private static ActionDescriptor GetActionDescriptor(ControllerBase controller, RouteData routeData) { var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); var actionName = routeData.GetRequiredString("action"); var actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName); return actionDescriptor; }
public static bool ActionAuthorized(this HtmlHelper htmlHelper, string actionName, string controllerName) { ControllerBase controllerBase = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : htmlHelper.GetControllerByName(controllerName); ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerBase); ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); if (actionDescriptor == null) return false; FilterInfo filters = new FilterInfo(FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor)); AuthorizationContext authorizationContext = new AuthorizationContext(controllerContext, actionDescriptor); foreach (IAuthorizationFilter authorizationFilter in filters.AuthorizationFilters) { authorizationFilter.OnAuthorization(authorizationContext); if (authorizationContext.Result != null) return false; } return true; }
public ActionResult Index() { ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController)); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction"); IEnumerable<Filter> filters = FilterProviders.Providers.GetFilters(ControllerContext, actionDescriptor); return View(filters); }
protected virtual Type FindModelType(ControllerBase controller, string actionName) { ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); var actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName); var qry = from p in actionDescriptor.GetParameters() let paramType = p.ParameterType where typeof(Csla.Core.IBusinessObject).IsAssignableFrom(paramType) select paramType; return qry.SingleOrDefault(); }
public ActionResult Index() { ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController)); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction"); Dictionary<ParameterDescriptor, IModelBinder> binders = new Dictionary<ParameterDescriptor, IModelBinder>(); foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters()) { binders.Add(parameterDescriptor, this.GetModelBinder(parameterDescriptor)); } return View(binders); }
static MethodInfo GetActionMethod(HttpContextBase context, RouteData routeData, ControllerBase controller) { var actionName = routeData.Values["action"] as string; if (actionName == null) return null; var controllerContext = new ControllerContext(context, routeData, controller); var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName) as ReflectedActionDescriptor; return actionDescriptor?.MethodInfo; }
internal static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName) { var controllerToLinkTo = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : GetControllerByName(htmlHelper, controllerName); var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo); var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType()); var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); return ActionIsAuthorized(controllerContext, actionDescriptor); }
/// <summary> /// Avoids risking things like AmbiguousMatchException, by accessing the controller and action descriptors. /// </summary> internal IEnumerable<AuthorizeAttribute> GetAuthorizeAttributes(ControllerBase controller, string actionName) { ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName); if (actionDescriptor == null) { // if we can't find a matching action descriptor, we just issue a warning log and trim the action from the site map. log.Warn(Exceptions.MiniAclModule_ActionDescriptorNotFound.FormatWith(controllerDescriptor.ControllerName, actionName)); return new AuthorizeAttribute[] { new UnauthorizedAttribute() }; } IEnumerable<AuthorizeAttribute> controllerAttributes = controllerDescriptor.GetAttributes<AuthorizeAttribute>(); IEnumerable<AuthorizeAttribute> actionAttributes = actionDescriptor.GetAttributes<AuthorizeAttribute>(); return controllerAttributes.Concat(actionAttributes); }
private Boolean IsJsonResponse(ControllerContext filterContext) { if (filterContext is ActionExecutedContext) { if (((ActionExecutedContext)filterContext).Result is JsonResult || filterContext.HttpContext.Response.ContentType.ToLower() == Curl.JsonType.ToLower()) { return true; } } else if (filterContext is ExceptionContext) { if (filterContext.HttpContext.Response.ContentType.ToLower() == Curl.JsonType.ToLower()) return true; var actionName = (String)filterContext.RouteData.Values["action"]; Type controllerType = filterContext.Controller.GetType(); ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerType); var action = (ReflectedActionDescriptor)controllerDescriptor.FindAction(filterContext.Controller.ControllerContext, actionName); return action.MethodInfo.ReturnType == typeof(JsonResult); } return false; }
