Removing AuthorizationFilterAttribute as we do not want users to easily create their own authorization implementation. They should instead
use authorization policies and requirements(IAuthorizationRequirement) to enforce authorization. [Fixes #4233] AuthorizationFilterAttribute returns UnauthorizedResult rather than ChallengeResult
This commit is contained in:
parent
e1abb47b98
commit
e0212752e5
|
|
@ -1,53 +0,0 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Linq;
|
|
||||||
using System.Threading.Tasks;
|
|
||||||
using Microsoft.AspNetCore.Mvc.Authorization;
|
|
||||||
using Microsoft.AspNetCore.Mvc.Internal;
|
|
||||||
|
|
||||||
namespace Microsoft.AspNetCore.Mvc.Filters
|
|
||||||
{
|
|
||||||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
|
|
||||||
public abstract class AuthorizationFilterAttribute :
|
|
||||||
Attribute, IAsyncAuthorizationFilter, IAuthorizationFilter, IOrderedFilter
|
|
||||||
{
|
|
||||||
public int Order { get; set; }
|
|
||||||
|
|
||||||
public virtual Task OnAuthorizationAsync(AuthorizationFilterContext context)
|
|
||||||
{
|
|
||||||
if (context == null)
|
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(context));
|
|
||||||
}
|
|
||||||
|
|
||||||
OnAuthorization(context);
|
|
||||||
return TaskCache.CompletedTask;
|
|
||||||
}
|
|
||||||
|
|
||||||
public virtual void OnAuthorization(AuthorizationFilterContext context)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
protected virtual bool HasAllowAnonymous(AuthorizationFilterContext context)
|
|
||||||
{
|
|
||||||
if (context == null)
|
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(context));
|
|
||||||
}
|
|
||||||
|
|
||||||
return context.Filters.Any(item => item is IAllowAnonymousFilter);
|
|
||||||
}
|
|
||||||
|
|
||||||
protected virtual void Fail(AuthorizationFilterContext context)
|
|
||||||
{
|
|
||||||
if (context == null)
|
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(context));
|
|
||||||
}
|
|
||||||
|
|
||||||
context.Result = new UnauthorizedResult();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using System;
|
||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
|
|
@ -9,9 +10,9 @@ using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
|
||||||
namespace FiltersWebSite
|
namespace FiltersWebSite
|
||||||
{
|
{
|
||||||
public class AuthorizeUserAttribute : AuthorizationFilterAttribute
|
public class AuthorizeUserAttribute : Attribute, IAuthorizationFilter
|
||||||
{
|
{
|
||||||
public override void OnAuthorization(AuthorizationFilterContext context)
|
public virtual void OnAuthorization(AuthorizationFilterContext context)
|
||||||
{
|
{
|
||||||
var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
|
var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
|
||||||
if (controllerActionDescriptor.MethodInfo ==
|
if (controllerActionDescriptor.MethodInfo ==
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,17 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using System;
|
||||||
|
using System.Linq;
|
||||||
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc.Filters;
|
using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
|
||||||
namespace FiltersWebSite
|
namespace FiltersWebSite
|
||||||
{
|
{
|
||||||
public class BlockAnonymous : AuthorizationFilterAttribute
|
public class BlockAnonymous : Attribute, IAuthorizationFilter
|
||||||
{
|
{
|
||||||
public override void OnAuthorization(AuthorizationFilterContext context)
|
public void OnAuthorization(AuthorizationFilterContext context)
|
||||||
{
|
{
|
||||||
if (!HasAllowAnonymous(context))
|
if (!HasAllowAnonymous(context))
|
||||||
{
|
{
|
||||||
|
|
@ -19,9 +23,20 @@ namespace FiltersWebSite
|
||||||
|
|
||||||
if (userIsAnonymous)
|
if (userIsAnonymous)
|
||||||
{
|
{
|
||||||
base.Fail(context);
|
context.Result = new UnauthorizedResult();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private bool HasAllowAnonymous(AuthorizationFilterContext context)
|
||||||
|
{
|
||||||
|
if (context == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(context));
|
||||||
|
}
|
||||||
|
|
||||||
|
return context.Filters.Any(item => item is IAllowAnonymousFilter);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using System;
|
||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.Mvc.Controllers;
|
using Microsoft.AspNetCore.Mvc.Controllers;
|
||||||
|
|
@ -8,9 +9,9 @@ using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
|
||||||
namespace FiltersWebSite
|
namespace FiltersWebSite
|
||||||
{
|
{
|
||||||
public class GlobalAuthorizationFilter : AuthorizationFilterAttribute
|
public class GlobalAuthorizationFilter : Attribute, IAuthorizationFilter
|
||||||
{
|
{
|
||||||
public override void OnAuthorization(AuthorizationFilterContext context)
|
public void OnAuthorization(AuthorizationFilterContext context)
|
||||||
{
|
{
|
||||||
var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
|
var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
|
||||||
if (controllerActionDescriptor.MethodInfo ==
|
if (controllerActionDescriptor.MethodInfo ==
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
|
||||||
namespace FiltersWebSite
|
namespace FiltersWebSite
|
||||||
{
|
{
|
||||||
public class ThrowingAuthorizationFilter : AuthorizationFilterAttribute
|
public class ThrowingAuthorizationFilter : Attribute, IAuthorizationFilter
|
||||||
{
|
{
|
||||||
public override void OnAuthorization(AuthorizationFilterContext context)
|
public void OnAuthorization(AuthorizationFilterContext context)
|
||||||
{
|
{
|
||||||
throw new InvalidProgramException("Authorization Filter Threw");
|
throw new InvalidProgramException("Authorization Filter Threw");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue