protected override Task HandleRequirementAsync( AuthorizationHandlerContext context, DynamicPermissionRequirement requirement) { var mvcContext = context.Resource as Endpoint; if (mvcContext == null) { return(Task.CompletedTask); } var actionDescriptor = mvcContext.Metadata.OfType <ControllerActionDescriptor>().SingleOrDefault(); actionDescriptor.RouteValues.TryGetValue("area", out var areaName); var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName; actionDescriptor.RouteValues.TryGetValue("controller", out var controllerName); var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName; actionDescriptor.RouteValues.TryGetValue("action", out var actionName); var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName; if (_securityTrimmingService.CanCurrentUserAccess(area, controller, action)) { context.Succeed(requirement); } return(Task.CompletedTask); }
protected override Task HandleRequirementAsync( AuthorizationHandlerContext context, DynamicPermissionRequirement requirement) { var mvcContext = context.Resource as Endpoint; var actionDescriptor = mvcContext?.Metadata.OfType <ControllerActionDescriptor>().SingleOrDefault(); if (actionDescriptor != null) { actionDescriptor.RouteValues.TryGetValue("area", out var areaName); var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName; actionDescriptor.RouteValues.TryGetValue("controller", out var controllerName); var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName; actionDescriptor.RouteValues.TryGetValue("action", out var actionName); var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName; if (_securityTrimmingService.CanCurrentUserAccess(area, controller, action)) { context.Succeed(requirement); } else { throw new AppException(ApiResultStatusCode.RedirectToHome, "You are unauthorized to access this resource.", HttpStatusCode.Unauthorized); } } return(Task.CompletedTask); }
public override void Process(TagHelperContext context, TagHelperOutput output) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } // don't render the <security-trimming> tag. output.TagName = null; if (!ViewContext.HttpContext.User.Identity.IsAuthenticated) { // suppress the output and generate nothing. output.SuppressOutput(); } if (_securityTrimmingService.CanCurrentUserAccess(Area, Controller, Action)) { // fine, do nothing. return; } // else, suppress the output and generate nothing. output.SuppressOutput(); }
protected override Task HandleRequirementAsync( AuthorizationHandlerContext context, DynamicPermissionRequirement requirement) { var mvcContext = context.Resource as AuthorizationFilterContext; if (mvcContext == null) { return(Task.CompletedTask); } var actionDescriptor = mvcContext.ActionDescriptor; var area = actionDescriptor.RouteValues["area"]; var controller = actionDescriptor.RouteValues["controller"]; var action = actionDescriptor.RouteValues["action"]; if (_securityTrimmingService.CanCurrentUserAccess(area, controller, action)) { context.Succeed(requirement); } else { context.Fail(); } return(Task.CompletedTask); }
protected override async Task HandleRequirementAsync( AuthorizationHandlerContext context, DynamicPermissionRequirement requirement) { var mvcContext = context.Resource as AuthorizationFilterContext; if (mvcContext == null) { return; } var actionDescriptor = mvcContext.ActionDescriptor; actionDescriptor.RouteValues.TryGetValue("area", out var areaName); var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName; actionDescriptor.RouteValues.TryGetValue("controller", out var controllerName); var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName; actionDescriptor.RouteValues.TryGetValue("action", out var actionName); var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName; // How to access form values from an AuthorizationHandler var request = mvcContext.HttpContext.Request; if (request.Method.Equals("post", StringComparison.OrdinalIgnoreCase)) { if (request.Path.ToString().StartsWith("/api") || request.IsAjaxRequest() && request.ContentType.Contains("application/json")) { var httpRequestInfoService = mvcContext.HttpContext.RequestServices.GetService <IHttpRequestInfoService>(); var model = await httpRequestInfoService.DeserializeRequestJsonBodyAsAsync <RoleViewModel>(); if (model != null) { } } else { foreach (var item in request.Form) { var formField = item.Key; var formFieldValue = item.Value; } } } if (_securityTrimmingService.CanCurrentUserAccess(area, controller, action)) { context.Succeed(requirement); } else { context.Fail(); } }
protected override async Task HandleRequirementAsync( AuthorizationHandlerContext context, DynamicPermissionRequirement requirement) { var routeData = _httpContextAccessor.HttpContext.GetRouteData(); var areaName = routeData?.Values["area"]?.ToString(); var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName; var controllerName = routeData?.Values["controller"]?.ToString(); var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName; var actionName = routeData?.Values["action"]?.ToString(); var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName; // How to access form values from an AuthorizationHandler var request = _httpContextAccessor.HttpContext.Request; if (request.Method.Equals("post", StringComparison.OrdinalIgnoreCase)) { if (request.IsAjaxRequest() && request.ContentType.Contains("application/json")) { var httpRequestInfoService = _httpContextAccessor.HttpContext.RequestServices.GetRequiredService <IHttpRequestInfoService>(); var model = await httpRequestInfoService.DeserializeRequestJsonBodyAsAsync <RoleViewModel>(); if (model != null) { } } else { foreach (var item in request.Form) { var formField = item.Key; var formFieldValue = item.Value; } } } if (_securityTrimmingService.CanCurrentUserAccess(area, controller, action)) { context.Succeed(requirement); } else { context.Fail(); } }
protected override async Task HandleRequirementAsync( AuthorizationHandlerContext context, DynamicPermissionRequirement requirement) { var mvcContext = context.Resource as AuthorizationFilterContext; if (mvcContext == null) { return; } var actionDescriptor = mvcContext.ActionDescriptor; var area = actionDescriptor.RouteValues["area"]; var controller = actionDescriptor.RouteValues["controller"]; var action = actionDescriptor.RouteValues["action"]; // How to access form values from an AuthorizationHandler var request = mvcContext.HttpContext.Request; if (request.Method.Equals("post", StringComparison.OrdinalIgnoreCase)) { if (request.IsAjaxRequest() && request.ContentType.Contains("application/json")) { var model = await request.DeserializeJsonBodyAsAsync <RoleDto>().ConfigureAwait(false); if (model != null) { } } else { foreach (var item in request.Form) { var formField = item.Key; var formFieldValue = item.Value; } } } if (_securityTrimmingService.CanCurrentUserAccess(area, controller, action)) { context.Succeed(requirement); } else { context.Fail(); } }
public override void Process(TagHelperContext context, TagHelperOutput output) { context.CheckArgumentIsNull(nameof(context)); output.CheckArgumentIsNull(nameof(output)); // don't render the <security-trimming> tag. output.TagName = null; if (_securityTrimmingService.CanCurrentUserAccess(Area, Controller, Action)) { // fine, do nothing. return; } // else, suppress the output and generate nothing. output.SuppressOutput(); }
public override void Process(TagHelperContext context, TagHelperOutput output) { output.TagName = null; if (!ViewContext.HttpContext.User.Identity.IsAuthenticated) { output.SuppressOutput(); } string[] Actions = Action.Split(":"); for (int i = 0; i < Actions.Length; i++) { if (_securityTrimmingService.CanCurrentUserAccess(Area, Controller, Actions[i])) { return; } } output.SuppressOutput(); }