ASP.Net 和 DotNetNuke -- 为什么客户 AuthorizeAttribute 覆盖 ValidateAntiForgeryToken?
ASP.Net and DotNetNuke -- why does a customer AuthorizeAttribute override ValidateAntiForgeryToken?
我有一个自定义 AuthorizationAttribute:
public class CodeWomplerAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return SessionManager.CheckSession(SessionKeys.User)==true;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == false)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "ActionName" },
{ "controller", "ControllerName" }
});
}
else
base.HandleUnauthorizedRequest(filterContext);
}
}
下面是控制器中的示例函数:
[HttpPost]
[DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken]
[CodeWomplerAuthorize]
public string InitializeNew()
{
var techSheet = new TechSheet {WorkOrder = {CreateDate = DateTime.Now}};
var empList = new WorkOrderEmployeeController().Gets().Recordset;
return JsonConvert.SerializeObject(Json(new{techSheet,empList}));
}
我的自定义属性效果很好。但是,如果我包含 [DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken],我会失败。
如果 AuthorizeCore 有覆盖,ValidateAntiForgeryToken 将失败。
如何在 AuthorizeCore 的覆盖中包含 ValidateAntiForgeryToken?
这是一种方法:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
AntiForgery.Instance.Validate(cookie?.Value, httpContext.Request.Headers["__RequestVerificationToken"]);` protected override bool AuthorizeCore(HttpContextBase httpContext)
return SessionManager.CheckSession(SessionKeys.User)==true;
}
我有一个自定义 AuthorizationAttribute:
public class CodeWomplerAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return SessionManager.CheckSession(SessionKeys.User)==true;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == false)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "ActionName" },
{ "controller", "ControllerName" }
});
}
else
base.HandleUnauthorizedRequest(filterContext);
}
}
下面是控制器中的示例函数:
[HttpPost]
[DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken]
[CodeWomplerAuthorize]
public string InitializeNew()
{
var techSheet = new TechSheet {WorkOrder = {CreateDate = DateTime.Now}};
var empList = new WorkOrderEmployeeController().Gets().Recordset;
return JsonConvert.SerializeObject(Json(new{techSheet,empList}));
}
我的自定义属性效果很好。但是,如果我包含 [DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken],我会失败。
如果 AuthorizeCore 有覆盖,ValidateAntiForgeryToken 将失败。
如何在 AuthorizeCore 的覆盖中包含 ValidateAntiForgeryToken?
这是一种方法:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
AntiForgery.Instance.Validate(cookie?.Value, httpContext.Request.Headers["__RequestVerificationToken"]);` protected override bool AuthorizeCore(HttpContextBase httpContext)
return SessionManager.CheckSession(SessionKeys.User)==true;
}