/// <summary> /// Returns true if a specific controller action exists and /// the user has the ability to access it. /// </summary> /// <param name="htmlHelper"></param> /// <param name="actionName"></param> /// <param name="controllerName"></param> /// <returns></returns> public static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName) { //if the controller name is empty the ASP.NET convention is: //"we are linking to a different controller ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : GetControllerByName(htmlHelper, controllerName); var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo); var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType()); var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); return ActionIsAuthorized(controllerContext, actionDescriptor); }
public override void OnException(ExceptionContext filterContext) { ExceptionHandlerAreaAttribute RegisteredExceptionArea = null; ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(filterContext.Controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(filterContext.Controller.ControllerContext, filterContext.RouteData.Values["action"].ToString()); if (controllerDescriptor.IsDefined(typeof(ExceptionHandlerAreaAttribute), true)) RegisteredExceptionArea = controllerDescriptor.GetCustomAttributes(typeof(ExceptionHandlerAreaAttribute), true).First() as ExceptionHandlerAreaAttribute; else if (actionDescriptor != null && actionDescriptor.IsDefined(typeof(ExceptionHandlerAreaAttribute), true)) RegisteredExceptionArea = actionDescriptor.GetCustomAttributes(typeof(ExceptionHandlerAreaAttribute), true).First() as ExceptionHandlerAreaAttribute; if (RegisteredExceptionArea != null) Debug.WriteLine(RegisteredExceptionArea.RegisteredAreaName); base.OnException(filterContext); }
protected ActionResult InvokeAction(string actionName) { ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(this.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName); Dictionary<string, object> parameters = new Dictionary<string, object>(); foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters()) { string modelName = parameterDescriptor.BindingInfo.Prefix?? parameterDescriptor.ParameterName; ModelBindingContext bindingContext = new ModelBindingContext { FallbackToEmptyPrefix = parameterDescriptor.BindingInfo.Prefix == null, ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(null, parameterDescriptor.ParameterType), ModelName = modelName, ModelState = ModelState, ValueProvider = this.ValueProvider }; parameters.Add(parameterDescriptor.ParameterName,this.ModelBinder.BindModel(ControllerContext, bindingContext)); } return (ActionResult)actionDescriptor.Execute(ControllerContext,parameters); }
public static object InvokeAction(this Controller controller, string actionName) { IModelBinder modelBinder = new MyDefaultModelBinder(); ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName); Dictionary<string, object> arguments = new Dictionary<string, object>(); foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters()) { string modelName = parameterDescriptor.BindingInfo.Prefix ?? parameterDescriptor.ParameterName; ModelBindingContext bindingContext = new ModelBindingContext { FallbackToEmptyPrefix = parameterDescriptor.BindingInfo.Prefix == null, ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(null, parameterDescriptor.ParameterType), ModelName = modelName, ModelState = controller.ModelState, ValueProvider = controller.ValueProvider }; object argument = modelBinder.BindModel(controller.ControllerContext, bindingContext); arguments.Add(parameterDescriptor.ParameterName, argument); } return actionDescriptor.Execute(controller.ControllerContext, arguments); }
/// <summary> /// Determines if specified action is accessible to current user. /// </summary> /// <param name="htmlHelper">HtmlHelper object.</param> /// <param name="actionName">Action name to test.</param> /// <param name="controllerBase">Controller to test.</param> /// <returns>True/false if action is accessible to current user.</returns> private static bool ActionIsAccessibleToUser(this HtmlHelper htmlHelper, string actionName, ControllerBase controllerBase) { // Get controller context. var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerBase); // Get controller descriptor. var controllerDescriptor = new ReflectedControllerDescriptor(controllerBase.GetType()); // Get action descriptor. var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); // Check on authorization. return ActionIsAuthorized(actionDescriptor, controllerContext); }
