public override void OnMethodInvoke(OnMethodInvokeArgs e)
{
base.OnMethodInvoke(e);
if (context.Request.RequestType == "GET" && !e.Method.Name.ToUpper().StartsWith("GET"))
{
e.Cancel = true;
}
}
/// <summary>
/// Intercept the execution right before the handler method is called
/// </summary>
/// <param name="e"></param>
public virtual void OnMethodInvoke(OnMethodInvokeArgs e)
{
}
public object Invoke(BaseHandler handler, HttpContext context)
{
MethodInfo m = null;
if (string.IsNullOrEmpty(method))
{
// call the request method
// if no method is passed then well call the method by HTTP verb (GET, POST, DELETE, UPDATE)
method = context.Request.RequestType.ToUpper();
}
m = handler.GetType().GetMethod(method);
List <object> a = new List <object>();
if (m == null)
{
if (method.ToLower() == "help")
{
m = handler.GetType().BaseType.GetMethod("Help");
}
else
{
throw new Exception(string.Format("Method {0} not found on Handler {1}.", method, this.GetType().ToString()));
}
}
else
{
// evaluate the handler and method attributes against Http allowed verbs
/*
* The logic here is:
* -> if no attribute is found means it allows every verb
* -> is a method have verb attbibutes defined then it will ignore the ones on the class
* -> verb attributes on the class are applied to all methods without verb attribues
*/
var handlerSupportedVerbs = handler.GetType().GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast <HttpVerbAttribute>();
var methodSupportedVerbs = m.GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast <HttpVerbAttribute>();
bool VerbAllowedOnMethod = (methodSupportedVerbs.Count() == 0);
bool VerbAllowedOnHandler = (handlerSupportedVerbs.Count() == 0);
if (methodSupportedVerbs.Count() > 0)
{
VerbAllowedOnMethod = methodSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null;
}
else if (handlerSupportedVerbs.Count() > 0)
{
VerbAllowedOnHandler = handlerSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null;
}
if (!VerbAllowedOnMethod || !VerbAllowedOnHandler)
{
throw new HttpVerbNotAllowedException();
}
// security validation: Search for RequireAuthenticationAttribute on the method
// value=true the user must be authenticated (only supports FromsAuthentication for now
// value=false invoke the method
object[] attrs = m.GetCustomAttributes(typeof(RequireAuthenticationAttribute), true);
if (attrs != null && attrs.Length > 0)
{
if (!context.Request.IsAuthenticated && ((RequireAuthenticationAttribute)attrs[0]).RequireAuthentication)
{
throw new InvalidOperationException("Method [" + m.Name + "] Requires authentication");
}
}
}
foreach (var param in m.GetParameters())
{
a.Add(ProcessProperty(param.Name, param.ParameterType, string.Empty));
}
// OnMethodInvoke -> Invoke -> AfterMethodInvoke
OnMethodInvokeArgs cancelInvoke = new OnMethodInvokeArgs(m);
handler.OnMethodInvoke(cancelInvoke);
object invokeResult = null;
if (!cancelInvoke.Cancel)
{
invokeResult = m.Invoke(handler, a.ToArray());
handler.AfterMethodInvoke(invokeResult);
}
return(invokeResult);
}
/// <summary>
/// Intercept the execution right before the handler method is called
/// </summary>
/// <param name="e"></param>
public virtual void OnMethodInvoke(OnMethodInvokeArgs e) { }
public object Invoke(BaseHandler handler, HttpContext context)
{
MethodInfo m = null;
if (string.IsNullOrEmpty(method))
{
// call the request method
// if no method is passed then well call the method by HTTP verb (GET, POST, DELETE, UPDATE)
method = context.Request.RequestType.ToUpper();
}
m = handler.GetType().GetMethod(method);
List<object> a = new List<object>();
if (m == null)
{
if (method.ToLower() == "help")
{
m = handler.GetType().BaseType.GetMethod("Help");
}
else
{
throw new Exception(string.Format("Method {0} not found on Handler {1}.", method, this.GetType().ToString()));
}
}
else
{
// evaluate the handler and method attributes against Http allowed verbs
/*
The logic here is:
* -> if no attribute is found means it allows every verb
* -> is a method have verb attbibutes defined then it will ignore the ones on the class
* -> verb attributes on the class are applied to all methods without verb attribues
*/
var handlerSupportedVerbs = handler.GetType().GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast<HttpVerbAttribute>();
var methodSupportedVerbs = m.GetCustomAttributes(typeof(HttpVerbAttribute), true).Cast<HttpVerbAttribute>();
bool VerbAllowedOnMethod = (methodSupportedVerbs.Count() == 0);
bool VerbAllowedOnHandler = (handlerSupportedVerbs.Count() == 0);
if (methodSupportedVerbs.Count() > 0)
{
VerbAllowedOnMethod = methodSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null;
}
else if (handlerSupportedVerbs.Count() > 0)
{
VerbAllowedOnHandler = handlerSupportedVerbs.FirstOrDefault(x => x.HttpVerb == context.Request.RequestType.ToUpper()) != null;
}
if (!VerbAllowedOnMethod || !VerbAllowedOnHandler)
{
throw new HttpVerbNotAllowedException();
}
// security validation: Search for RequireAuthenticationAttribute on the method
// value=true the user must be authenticated (only supports FromsAuthentication for now
// value=false invoke the method
object[] attrs = m.GetCustomAttributes(typeof(RequireAuthenticationAttribute), true);
if (attrs != null && attrs.Length > 0)
{
if (!context.Request.IsAuthenticated && ((RequireAuthenticationAttribute)attrs[0]).RequireAuthentication)
{
throw new InvalidOperationException("Method [" + m.Name + "] Requires authentication");
}
}
}
foreach (var param in m.GetParameters())
{
a.Add(ProcessProperty(param.Name, param.ParameterType, string.Empty));
}
// OnMethodInvoke -> Invoke -> AfterMethodInvoke
OnMethodInvokeArgs cancelInvoke = new OnMethodInvokeArgs(m);
handler.OnMethodInvoke(cancelInvoke);
object invokeResult = null;
if (!cancelInvoke.Cancel)
{
invokeResult = m.Invoke(handler, a.ToArray());
handler.AfterMethodInvoke(invokeResult);
}
return invokeResult;
}
