClientIPAddress)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
ConnectedUser = tokenModel.Account;
filterContext.Controller.ViewData["MenuAbilitati"] = MenuAbilitati;
if (controllerName != "Home")
{
if (!VerificaAbilitazioneUtente(controllerName, actionName))
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "ErrorPage" }, { "action", "AccountNonAutorizzato" }
});
// throw new Exception("Account non autorizzato per l'operazione");
// filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
return;
}
}
}
catch
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Debug.WriteLine("OnActionExecuting, attribute declared on: " + whereFrom);
base.OnActionExecuting(filterContext);
}
private void StopwatchEnabledStart(ActionExecutingContext filterContext)
{
System.Diagnostics.Stopwatch watch = new System.Diagnostics.Stopwatch();
filterContext.RouteData.Values.Add("Stopwatch", watch);
watch.Start();
}
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
var node = ServerManager.Get(actionContext.HttpContext.Request.Host.Value);
if (node == null)
{
actionContext.Result = new JsonResult(actionContext.HttpContext.Request.Host.Value + " no node mapping this uri");
}
if ((int)node.NodeType != (int)Target && node.NodeType != NodeTypeEnum.STANDALONE)
{
var baseUrl = "";
if ((int)Target < 3)
{
baseUrl = ProxyManager.Instance.Elect((NodeProxyTypeEnum)Target);
}
else
{
baseUrl = actionContext.ActionArguments[RouteArgumentName].ToString();
}
var client = new RestClient("http://" + baseUrl);
var restRequest = new RestRequest(actionContext.HttpContext.Request.Path.Value + actionContext.HttpContext.Request.QueryString);
restRequest.Method = (actionContext.HttpContext.Request.Method == "GET") ? Method.GET : Method.POST;
restRequest.JsonSerializer = new NewtonJsonSerializer();
if (restRequest.Method == Method.POST)
{
foreach (var arg in actionContext.ActionArguments)
{
restRequest.AddJsonBody(arg.Value);
}
}
//var resetEvent = new ManualResetEvent(false);
//var handle = client.ExecuteAsync(restRequest, (restResponse) =>
//{
// var m = ((ControllerActionDescriptor)actionContext.ActionDescriptor).MethodInfo;
// if (m.ReturnType != null)
// {
// var obj = JsonConvert.DeserializeObject<object>(restResponse.Content);
// actionContext.Result = new JsonResult(obj);
// }
// else
// {
// actionContext.Result = null;
// }
// resetEvent.Set();
//});
//resetEvent.WaitOne();
var res = client.Execute(restRequest);
var m = ((ControllerActionDescriptor)actionContext.ActionDescriptor).MethodInfo;
if (m.ReturnType != null)
{
var obj = JsonConvert.DeserializeObject <object>(res.Content);
actionContext.Result = new JsonResult(obj);
}
else
{
actionContext.Result = null;
}
}
else
{
base.OnActionExecuting(actionContext);
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
this.StopwatchEnabledStart(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
//从Session中得到用户登录信息
Session["WechatUserInfo"] = new WechatUserInfo
{
nickname = "*ST小散",
headimgurl = "http://wx.qlogo.cn/mmopen/5mxuSU5RGhY0J2JiaCXazWbGkic0KalhYJVQOWfqxbQIeK3hzQoCAgQaD4eklDVC5Fic2vuNO0j78rdQ4oX5FZT8j0erf3SJQxu/0",
openid = "oC86Z09y0dkSbyPXzxz6AOGF1U_o",
sex = "",
province = "广东",
city = "广州",
country = "中国"
};
Session["UserInfo"] = new User
{
CompanyID = "",
CompanyName = "",
UserID = "",
CardNo = "",
StoreID = "",
RoleID = "",
LeaderUserID = "",
StoreName = "",
CellPhone = "",
Sex = "",
EmpNo = "",
EmpName = "",
RoleName = "",
HireDate = "",
Active = ""
};
CurrentWechatUserInfo = Session["WechatUserInfo"] as WechatUserInfo; //绑定的是用户微信基本信息
CurrentUserInfo = Session["UserInfo"] as User; //绑定的是用户系统基本信息
if (CurrentWechatUserInfo == null)
{
string redirectUrl = System.Configuration.ConfigurationManager.AppSettings["redirectUrl"];
//从新从微信获取授权
Response.Redirect(@"https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxd682b8b6d9016fb4&redirect_uri=" + redirectUrl + @"/WechatAuth&response_type=code&scope=snsapi_base&state=1#wechat_redirect");
}
else
{
ViewBag.nickname = CurrentWechatUserInfo.nickname;
ViewBag.headimgurl = CurrentWechatUserInfo.headimgurl;
ViewBag.openid = CurrentWechatUserInfo.openid;
ViewBag.sex = CurrentWechatUserInfo.sex;
ViewBag.province = CurrentWechatUserInfo.province;
ViewBag.city = CurrentWechatUserInfo.city;
ViewBag.country = CurrentWechatUserInfo.country;
ViewBag.CompanyID = CurrentUserInfo.CompanyID;
ViewBag.CompanyName = CurrentUserInfo.CompanyName;
ViewBag.RoleName = CurrentUserInfo.RoleName;
ViewBag.LeaderUserID = CurrentUserInfo.LeaderUserID;
ViewBag.CellPhone = CurrentUserInfo.CellPhone;
ViewBag.UserID = CurrentUserInfo.UserID;
ViewBag.EmpNo = CurrentUserInfo.EmpNo;
ViewBag.EmpName = CurrentUserInfo.EmpName;
ViewBag.StoreName = CurrentUserInfo.StoreName;
ViewBag.StoreID = CurrentUserInfo.StoreID;
if (String.IsNullOrEmpty(ViewBag.CompanyID) || ViewBag.CompanyID == "")
{
RedirectToAction("UserBinding", "UserBinding");
}
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Asegúrese de que ASP.NET Simple Membership se inicialice solo una vez por inicio de la aplicación
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
