Im trying to implement the RequireLocalHostActionFilter that Phil Haack did in one of his shows.
Its the ActionFilter thats checks if a call to a giving method is from the local host, and is registred in the global filters.
But my filter is not working, and I cant get my head around it.
So please, if someone has some free time to take a look.
My ActionFilter:
public class RequireLocalHostActionFilter : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return !httpContext.Request.IsLocal; // I need to test on the local host, so I reverse the logic.
}
}
My FilterProvider
public class ConditionalFilterProvider : IFilterProvider
{
public readonly IEnumerable<Func<ControllerContext, ActionDescriptor, object>> _conditions;
public ConditionalFilterProvider(IEnumerable<Func<ControllerContext, ActionDescriptor, object>> conditions)
{
this._conditions = conditions;
}
public IEnumerable<Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
IEnumerable<Filter> result = from condition in _conditions
select condition(controllerContext, actionDescriptor)
into filter
where filter != null
select new Filter(filter, FilterScope.Global, null);
return result;
}
}
In globals.
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
var conditions = new Func<ControllerContext, ActionDescriptor, object>[]
{
(c, a) =>
a.ControllerDescriptor.ControllerName.Equals("Online", StringComparison.OrdinalIgnoreCase)
? null : new RequireLocalHostActionFilter()
};
filters.Add(new ConditionalFilterProvider(conditions));
filters.Add(new HandleErrorAttribute());
}
I can see the action filter is added into the collection of filters.
And last my OnlineController, a simpel control, that I want the global filter to kick in.
public class OnlineController : Controller
{
public ActionResult Index()
{
ViewBag.Message = "Welcome to ASP.NET MVC! online";
return View();
}
// thx for taking your time to read this post.
// dennis
My if statement needed to be reversed.
var conditions = new Func < ControllerContext,
ActionDescriptor, object > [] {
(c, a) =>
a.ControllerDescriptor.ControllerName.Equals("Online",
StringComparison.OrdinalIgnoreCase) * * ? new RequireLocalHostActionFilterAttribute() : null * *
};
And I forgot to added the filter to the top of the controller.
// dennis
Related
As per this question here, ASP.NET MVC Pass object from Custom Action Filter to Action
, (which is for MVC), is there a similar object that we can add items or values to from within
public override void OnActionExecuting(HttpActionContext actionContext)
{
}
, (which is for WebAPI), and access it seconds later in the Controller's action method itself ?
This works:
set data:
public class MyAwesomeFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
//add stuff here.. to be accessed later
actionContext.Request.Properties.Add("myKey69", myValue);
}
}
retrieve data:
[MyAwesomeFilter]
public IHttpActionResult MyController( [FromBody] string myParmStr ) {
//retrieve the obj you inserted in filter...
obj myValue = null;
if (Request.Properties.TryGetValue("myKey69", out myValue)) {
//logic here...
}
}
I want to create some custom Filters in my application
After successful login i keep logged in user details in a session and want to check the session is expired or not ( If session expired i want to redirect to login page) and i need a filter for this.
public class MyActionFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
SchoolApp.ViewModels.CurrentSessionModel model=(SchoolApp.ViewModels.CurrentSessionModel)HttpContext.Current.Session["mySession"];
if (model == null)
{
//Redirect to Login page
}
else
{
base.OnActionExecuting(filterContext);
}
}
}
But the problem is this will fire for every rquests even while loading Login page . So how can i make a useful filter control that check for session
Looks like you're trying to do wrong things there. Check your web.config file - it should have section like:
<authentication mode="Forms">
<forms loginUrl="http://www.your_domain.com/login" name="cookie_name" defaultUrl="default_url" domain="your_domain" enableCrossAppRedirects="true" protection="All" slidingExpiration="true" cookieless="UseCookies" timeout="1440" path="/" />
</authentication>
If your session is expired (cookie with cookie_name non exists anymore) - user will be automatically redirected to loginUrl
If you still want to use filters - there's solution that allows you to exclude global filter for some controllers/actions:
assuming you have method in global.asax.cs:
private static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
IFilterProvider[] providers = FilterProviders.Providers.ToArray();
FilterProviders.Providers.Clear();
FilterProviders.Providers.Add(new ExcludeFilterProvider(providers));
filters.Add(DependencyResolver.Current.GetService<MyFilter>(), 2); // add your global filters here
}
Call it in your global.asax.cs:
RegisterGlobalFilters(GlobalFilters.Filters);
Filter provider class will look like:
public class ExcludeFilterProvider : IFilterProvider
{
private readonly FilterProviderCollection _filterProviders;
public ExcludeFilterProvider(IFilterProvider[] filters)
{
_filterProviders = new FilterProviderCollection(filters);
}
public IEnumerable<Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
Filter[] filters = _filterProviders.GetFilters(controllerContext, actionDescriptor).ToArray();
if (filters.Select(f => f.Instance).OfType<OverrideExcludeFilter>().Any())
return filters;
IEnumerable<ExcludeFilterAttribute> excludeFilters = (from f in filters where f.Instance is ExcludeFilterAttribute select f.Instance as ExcludeFilterAttribute);
var excludeFilterAttributes = excludeFilters as ExcludeFilterAttribute[] ?? excludeFilters.ToArray();
if (excludeFilterAttributes.FirstOrDefault(f => f.AllFilters) != null)
{
return new Collection<Filter>();
}
var filterTypesToRemove = excludeFilterAttributes.SelectMany(excludeFilter => excludeFilter.FilterTypes);
IEnumerable<Filter> res = (from filter in filters where !filterTypesToRemove.Contains(filter.Instance.GetType()) select filter);
return res;
}
}
ExcludeFilter attribute class:
public class ExcludeFilterAttribute : FilterAttribute
{
private readonly Type[] _filterType;
public ExcludeFilterAttribute(bool allFilters)
{
AllFilters = allFilters;
}
public ExcludeFilterAttribute(params Type[] filterType)
{
_filterType = filterType;
}
/// <summary>
/// exclude all filters
/// </summary>
public bool AllFilters { get; private set; }
public Type[] FilterTypes
{
get
{
return _filterType;
}
}
}
And usage sample:
[ExcludeFilter(new[] { typeof(MyFilter) })]
public ActionResult MyAction()
{
//some codes
}
So this way your filter of type MyFilter won't fire for specified action
Here's the situation. I've got a single action filter that I'm using in two different controllers. The action filter is defined as:
public class ValidSubmissionAttribute : FilterAttribute, IActionFilter
{
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
var controller = filterContext.Controller;
var session = filterContext.HttpContext.Session;
var isValid = controller.TempData["IsValid"];
if (isValid == null || !(bool)isValid)
{
SharedUtilities.LogOutUser(session, controller.ViewData.ModelState);
filterContext.Result = SharedUtilities.GetThankYouRedirect();
}
}
}
When I invoke the Attribute in one controller, like this:
[HttpPost]
public ActionResult DoSomething(string button, Model data)
{
try
{
if (ModelState.IsValid)
{
TempData["IsValid"] =
Request.Form["ValidRequest"] == Session.SessionID;
Session["VerifyDoingSomethingData"] = data;
return RedirectToAction("VerifyDoingSomething");
}
}
catch (Exception ex)
{
}
}
[ValidSubmission]
public ActionResult VerifyDoingSomething()
{
ViewData.Model = Session["VerifyDoingSomethingData"];
return View("VerifyDoingSomething");
}
it functions as expected. However, when I call it from a different controller, like this:
[HttpPost]
public ActionResult Index(string button, Model data)
{
try
{
if (ModelState.IsValid)
{
TempData["IsValid"] =
Request.Form["ValidRequest"] == Session.SessionID;
Session["ViewModel"] = data;
return RedirectToAction("VerifyCancellation");
}
}
catch (Exception ex)
{
}
}
[ValidSubmission]
public ActionResult VerifyCancellation()
{
ViewData.Model = Session["ViewModel"];
return View("VerifyCancellation");
}
the attribute doesn't run at all. My breakpoint in the OnActionExecuting method doesn't get hit.
If I had to guess, I'd say there was some difference in the controllers or in the action methods, but they appear to be functionally similar. Any insights? Why would I be seeing such different behavior?
Aaaaand, I'm a schmuck.
Turns out there's a completely different execution path that I'd forgotten about. That path didn't have the TempData information to use in the ValidSubmisionAttribute. Everything is functioning correctly now.