/// <summary> /// Find Session Attribute in the Action or Controller. /// </summary> /// <param name="controllerContext"></param> private SessionWrapper Initilize(ControllerContext controllerContext) { var reflectedControllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType()); //find on Action, sessionAttribute 's priority on action is heiher than on controller. string actionname = controllerContext.RouteData.Values["Action"].ToString(); ActionDescriptor action = reflectedControllerDescriptor.FindAction(controllerContext, actionname); //Find session attribute on the action. var customAttributeSet = new[] { action.GetCustomAttributes(typeof (SessionAttribute), true) , controllerContext.Controller.GetType().GetCustomAttributes(typeof (SessionAttribute), true) }; SessionWrapper wrapper = null; if (customAttributeSet.Any(customAttributes => TryEnableSession(customAttributes, out wrapper))) { return wrapper; } return null; /*throw new NHModelBinderException( "can't find any enabled SessionAttribute on controller or action ,please special session attribute and make sure it's enabled.");*/ }
protected override void OnModelUpdated(ControllerContext controllerContext, ModelBindingContext bindingContext) { base.OnModelUpdated(controllerContext, bindingContext); ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, controllerContext.RouteData.Values["action"].ToString()); ParameterDescriptor paramDescriptor = actionDescriptor.GetParameters() .FirstOrDefault(p => p.ParameterType == bindingContext.ModelMetadata.ModelType); if (null != paramDescriptor) { foreach (var propertyName in paramDescriptor.BindingInfo.Exclude) { bindingContext.ModelState.Remove(propertyName); } if (paramDescriptor.BindingInfo.Include != null && paramDescriptor.BindingInfo.Include.Count > 0) { var models = bindingContext.ModelState.ToList(); foreach (var item in models) { if (!paramDescriptor.BindingInfo.Include.Contains(item.Key)) { bindingContext.ModelState.Remove(item.Key); } } } } Dictionary<string, bool> startedValid = new Dictionary<string, bool>(StringComparer.OrdinalIgnoreCase); var regStringList = new List<String> () { @"<script[\s\S]+</script *>", @"on\w+=\s*(['""\s]?)([/s/S]*[^\1]*?)\1[\s]*", @"<ScriptBlock>on\w+=\s*(['""\s]?)([/s/S]*[^\1]*?)\1[\s|>|/>]", @"href[ ^=]*=\s*(['""\s]?)[\w]*script+?([/s/S]*[^\1]*?)\1[\s]*" }; //验证每个属性中的值是否包含有危险字段. foreach (var item in bindingContext.PropertyMetadata) { if (item.Value.ModelType.FullName.EndsWith("String")) { if (item.Value.Model != null) { var propertyValue = item.Value.Model.ToString(); Regex reg; bool flag = false; foreach (var pattern in regStringList) { reg = new Regex(pattern); if (reg.Match(propertyValue).Success) { bindingContext.ModelState.AddModelError(item.Key, "提交的信息中包含有非法字符"); flag = true; break; } } if (flag) { break; } } } } //获取模型的验证结果 //var results = ModelValidator.GetModelValidator(bindingContext.ModelMetadata, controllerContext).Validate(bindingContext.Model); //foreach (ModelValidationResult validationResult in results) //{ // string subPropertyName = CreateSubPropertyName(bindingContext.ModelName, validationResult.MemberName); // //if(bindingContext.PropertyFilter(subPropertyName)) { // //bindingContext.PropertyFilter 是一个 delegate, 如果指定的 member 在 BindAttribute 的 Include 的列表内(或者非 Exclude 的列表内),返回 true, 否则为 false // //部分验证的功能就是通过它的结果来实现的 // if (bindingContext.PropertyFilter(validationResult.MemberName)) // { // if (!startedValid.ContainsKey(subPropertyName)) // { // startedValid[subPropertyName] = bindingContext.ModelState.IsValidField(subPropertyName); // } // if (startedValid[subPropertyName]) // { // bindingContext.ModelState.AddModelError(subPropertyName, validationResult.Message); // } // } //} }
public ActionResult Index() { ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController)); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction"); return View(actionDescriptor); }
private bool ShouldBeSecure(RequestContext requestContext, ActionExecutingContext actionContext) { var controllerName = (string) requestContext.RouteData.Values["controller"]; if (controllerName == null) return false; var actionName = (string) requestContext.RouteData.Values["action"]; if (actionName == null) return false; var settings = GetSettings(); if (settings == null || !settings.Enabled) { return false; } if (actionName.EndsWith("Ssl") || controllerName.EndsWith("Ssl")) { return true; } var controller = (actionContext != null ? actionContext.Controller : ControllerBuilder.Current.GetControllerFactory() .CreateController(requestContext, controllerName)) as ControllerBase; if (controller != null) { var controllerType = controller.GetType(); if (controllerType.