如何通过代码禁用MVC控制器？

Question

I am using SelfHost/Katana/Owin for my WebServer. I have a Controller in there that I want to enable/disable by code depending on a command line argument at launch time.

Is there a simple way of doing this in MVC?

Right now I'm thinking in the Controller's code to return HTTP-NotFound status code when this config is disabled, any better ideas?

Answer 1

You could decorate your controller with a custom Action Filter .

public class ConfigActionFilter : ActionFilterAttribute {   
  // This method is called before a controller action is executed.
  public override void OnActionExecuting(ActionExecutingContext filterContext) {
    if(someConfigSetting) {
      filterContext.Result = new RedirectToRouteResult("Error", someRouteValues);
    }
  }
  ...
}

Usage:

[ConfigActionFilter]
public class MyController : Controller {
  ...
}

More here .

Answer 2

You could perform a redirecttoaction that will take users to a different controller explaining what's happening.

ie:

public class MyController : Controller {
    private IConfigReader _configReader;

    public MyController(IConfigReader configReader){ //not sure if you're doing dependency injection or not, so I'm injecting it
         _configReader = configReader;
    }

    public ActionResult Index() {
        if(!_configReader.IsEnabled) {
            return RedirectToAction("Denied", "AuthController");
        }

        //etc

        return View();
    }
}

Answer 3

您可以创建一个属性，将其应用于控制器并在启动时在该属性上设置静态属性，并在设置该标志时拒绝访问（或返回“未找到”）。

Answer 4

Alternatively, you can implement a custom AuthorizationAttribute and put it on your controller

public class AuthorizationAdminAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (/*check for argument*/)
            {
                return false;
            }

            return true;
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (AuthorizeCore(filterContext.HttpContext))
            {
                // ** IMPORTANT **
                // Since we're performing authorization at the action level, the authorization code runs
                // after the output caching module. In the worst case this could allow an authorized user
                // to cause the page to be cached, then an unauthorized user would later be served the
                // cached page. We work around this by telling proxies not to cache the sensitive page,
                // then we hook our custom authorization code into the caching mechanism so that we have
                // the final say on whether a page should be served from the cache.

                HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
                cachePolicy.SetProxyMaxAge(new TimeSpan(0));
                cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
            }
            else
            {                  
                filterContext.Result = new HttpNotFoundResult();
            }
        }

        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
        {
            validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
        }
    }