public ApiMethod(MethodInfo p_method, ApiCallMode p_callMode, AuthAttribute p_auth, bool p_isTransactional) { Method = p_method; CallMode = p_callMode; Auth = p_auth; IsTransactional = p_isTransactional; }
private List <ActionParameter> GetSystemAllActions() { List <ActionParameter> result = new List <ActionParameter>(); Assembly asm = Assembly.GetExecutingAssembly(); var controllerTypes = from t in asm.GetExportedTypes() where typeof(IController).IsAssignableFrom(t) select t; foreach (var c in controllerTypes) { if (c.IsDefined(typeof(AllowAnonymousAttribute))) { continue; } var Controller = c.Name.Replace("Controller", ""); var controllerFullName = c.ToString(); var Area = string.Empty; int n = controllerFullName.IndexOf(".Areas.", System.StringComparison.Ordinal); if (n >= 0) { n += ".Areas.".Length; int len = controllerFullName.IndexOf(".", n, System.StringComparison.Ordinal) - n; Area = controllerFullName.Substring(n, len); } var q = asm.GetTypes() .Where(type => c.IsAssignableFrom(type))//filter controllers .SelectMany(type => type.GetMethods()) .Where(method => method.IsPublic && !method.IsDefined(typeof(NonActionAttribute)) && !method.IsDefined(typeof(AllowAnonymousAttribute))); foreach (var m in q) { AuthAttribute Auth = (AuthAttribute)(m.GetCustomAttributes(false).FirstOrDefault(x => x is AuthAttribute)); //if (Auth == null) continue; if (m.ReturnType != typeof(ActionResult)) { continue; } var Action = m.Name; var Name = (Auth == null) ? string.Empty : Auth.Name; var Description = (Auth == null) ? string.Empty : Auth.Description; var Default = (Auth == null) ? false : Auth.IsDefault; int Type = (Auth == null) ? 0 : (int)Auth.Type; result.Add(new ActionParameter() { Name = Name, Description = Description, Default = (Default) ? 1 : 0, Area = Area, Controller = Controller, Action = Action, Type = Type, Disable = 0 }); } } return(result); }
public override void OnAuthorization(AuthorizationContext filterContext) { filterContext.HttpContext.User = AuthenticatorProvider.GetUser(); var aa = typeof(AllowAnonymousAttribute); var ad = filterContext.ActionDescriptor; var skipAuthorization = ad.GetCustomAttributes(aa, true).Any() || ad.ControllerDescriptor.IsDefined(aa, true); AuthAttribute Auth = null; if (ad.GetCustomAttributes(typeof(AuthAttribute), true).Any()) { var list = ad.GetCustomAttributes(typeof(AuthAttribute), true); Auth = (AuthAttribute)list[0]; } string clientIp = filterContext.HttpContext.Request.UserHostAddress; if (Auth != null && Auth.AllowIpList != null && Auth.AllowIpList.Contains(clientIp)) { return; } if (!skipAuthorization) { base.OnAuthorization(filterContext); if (AuthenticatorProvider.GetUser() == null) { return; } User user = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser; var TokensForArea = filterContext.RouteData.DataTokens["area"]; string area = (TokensForArea == null) ? null : TokensForArea.ToString(); var controller = ad.ControllerDescriptor.ControllerName; var action = ad.ActionName; string path = (area == null) ? string.Format("/{0}/{1}", controller, action) : string.Format("/{0}/{1}/{2}", area, controller, action); //log.DebugFormat("{0} {1} {2}", Section.Get.Web.MasterAdmin, user.Account, Section.Get.Web.MasterAdmin.Contains(user.Account)); if (Section.Get.Web.MasterAdmin.Contains(user.Account) && Section.Get.Web.MasterAdminIp.Contains(clientIp)) { return; } if (!user.AuthPath.Contains(path) && (Auth != null && !Auth.IsDefault)) { object obj; if (Auth != null) { obj = new { area = "", controller = "User", action = "AccessDenied", rt = (int)Auth.Type }; } else { obj = new { area = "", controller = "User", action = "AccessDenied", rt = (int)ResponseType.HTML }; } filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(obj)); return; } } }
private string FindControllerAction(HttpListenerContext context) { HttpListenerRequest request = context.Request; string[] urlparts = request.Url.LocalPath.Split(new char[] { '/', '\\', '?' }, StringSplitOptions.RemoveEmptyEntries); if (urlparts.Length < 2) { return(null); } string controller = urlparts[0]; string action = urlparts[1]; Assembly curAssembly = Assembly.GetExecutingAssembly(); Type controllerType = curAssembly.GetType($"WebServerProject.Controllers.{controller}Controller", false, true); if (controllerType == null) { return(null); } MethodInfo actionMethod = controllerType.GetMethod(action, BindingFlags.Instance | BindingFlags.Public | BindingFlags.IgnoreCase); if (actionMethod == null) { return(null); } HttpMethodAttribute attrHttpMethod = actionMethod.GetCustomAttribute <HttpMethodAttribute>(); if (attrHttpMethod == null) { attrHttpMethod = new HttpMethodAttribute("get"); } if (attrHttpMethod.Method.ToLower() != request.HttpMethod.ToLower()) { return(null); } AuthAttribute attrAuth = methodType.GetCustomAttribute <AuthAttribute>(); if (attrAuth != null) { if (!data.ContainsKey("user")) { throw new UnauthorizedAccessException(); } } List <object> paramsToMethod = new List <object>(); NameValueCollection coll = null; if (request.HttpMethod == "GET") { if (urlparts.Length == 2 && actionMethod.GetParameters().Length != 0) { return(null); } if (urlparts.Length > 2) { coll = System.Web.HttpUtility.ParseQueryString(urlparts[2]); } } else if (request.HttpMethod == "POST") { string body; using (StreamReader reader = new StreamReader(request.InputStream)) { body = reader.ReadToEnd(); } coll = System.Web.HttpUtility.ParseQueryString(body); } else { return(null); } ParameterInfo[] parameters = actionMethod.GetParameters(); foreach (ParameterInfo pi in parameters) { paramsToMethod.Add(Convert.ChangeType(coll[pi.Name], pi.ParameterType)); } if (paramsToMethod.Count != actionMethod.GetParameters().Length) { return(null); } BaseController controllerObject = (BaseController)MyWebServer.Services.Resolve(controllerType); controllerObject.Request = context.Request; controllerObject.Response = context.Response; string resp = (string)actionMethod.Invoke(controllerObject, paramsToMethod.ToArray()); return(resp); }