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Any()) { return true; } ActionDescriptor actionDescriptor; if (actionContext != null) { actionDescriptor = actionContext.ActionDescriptor; } else { var controllerContext = new ControllerContext(requestContext, controller); var controllerDescriptor = new ReflectedControllerDescriptor(controllerType); actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); } if (actionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Any()) { return true; } } if (settings.SecureEverything) return true; if (controllerName == "Account" && (actionName == "LogOn" || actionName == "ChangePassword" || actionName == "AccessDenied" || actionName == "Register" || actionName.StartsWith("ChallengeEmail", StringComparison.OrdinalIgnoreCase))) { return true; } if (controllerName == "Admin" || AdminFilter.IsApplied(requestContext)) { return true; } if (!settings.CustomEnabled) return false; var urlHelper = new UrlHelper(requestContext); var url = urlHelper.Action(actionName, controllerName, requestContext.RouteData); if (String.IsNullOrWhiteSpace(url)) { return false; } return IsRequestProtected( url, requestContext.HttpContext.Request.ApplicationPath, settings); }
internal static ActionDescriptor GetActionDescriptor(this ControllerContext controllerContext, string actionName) { var controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType()); return controllerDescriptor.FindAction(controllerContext, actionName); }
public ActionResult Yes(ConfirmationActionViewModel model) { if (!model.HttpPost) return Redirect(model.YesUrl); ConfirmationData data = ConfirmationService.GetData(model.Id); RouteData route = RoutesHelper.GetRouteDataByUrl("/" + model.YesUrl); //var controllerDescriptor = new ReflectedControllerDescriptor(GetType()); string controllerName = (String)route.Values["controller"]; string actionName = (String)route.Values["action"]; //string values = RouteData.GetRequiredString("id"); //IControllerActivator DefaultControllerFactory d = new DefaultControllerFactory(); IController controller = d.CreateController(HttpContext.Request.RequestContext, controllerName); ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); //d.ReleaseController(controller); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName); RequestContext requestContext = new RequestContext(new RoutesHelper.RewritedHttpContextBase("/" + model.YesUrl), route); requestContext.HttpContext.Request.Form.Add((NameValueCollection)data.PostData); ControllerContext ctx = new ControllerContext(requestContext, (ControllerBase)controller); IDictionary<string, object> parameters2 = GetParameterValues(ctx, actionDescriptor); IDictionary<string, object> parameters = new Dictionary<string,object>(); ControllerContext.HttpContext.Response.Clear(); NameValueCollection nameValueCollection = data.PostData as NameValueCollection; //nameValueCollection. actionDescriptor.Execute(ControllerContext, (IDictionary<string, object>)data.PostData); //var viewResult = new ViewResult //{ // ViewName = "", // MasterName = "", // ViewData = new ViewDataDictionary(data.PostData), // TempData = null //}; //return viewResult; return new EmptyResult(); }
protected override void OnException(ExceptionContext filterContext) { //TODO: подумать о том чтобы делать параметризированный ендВорк без савечангес var exception = filterContext.Exception; Logger.Write("Message: " + exception.Message + "\r\n Data: \r\n" + exception.Data + "\r\n Trace:\r\n" + exception.StackTrace, "Exceptions", 0, 32667, TraceEventType.Error);//TODO: подкрутить вывод в лог #region Системные ошибки if (exception is SystemException) { var result = new ViewResult//TODO: Глобальная ошбика, например отключение бд, привелет к показу! Нужно редиректить на специальный лайаут, без пользовательских данных, который точно не ебнеться, и адльше смотреть, если нет коннекта к БД писать прямо об этом { ViewName = "Error", MasterName = "", ViewData = null, TempData = filterContext.Controller.TempData }; result.ViewBag.Exception = exception; result.ViewBag.ExceptionText = "Возникла ошибка, обратитесь к команде разработчиков через <a href='" + Url.Action("index", "feedback") + "'>форму обратной связи</a> или по <a href='mailto:[email protected]'>email</a>"; filterContext.Result = result; filterContext.ExceptionHandled = true; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusCode = 500; } #endregion #region Ошибки приложения if (exception is ApplicationException) { #region Ошибки редиректа if (filterContext.Exception is RedirectException) { RedirectException redirectException = (RedirectException)filterContext.Exception; string url = ""; if (!string.IsNullOrWhiteSpace(redirectException.RedirectUrl)) url = redirectException.RedirectUrl; else