2

使用 Fluent Security,我已经使用 DenyAnonymousAccess、DenyAuthenticationAccess 和 RequireRole 配置了网站访问。

SecurityConfigurator.Configure(configuration =>
{
    configuration.ResolveServicesUsing(new FluentSecurityServiceLocator());
    configuration.GetAuthenticationStatusFrom(CurrentUser.IsAuthenticated);

    configuration.GetRolesFrom(CurrentUser.Roles);

    configuration.For<HomeController>().DenyAnonymousAccess();
    configuration.For<ReportsController>().RequireRole(UserRole.Administrator);
    configuration.For<AccountController>().DenyAuthenticatedAccess();

    configuration.For<AccountController>(x => x.ChangePassword()).DenyAnonymousAccess();
});

我已经处理了 DenyAnonymousAccess 的 PolictyViolationException 并重定向到登录页面。

public ActionResult Handle(PolicyViolationException exception)
{
    return new RedirectToRouteResult(
       new RouteValueDictionary(new { action = "Login", controller = "Account" })
       );
}

但我不确定从 RequireRole 捕获异常是否是同一个过程?如果违反了 RequireRole,我需要重定向。

此外,当用户未登录并单击附加到角色的链接时,我会得到未处理版本的拒绝匿名访问异常。我在配置和实现中做错了什么?

4

1 回答 1

4

您必须正确定义违规处理程序类的名称。这取决于需要处理的违规行为。如果您正在处理 DenyAnonymousAccessPolicy 的违规,您的违规处理程序类的名称必须以策略名称开头,并且它必须实现 IPolicyViolationHandler。对于所有此类违反政策的行为,必须遵守此规则:

public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {

        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Account",
            action = "LogOn",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);

    }
}

对于 RequireRolePolicy,处理程序应如下所示:

public class RequireRolePolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {

        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Home",
            action = "Home",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);

    }
}

检查此链接以进一步了解流畅的安全策略违规处理程序。

https://github.com/kristofferahl/FluentSecurity/wiki/Policy-violation-handlers-2.0

希望能帮助到你!!!

于 2012-12-01T05:47:53.943 回答