As part of a identity-enabled authorization system, I'd like to use IAuhtorizationFilter and Attributes to restrict access to action methods in my controllers. I've got things working very well, partly due to help from the following resources:
Ninject Binding Attribute to Filter with Constructor Arguments
https://github.com/ninject/ninject.web.mvc/wiki/Filter-configurations
Custom Authorization MVC 3 and Ninject IoC
https://github.com/ninject/ninject.web.mvc/wiki/Dependency-injection-for-filters
However, when I try to decorate an action method with more than one of my attributes, I get an exception as follows (sorry for the formatting):
[InvalidOperationException: Sequence contains more than one element]
System.Linq.Enumerable.Single(IEnumerable`1 source) +2691369
Ninject.Web.Mvc.FilterBindingSyntax.c__DisplayClass15`1.b__14(IContext ctx, ControllerContext controllerContext, ActionDescriptor actionDescriptor) in c:\Projects\Ninject\Maintenance2.2\ninject.web.mvc\mvc3\src\Ninject.Web.Mvc\FilterBindingSyntax\FilterFilterBindingBuilder.cs:379
Ninject.Web.Mvc.FilterBindingSyntax.c__DisplayClass12.b__11(IContext ctx) in c:\Projects\Ninject\Maintenance2.2\ninject.web.mvc\mvc3\src\Ninject.Web.Mvc\FilterBindingSyntax\FilterFilterBindingBuilder.cs:358
Ninject.Parameters.c__DisplayClass6.b__4(IContext ctx, ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Parameters\Parameter.cs:60
Ninject.Parameters.Parameter.GetValue(IContext context, ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Parameters\Parameter.cs:88
Ninject.Activation.Providers.StandardProvider.GetValue(IContext context, ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Activation\Providers\StandardProvider.cs:97
Ninject.Activation.Providers.c__DisplayClass2.b__1(ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Activation\Providers\StandardProvider.cs:81
...
Here is a very simplified version of my code that demonstrates the problem in an MVC3 app:
Attribute:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
public class SampleAttribute : Attribute
{
private Guid typeId;
public bool IsAllowed { get; set; }
public SampleAttribute(bool IsAllowed)
{
this.IsAllowed = IsAllowed;
this.typeId = new Guid();
}
public override object TypeId
{
get
{
return (object)typeId;
}
}
}
Filter:
public class SampleFilter : IAuthorizationFilter, IMvcFilter
{
private bool isAllowed;
public bool AllowMultiple
{
get { return true; }
}
public int Order
{
get { return 0; }
}
public SampleFilter(bool isAllowed)
{
this.isAllowed = isAllowed;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!isAllowed)
throw new Exception("unauthorized");
}
}
Controller:
public class HomeController : Controller
{
[Sample(true)]
[Sample(false)]
public ActionResult Index()
{
ViewBag.Message = "Welcome to ASP.NET MVC!";
return View();
}
}
The controller method above works as expected if one or the other of the Sample attributes on the Index() method is removed. Having both in place, generates the exception. I realize that in this simplified example, there isn't a situation that would call for both attributes, but it's simply for illustration.
What am I missing?
This is a known issue of Ninject 2.2. Please use 3.0 instead.
https://github.com/ninject/ninject.web.mvc/blob/master/mvc3/ReleaseNotes.txt
UpdateModel fails because arcm.Notes was null coming into this method and I want it to be an empty string.
Maybe I need to refresh the ValueProvider (?) after setting Notes to "", so I can use UpdateModel.
public ActionResult Edit1(Guid id, ActivityResponseConsumerMobile arcm) {
if (arcm.Notes == null)
arcm.Notes = "";
if (!ModelState.IsValid) {
SetupDropDowns();
return View(arcm);
}
ActivityResponseConsumerMobile arcmDb = uow.ActivityResponseConsumerMobiles.Single(a => a.Id == id);
try {
UpdateModel(arcmDb, null, null, new[] { "Id" });
This is the default behavior I believe since MVC2.
note one workaround here:
http://brianreiter.org/2010/09/16/asp-net-mvc-2-0-undocumented-model-string-property-breaking-change/
public sealed class EmptyStringModelBinder : DefaultModelBinder
{
public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
bindingContext.ModelMetadata.ConvertEmptyStringToNull = false;
return base.BindModel(controllerContext, bindingContext);
}
}
And register the binder
protected void Application_Start()
{
ModelBinders.Binders.DefaultBinder = new EmptyStringModelBinder();
RegisterRoutes( RouteTable.Routes );
}