url = ConstHelper.HomeUrl; List<string> urlParameters = new List<string>(); if (!String.IsNullOrEmpty(redirectException.Message)) urlParameters.Add(ConstHelper.ErrorCode + "=" + ErrorService.Add(redirectException.Message)); if (filterContext.Exception is AuthenticationException) urlParameters.Add("returnUrl" + "=" + HttpUtility.UrlEncode(HttpContext.Request.Url.ToString()));//TODO: вынести returl или внести ErrorCode StringBuilder finallyUrl = new StringBuilder(url); finallyUrl.Append("?"); for (int i = 0; i < urlParameters.Count; i++) { finallyUrl.Append(urlParameters[i]); if (i != urlParameters.Count - 1) finallyUrl.Append("&"); } filterContext.Result = new RedirectResult(finallyUrl.ToString()); filterContext.ExceptionHandled = true; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusCode = 500; return; } if (filterContext.Exception is MvcActionRedirectException) { MvcActionRedirectException mvcRredirectException = (MvcActionRedirectException)filterContext.Exception; var result = RedirectToAction(mvcRredirectException.ActionName, mvcRredirectException.ControllerName, mvcRredirectException.RouteValues); if (!String.IsNullOrEmpty(mvcRredirectException.Message)) result.RouteValues.Add(ConstHelper.ErrorCode, ErrorService.Add(mvcRredirectException.Message)); filterContext.Result = result; filterContext.ExceptionHandled = true; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusCode = 500; return; } #endregion #region Ошибки ведущие на остование на этой же странице #region Ошибки бизнес логики //чтобы заюзать внутренний кеш, можно поробовать обкаст к коетроллер акстион енвокер if (filterContext.Exception is BusinessLogicException) { BusinessLogicException businessLogicException = (BusinessLogicException)filterContext.Exception; var controllerDescriptor = new ReflectedControllerDescriptor(GetType()); string actionName = RouteData.GetRequiredString("action"); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName); IDictionary<string, object> parameters = GetParameterValues(ControllerContext, actionDescriptor); object model = null; if (parameters.Keys.Contains("model")) model = parameters["model"]; var viewResult = new ViewResult { ViewName = "", MasterName = "", ViewData = new ViewDataDictionary(model), TempData = filterContext.Controller.TempData }; viewResult.ViewBag.Exception = businessLogicException; viewResult.ViewBag.ExceptionText = String.Format(businessLogicException.Message); ControllerContext context = ControllerContext; try { viewResult.ExecuteResult(context); } catch//TODO: URLREFERER case { //if (HttpContext.Request.UrlReferrer != null) //{ // if(Core.UrlHelper.IsInnerUrl(HttpContext.Request.UrlReferrer.ToString())) // { // } //} //else //{ var result = new ViewResult//TODO: Глобальная ошбика, например отключение бд, привелет к показу! Нужно редиректить на специальный лайаут, без пользовательских данных, который точно не ебнеться, и адльше смотреть, если нет коннекта к БД писать прямо об этом { ViewName = "Error", MasterName = "", ViewData = null, TempData = filterContext.Controller.TempData }; result.ViewBag.Exception = businessLogicException; result.ViewBag.ExceptionText = String.Format(businessLogicException.Message); filterContext.Result = result; filterContext.ExceptionHandled = true; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusCode = 500; return; //} } filterContext.Result = viewResult; filterContext.ExceptionHandled = true; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusCode = 500; return; } #endregion #region Ошибки валидации //чтобы заюзать внутренний кеш, можно поробовать обкаст к коетроллер акстион енвокер if (filterContext.Exception is ValidationException) { ValidationException validationException = (ValidationException)filterContext.Exception; var controllerDescriptor = new ReflectedControllerDescriptor(GetType()); string actionName = RouteData.GetRequiredString("action"); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName); IDictionary<string, object> parameters = GetParameterValues(ControllerContext, actionDescriptor); object model = null; if (parameters.Keys.Contains("model")) model = parameters["model"]; var viewResult = new ViewResult { ViewName = "", MasterName = "", ViewData = new ViewDataDictionary(model), TempData = filterContext.Controller.TempData }; viewResult.ViewBag.ValidationException = validationException; viewResult.ViewBag.ValidationExceptionText = String.Format(validationException.Message); //viewResult.ExecuteResult(); filterContext.Result = viewResult; filterContext.ExceptionHandled = true; filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusCode = 500; return; } #endregion #endregion } #endregion base.OnException(filterContext); }