C# - Run Both Authorize Filter And Action Filter On Unauthenticated MVC Request
Mar 17, 2010
I have decorated my base controller with a couple of action filters. They work fine.
One of those filters sets up the request - does things like set the culture based on the domain, etc.
I also have a handful of actions that require authorization using the Authorize attribute.
My problem is that when an user attempts to request a page they are not authorized to access, the authorization filter kicks in and redirects them to a page telling them that they cannot vie the page.
The issue is that the action filters never run so the culture and other request data is never set. This effectively causes language to be wrong in the view and other data to be missing.
I know that authorization filters run first but my question is this: How can I design this such that I can ensure that certain methods are always run before the view is returned, regardless of the authorization.
I have to develop an authorize filter in asp.net mvc.I have got five categories of users in my site and my site uses custom created authentication system.Now i have a controller action which should be accessible to 3 out of those five type of users.How to create a filter (basically authorize) and use it which fulfills my requirement?I think i need to create the authorize filter with parameter.I should be able to use something like this in my controller action.
Authorize[UsersType="admin,accountant,operator"] public ActionResult Test() { }
I just learned about actionfilters yesterday and thought it would be great if i could put my meta data into a action filter and change the page title, page description etc from 1 location based on a value from the controller.
I've getting so far, but cannot seem to work out how to add the default value to the controller and pass that value to my actionfilter.
In securing actions/controllers, do I have to create a custom filter or use MVC built-in filter?
To use the built-in attribute Authorize() on an action/controller or create a separate class that inherits the ActionFilterAttribute which has a method (OnActionExecuting) to override and do the authentication there?
I need to create application wide error handling mechanism. I was evaluating Action Filter for that matter. But- Action filter will just exectute against actions/controller- what about error at custom view engine or Extension method for HTML helper.: to handle them i need to implement traditional Asp.net mechanismCan anyone suggest best common approach which can handle error for all Controller, View, Model or custom helpers if any.
In my organization we use nested groups. For a particular usage, we have a group (let's assume that the group name "kuku"), and the names of all the nested groups under it contains "kuku" as well.
We may assume that no other group in the LDAP has "kuku" in the name.
I need to create a filter which will return all the users which belong to one of the "kuku"s group.
Obviously, using this filter will bring only the head kukus
(&(&(objectclass=user)(objectclass=person))(memberOf=CN=kuku,cn=...rest of the group DN...))
How can I use wild card to fetch all users which belong to any kuku?
For example: (&(&(objectclass=user)(objectclass=person))(memberOf=CN=.*kuku.*))
Is it possible to edit the content of a view from a action filter.
What I am working on is a Resourcemanager that I can use to manage
my style sheets, js and other resources. I want to be able to put
lines in the the view any where like Html.ResourceManager.AddScriptFile("MyScript")
or Html.ResourceManager.AddCSSFile("MyCSS")
and at the end of the view call Html.Render(); this would then place the content of my resources at this point. My problem is that I want to put the CSS stuff at the top of the view, but them problem is that it is renderend at the end of the view, so I tought that I could use a ActionFilter to move it to the top of the view.
1) What would be the best way to do this task ?
2) Is there any resources that describe the way that the MVC framework works in more detail ?
I have an app I am transitioning to MVC3 to see what the upgrade path is essentially. I've hit a snag. I believe I've run into a change that may be due to the changes for Dependency Injection in action filter attributes, but I have been unable to track down the cause, and the "correct" solution.This project uses StructureMap and NHibernate. The NHibernate session is started at the beginning of each request, and ends at the end of each request, thanks to a small module. This is just to give an idea of the stack involved...o I have a few custom Authorize attributes (Inheriting from AuthorizeAttribute) that perform some more complicated authorization logic for specific actions that they decorate. Part of their functionality involves using two repositories which they must either (a) have injected, or (b) get from the StructureMap ObjectFactory themselves. In MVC2 I was using option b, so that the CONSTRUCTOR of the attribute looked like this:
[Code]....
This worked fine, as in MVC2 the constructor was called each time the attribute was evaluated. This BREAKS in MVC3, where it would appear that this is no longer the case. Due to this apparent change, the FIRST time this attribute is evaluated, it runs fine, but each subsequent time, any calls in the repositories fails because it claims the NHibernate Session object hasn't been started! The reason being, as far as I can tell, that the CustomAuthorizeAttribute is created once, and then held in whatever state it exists in at that point for the lifetime of the application... Which means that the dependencies inside of it (Which SHOULD go out of scope at the end of each request, and be reinstantiated / fetched at the beginning of subsequent requests), are instead persisting with it becoming stale after the first evaluation.After banging my head against the desk for a few hours, I realized that simply moving these calls to the ObjectFactory into the AutorizeCore method made everything work again.Now, all of this was of course, a hack, because there wasn't a good easy to do real dependency injection into attributes in MVC2. I hear that is changed in MVC3, and I am wondering if this behavior is in response this change, and if so, what do I need to do to make this work?
I need to get an image url using FileUpload Control. When i do it in the explorer it shows all files to select. But i need to show only ".jpg,.gif" files. How can i do it.
I have a custom actionfilter that strips out the whitespaces before the html is rendered in browser and it is working fine. However I have been unable to unit test the custom action filter. Ideally I want to do an assert on the sample html that all whitespaces have been removed. Code looks something like this.
I'm trying to get the current action method by this way.
ActionDescriptor actionDescriptor = filterContext.ActionDescriptor; string actionName = actionDescriptor.ActionName; var controllerType = filterContext.Controller.GetType(); var actionMethod = controllerType.GetMethod(actionName);
But if there're two action method with the same name, the AmbiguousMatchException will occur there. Without the ActionMethod property, how can I get the current action method now?
I thought this would be easy and maybe it is but it's eluding me.
In an action filter (MVC 2) I want to add/edit one of the parameters for the type I'm passing to my action method.
I have an action method:
[Code]....
Bar is a simple class for viewData:
[Code]....
In my BarFilter action filter OnActionExecuting method I want to add a value for paramA which is not set by the view so that Bar will be fully populated in my Foo action method. I've tried various methods of adding values to ViewData, ModelState, Model etc. but I always get a null returned in Foo.
One of the navigation properties of the User object is Users_UserStatus1. This is a one to many (we store the status for each user account, when an account's status is changed, a new record is inserted into the status table as opposed to updating it). One of the search criteria I'm trying to filter on is the UserStatus. So, I pass in a comma-delimited string like so:
[Code]....
The problem, it seems, is that this is only bringing back one record, even though more of them should be matching. Also, I only want this to filter based on the last status for each user, not all of them. Can't quite seem to figure this one out.
What I want is to filter the dataview so I get top 10.
I googled it and found out that I had first to sort the dataview. Then add a column (int) to datatable. This column I then made a AutoIncrement on......
This works fine - I can see in the codebehind that it adds a column to the datatable that I called AutoInc.
Then make a RowFilter on the dataview - here it goes "wrong" for me.....
When using the line
datVie.RowFiler = "AutoInc < 11";
and bind it to a gridview I don't get a error - but it also don't show me any rows in the gridview...... If I comment the line out - I get all the rows in the dataview..
I am having difficulty in usint distinct with row filter, how to do this without using distinct.As i think distinct does not work with row filter.
Dim dsEName As DataSet = biz.GetEvent() Dim dt As DataTable = dsEName.Tables(0) Dim dv As New DataView(dsEName.Tables("dt")) dv.RowFilter = "DISTINCT EventName " Me.ddlEventName.DataSource = dv Me.ddlEventName.DataTextField = "EventName" Me.ddlEventName.DataValueField = "EventName" Me.ddlEventName.DataBind()
I have a 1:M relationship between Contact and EmploymentHistory.I want to create a new association that is the current employment, which would be 1:1 so I can do Contact.CurrentEmployment.The EmploymentHistory table has a CurrentEmployment flag.Is there a way to do this in Entity Framework?
I have a gridview on my web page which is bound to an Access database table. I would like to filter the rows from a command button. Can anyone tell me how to do this?
The value will be selected from a dropdown list, but the filtering should happen only after the button is clicked. I've been searching all day and everything that comes up is for a Sql Server database with a filter that is initiated directly from the dropdown.