diff --git a/samples/MvcSample.Web/FiltersController.cs b/samples/MvcSample.Web/FiltersController.cs index dcb46b4131..a6c0f22d47 100644 --- a/samples/MvcSample.Web/FiltersController.cs +++ b/samples/MvcSample.Web/FiltersController.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Mvc.Filters; using MvcSample.Web.Filters; diff --git a/src/Microsoft.AspNet.Mvc.Core/Filters/IAllowAnonymous.cs b/src/Microsoft.AspNet.Mvc.Abstractions/Filters/IAllowAnonymousFilter.cs similarity index 58% rename from src/Microsoft.AspNet.Mvc.Core/Filters/IAllowAnonymous.cs rename to src/Microsoft.AspNet.Mvc.Abstractions/Filters/IAllowAnonymousFilter.cs index 9cc69c91a7..cf1b44ff07 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Filters/IAllowAnonymous.cs +++ b/src/Microsoft.AspNet.Mvc.Abstractions/Filters/IAllowAnonymousFilter.cs @@ -1,9 +1,9 @@ -// Copyright (c) .NET Foundation. All rights reserved. +// Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. namespace Microsoft.AspNet.Mvc.Filters { - public interface IAllowAnonymous : IFilterMetadata + public interface IAllowAnonymousFilter : IFilterMetadata { } } diff --git a/src/Microsoft.AspNet.Mvc.Core/AllowAnonymousAttribute.cs b/src/Microsoft.AspNet.Mvc.Core/AllowAnonymousAttribute.cs deleted file mode 100644 index 6d33d72e51..0000000000 --- a/src/Microsoft.AspNet.Mvc.Core/AllowAnonymousAttribute.cs +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright (c) .NET Foundation. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using System; -using Microsoft.AspNet.Mvc.Filters; - -namespace Microsoft.AspNet.Mvc -{ - [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] - public class AllowAnonymousAttribute : Attribute, IAllowAnonymous - { - } -} diff --git a/src/Microsoft.AspNet.Mvc.Core/ApplicationModels/AuthorizationApplicationModelProvider.cs b/src/Microsoft.AspNet.Mvc.Core/ApplicationModels/AuthorizationApplicationModelProvider.cs index 91701e89ec..9bd4b96d2b 100644 --- a/src/Microsoft.AspNet.Mvc.Core/ApplicationModels/AuthorizationApplicationModelProvider.cs +++ b/src/Microsoft.AspNet.Mvc.Core/ApplicationModels/AuthorizationApplicationModelProvider.cs @@ -38,21 +38,31 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels { policy = AuthorizationPolicy.Combine( _authorizationOptions, - controllerModel.Attributes.OfType()); + controllerModel.Attributes.OfType()); if (policy != null) { controllerModel.Filters.Add(new AuthorizeFilter(policy)); } + foreach (var attribute in controllerModel.Attributes.OfType()) + { + controllerModel.Filters.Add(new AllowAnonymousFilter()); + } + foreach (var actionModel in controllerModel.Actions) { policy = AuthorizationPolicy.Combine( _authorizationOptions, - actionModel.Attributes.OfType()); + actionModel.Attributes.OfType()); if (policy != null) { actionModel.Filters.Add(new AuthorizeFilter(policy)); } + + foreach (var attribute in actionModel.Attributes.OfType()) + { + actionModel.Filters.Add(new AllowAnonymousFilter()); + } } } } diff --git a/src/Microsoft.AspNet.Mvc.Core/Filters/AllowAnonymousFilter.cs b/src/Microsoft.AspNet.Mvc.Core/Filters/AllowAnonymousFilter.cs new file mode 100644 index 0000000000..88d965ff55 --- /dev/null +++ b/src/Microsoft.AspNet.Mvc.Core/Filters/AllowAnonymousFilter.cs @@ -0,0 +1,13 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +namespace Microsoft.AspNet.Mvc.Filters +{ + /// + /// An implementation of + /// + public class AllowAnonymousFilter : IAllowAnonymousFilter + { + + } +} diff --git a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizationFilterAttribute.cs b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizationFilterAttribute.cs index af50f99d07..62a930edab 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizationFilterAttribute.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizationFilterAttribute.cs @@ -4,6 +4,7 @@ using System; using System.Linq; using System.Threading.Tasks; +using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc.Internal; namespace Microsoft.AspNet.Mvc.Filters @@ -36,7 +37,7 @@ namespace Microsoft.AspNet.Mvc.Filters throw new ArgumentNullException(nameof(context)); } - return context.Filters.Any(item => item is IAllowAnonymous); + return context.Filters.Any(item => item is IAllowAnonymousFilter); } protected virtual void Fail(AuthorizationContext context) diff --git a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs index 85540e341a..b0675d4a8b 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs @@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Mvc.Filters } // Allow Anonymous skips all authorization - if (context.Filters.Any(item => item is IAllowAnonymous)) + if (context.Filters.Any(item => item is IAllowAnonymousFilter)) { return; } diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/AuthorizationApplicationModelProviderTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/AuthorizationApplicationModelProviderTest.cs index 179c8a59c2..1d1369be26 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/AuthorizationApplicationModelProviderTest.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/AuthorizationApplicationModelProviderTest.cs @@ -56,6 +56,26 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels Assert.Equal(3, authorizeFilters.First().Policy.Requirements.Count); } + [Fact] + public void CreateControllerModelAndActionModel_AllowAnonymousAttributeAddsAllowAnonymousFilter() + { + // Arrange + var provider = new AuthorizationApplicationModelProvider(new TestOptionsManager()); + var defaultProvider = new DefaultApplicationModelProvider(new TestOptionsManager()); + + var context = new ApplicationModelProviderContext(new[] { typeof(AnonymousController).GetTypeInfo() }); + defaultProvider.OnProvidersExecuting(context); + + // Act + provider.OnProvidersExecuting(context); + + // Assert + var controller = Assert.Single(context.Result.Controllers); + Assert.Single(controller.Filters, f => f is AllowAnonymousFilter); + var action = Assert.Single(controller.Actions); + Assert.Single(action.Filters, f => f is AllowAnonymousFilter); + } + private class BaseController { [Authorize(Policy = "Base")] @@ -76,5 +96,14 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels public class AccountController { } + + [AllowAnonymous] + public class AnonymousController + { + [AllowAnonymous] + public void SomeAction() + { + } + } } } \ No newline at end of file diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs index 7c662cbeec..1fe4a4188e 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs @@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Mvc.Filters var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true); - authorizationContext.Filters.Add(new AllowAnonymousAttribute()); + authorizationContext.Filters.Add(new AllowAnonymousFilter()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); diff --git a/test/WebSites/AntiforgeryTokenWebSite/Controllers/AccountController.cs b/test/WebSites/AntiforgeryTokenWebSite/Controllers/AccountController.cs index 14402b8030..6a2e775a94 100644 --- a/test/WebSites/AntiforgeryTokenWebSite/Controllers/AccountController.cs +++ b/test/WebSites/AntiforgeryTokenWebSite/Controllers/AccountController.cs @@ -1,6 +1,7 @@ // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc; namespace AntiforgeryTokenWebSite diff --git a/test/WebSites/FiltersWebSite/Controllers/RandomNumberController.cs b/test/WebSites/FiltersWebSite/Controllers/RandomNumberController.cs index 8746748a8d..85fa7440a4 100644 --- a/test/WebSites/FiltersWebSite/Controllers/RandomNumberController.cs +++ b/test/WebSites/FiltersWebSite/Controllers/RandomNumberController.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc; namespace FiltersWebSite