1

我有 2 个属性:

  1. SecuredOperation属性
  2. 异常策略属性

如果用户无权访问控制器上的操作,那么我会抛出一个自定义NonAuthorizedException但我无法在 ExceptionPolicyAttribute 上捕获它

我的代码:

[LogMethod]
[ExceptionPolicy]
public ActionResult Edit(int id)
{
   // some works on here
}

[Serializable]
public class ExceptionPolicyAttribute : OnExceptionAspect
{
    private ILog logger;
    private string methodName;

    public override void CompileTimeInitialize(MethodBase method, AspectInfo aspectInfo)
    {
        this.methodName = method.DeclaringType.FullName + "." + method.Name;
    }

    public override void OnException(MethodExecutionArgs args)
    {
        Guid guid = Guid.NewGuid();

        var stringBuilder = new StringBuilder(1024);

        // Write the exit message.
        stringBuilder.Append(this.methodName);
        stringBuilder.Append('(');

        // Write the current instance object, unless the method
        // is static.
        object instance = args.Instance;
        if (instance != null)
        {
            stringBuilder.Append("this=");
            stringBuilder.Append(instance);
            if (args.Arguments.Count > 0)
               stringBuilder.Append("; ");
        }

        // Write the list of all arguments.
        for (int i = 0; i < args.Arguments.Count; i++)
        {
            if (i > 0)
                stringBuilder.Append(", ");
            stringBuilder.Append(args.Arguments.GetArgument(i) ?? "null");
        }

        // Write the exception message.
        stringBuilder.AppendFormat("): Exception ");
        stringBuilder.Append(args.Exception.GetType().Name);
        stringBuilder.Append(": ");
        stringBuilder.Append(args.Exception.Message);

        logger.Error(stringBuilder.ToString(), args.Exception);

        args.FlowBehavior = FlowBehavior.Continue;
    }

    public override Type GetExceptionType(System.Reflection.MethodBase targetMethod)
    {
        return typeof(NonAuthorizedException);
    }
}

安全属性是:

[Serializable]
public class SecuredOperationAttribute: OnMethodBoundaryAspect
{
    public override void OnEntry(MethodExecutionArgs args)
    {
        IUserManager userManager = new UserManager();
        int userId = userManager.GetUserIdFromCookie;
        AdminUser adminUser = GenericSessionHelper<AdminUser>.Get(userId.ToString(), State.Session);
        if(!User.CanAccess)
        {
            args.ReturnValue = null;
            throw new NonAuthorizedException(string.Format("{0} userId li kullanıcının {1} işlemini yapmak için yetkisi yoktur",userId,args.Method.Name));
        }
        return;
    }
}

可能是什么问题?我是否以错误的方式使用 postsharp?

4

1 回答 1

1

我找到了解决方案:我使用的属性如下:

[SecuredOperation]
[ExceptionPolicy]
public ActionResult Edit(int id)

但 ExceptionPolicy 无法捕获异常。所以我将 ExceptionPolicy 移到了控制器类的顶部:

[ExceptionPolicy]
    public class UserController : BaseAuthorizedUserController

现在它可以工作了。

于 2013-02-25T16:16:21.820 回答