0

当在控制器的操作中使用FluentSecurity时,我遇到了问题。ActionNameSelectorAttribute

public static void Configure()
{
    var applicationConfiguration = DependencyResolver.Current.GetService<IApplicationConfiguration>();
    var superUserGroupName = applicationConfiguration.GetSuperUserGroupName();
    var userGroupName = applicationConfiguration.GetUserGroupName();

    var securityConfiguration = SecurityConfigurator.Configure(configuration =>
                                   {
                                       configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
                                       configuration.GetRolesFrom(System.Web.Security.Roles.GetRolesForUser);

                                       configuration.ForAllControllers().DenyAnonymousAccess().CachePerHttpRequest();
                                       configuration.ForAllControllers().RequireAnyRole(superUserGroupName).CachePerHttpRequest();
                                       configuration.For<Elmah.Mvc.ElmahController>().RequireAnyRole(userGroupName).CachePerHttpRequest();

                                       configuration.ApplyProfile<ProjectSecurityProfile>();
                                       configuration.ApplyProfile<ProjectsSecurityProfile>();
                                       configuration.ApplyProfile<RewecoSecurityProfile>();

                                       configuration.DefaultPolicyViolationHandlerIs(() => new HttpUnauthorizedPolicyViolationHandler());
                                   });
    securityConfiguration.AssertAllActionsAreConfigured();
}

当我在上面的配置下运行应用程序时,AssertAllActionsAreConfigured一切似乎都是正确的,没有例外。但是,一旦我在ActualHoursAssignmentControllerwhere the HttpParamActionis used 中调用操作方法,这是从我继承的类,ActionNameSelectorAttribute我得到了异常。

尚未为控制器 PDATA.Web.Controllers.ActualHoursAssignmentController 配置安全性,操作 ActionChoiceByNameAttributeValue 区域:(未设置)控制器:ActualHoursAssignment 操作:ActionChoiceByNameAttributeValue

public class HttpParamActionAttribute : ActionNameSelectorAttribute
{
    public static string ActionChoiceByNameAttributeValue
    {
        get { return "ActionChoiceByNameAttributeValue"; }
    }

    public override bool IsValidName([NotNull] ControllerContext controllerContext, 
                                     [NotNull] string actionName, [NotNull] MethodInfo methodInfo)
    {
        if (controllerContext == null)
        {
            throw new ArgumentNullException("controllerContext");
        }

        if (actionName == null)
        {
            throw new ArgumentNullException("actionName");
        }

        if (methodInfo == null)
        {
            throw new ArgumentNullException("methodInfo");
        }

        if (String.IsNullOrWhiteSpace(actionName))
        {
            throw new ArgumentException("actionName");
        }

        if (String.IsNullOrWhiteSpace(methodInfo.Name))
        {
            throw new ArgumentException("methodInfo.Name");
        }

        if (actionName.Equals(methodInfo.Name, StringComparison.InvariantCultureIgnoreCase))
            return true;

        if (!actionName.Equals(ActionChoiceByNameAttributeValue, StringComparison.InvariantCultureIgnoreCase))
            return false;

        var request = controllerContext.RequestContext.HttpContext.Request;
        return request[methodInfo.Name] != null;
    }
}

HttpParamAction属性的使用ActualHoursAssignmentController

public class ActualHoursAssignmentController : PdataBaseController
{
    [HttpParamAction]
    [HttpPost]
    public ActionResult UpdateAssignment(ActualHoursAssignmentViewModel vm)
    {

    }

    [HttpParamAction]
    [HttpPost]
    public ActionResult DeleteAssignment(ActualHoursAssignmentViewModel vm)
    {

    }
}

更新:因为我没有找到解决方案,所以我暂时取消了使用HttpParamActionAttribute。而不是我使用这个解决方案来调用一个Form中的多个按钮,但问题仍然存在,也许它是一个错误。

4

1 回答 1

0

支持 Controller 继承的旧版本 FluentSecurity 中似乎存在问题,请参阅:

https://github.com/kristofferahl/FluentSecurity/wiki/Securing-controllers#securing-controllers-based-on-inheritance

于 2014-09-18T12:17:30.363 回答