stackoom
  简体   繁体   中英

Fluent Security and AOP with CastleDynamicProxy

 原文  2013-04-26 07:30:21       c#/ asp.net-mvc-4/ fluent-security

Question

This exact problem has been asked on GitHub but the provided workaround just doesnt seem to be optional with version 2.

The problem is, that if security is configured properly, even when it is configured via ForAllControllersInheriting, it just doesnt work with the CastleDynamixProxy runtime created Controllers proxies.

I suppose this is caused by the fact that these controllers actually do not exist when fluent security is parsing the rules. Is there any workaround for this? I wanted to create customized HandleSecurityAttribute as suggested on GitHub , but I wasnt able to do it with all the internal stuff in version 2 (but that may be the cause that I am no professional at C#, so I may just need a hint how to do that).

I tried all possible configurations: 

configuration.ForAllControllersInAssembly(typeof(HomeController).Assembly)
    .DenyAnonymousAccess();
configuration.ForAllControllersInheriting<HomeController>().DenyAnonymousAccess();
configuration.ForAllControllers().DenyAnonymousAccess();

None of those seems to work with this issue.

1 answers

solution1
 2 ACCPTED  2014-04-15 09:57:08

For those who still wonder how to solve this, there is a way in using a customized authorizatin attribute with a little help of SecurityHandler. 

public class CastleProxyHandleSecurityAttribute : Attribute, IAuthorizationFilter
{

    private readonly ISecurityHandler securityHandler;

    public CastleProxyHandleSecurityAttribute()
    {
        securityHandler = new SecurityHandler();
    }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        var actionName = filterContext.ActionDescriptor.ActionName;
        var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.FullName;

        if (controllerName.StartsWith("Castle") && filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.BaseType != null)
        {
            controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.BaseType.FullName;
        }

        var securityContext = SecurityContext.Current;
        securityContext.Data.RouteValues = filterContext.RouteData.Values;

        var overrideResult = securityHandler.HandleSecurityFor(controllerName, actionName, securityContext);
        if (overrideResult != null) filterContext.Result = overrideResult;
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question fluent nhibernate mapping security exception (Fluent) NHibernate Security Exception - ReflectionPermission Fluent Security - configuring parameterized controller actions Using a fluent security custom policy with castle windsor Is AspectF (a Fluent Aspect Framework) an AOP-like design that can be used without much concern? Catch exceptions from RequiredRole and other policies to redirect using Fluent Security AOP with ServiceStack Applying AOP AOP and Logging AOP for winforms
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM