When implementing authorization for ASP.NET, where should I put AuthorizeAttribute implemented class?
In my project, I have created a class called BasicHttpAuthorizedAttribute which implements System.Web.Http.AuthorizeAttribute class and I have overridden the methods I want.
I have registered this BasicHttpAuthorizedAttribute class as a filter.
My problem is even though I do not mention the [Authorized] attribute on top of controller method, BasicHttpAuthorizedAttribute class's OnAuthorization() method gets called.
That should not be like that, right? It should only be called if you have mentioned [Authorized] attribute on top of controller method. Am I right?
What am I doing wrong here? (My project is a ASP.Net web api project and I am using System.Web.Http.AuthorizeAttribute class)
Basically, it goes into the OnAuthorization() event each time because you've registered it as a filter.
This article has a few neat tips and trips on blanket filtering and anonymous exceptions, which is, I think, what you want. It may be for MVC, but the techniques used should apply to most ASP.NET types with a little tweaking.
http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
Example from article:
[HttpPost]
[AllowAnonymous]
public ActionResult LogOn(LogOnModel model, string returnUrl)
Related
For the reasons that are not important to the question, I would like to know how to make my controllers / routing work in ASP.NET MVC5 if my controller class names do not end in Controller as per convention? Do I need to manually register them somewhere?
The Controller suffix is baked into the the ControllerDescriptor and ControllerTypeCache classes making it hard to override. One way that comes to mind is to write a custom controller factory and override the GetControllerType method.
I want to do some additional processing of the output of all my views before they get sent to the client.
I tried setting the view base class to a custom class where I override Execute, but that doesn't work because Razor will generate its own Execute in the derived class that doesn't call mine.
Is there another MVC-specific way to do it, or my only hope is to resort to the "classic" way of doing it, by setting Response.Filter in Application_BeginRequest in Global.asax?
You should implement IResultFilter. Common way to do it is by deriving from ActionFilterAttribute
void OnResultExecuted(
ResultExecutedContext filterContext
)
They are all inherited the Interface IHttpHandler,so the asp.net will call they by the same way. But why the aspx page inherited IDispose? Asp.net is how to achieve it?
ASP.NET page is inheriting from the base System.Web.UI.Page class which in turn implements the abstract System.Web.UI.TemplateControl class that inherits from System.Web.UI.Control which implements IDisposable.
In the code, there is the remark for the Dispose() of the Control class:
// Summary:
// Enables a server control to perform final clean up before it is released
// from memory.
That's the reason why .aspx file essentially implements the IDisposable interface.
Now, ASP.NET handler is directly implementing the System.Web.IHttpHandler interface without inheriting any other classes - being independent interface, it does not implement IDisposable - it's up to the programmer to decide whether to add such thing or not.
So your question is, how does the Dispose() code of the aspx (Page) ever get called?
You're making the assumption that ASP.NET framework only sees an IHttpHandler, whether it contains a Page or another implementation. That's almost certainly not true; something needs to call the page's constructor.
You could use a tool like IL Spy to try to find where the different handling is, and what it looks like.
I have a base controller which is subclassed from a standard mvc controller. This containers lots of useful methods specific to a Controller.
I now need to have some asych functionality in one of my new controllers
However, to do that you need to create a controller that subclasses AsyncController
But I also want to access functionality in my base controller
Obviously multiple inheritance isn't possible
so how do I get around this?
You could externalize the functionality you are willing to reuse into a service layer, action filter, authorization filter, model binder, ... it will depend on the functionality you are willing to reuse so that you could easily switch the base controller to an async controller and still preserve the functionality. If you want to use async controllers you will need to derive from AsyncController.
You could make your controller class inherit IAsyncManagerContainer and IAsyncController, then implement this functionality yourself, perhaps using the code from MVC source code. You could even encapsulate this in its own class that you delegate the functionality to.
I have just moved over to using ASP.NET MVC 2. In web forms, I normally had a BasePage class that extends from System.Web.UI.Page. And then every page extends from this BasePage. In this BasePage class I have methods that I need. How would I do this in an MVC application?
Any samples would be appreciated.
Thanks.
It is a bit different in MVC. The equivallent would be BaseController although this doesn't correlate exactly to a page in the classic ASP.NET sense. For a start, a controleler doesn't have any markup.
Into a base controller you might inject any model classes that are required by all pages and any common behaviours that have to be executed as part of all Action requests. An example might be some custom checks to go into the Controller OnActionExecuting event...
http://msdn.microsoft.com/en-us/library/system.web.mvc.controller.onactionexecuting.aspx
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
//check the filterContext for a certain condition
if (condition) {
//do something else - redirect to a different route or
//render a different view to to the default
filterContext.Result = new RedirectResult(newUrl);
}
//Otherwise, do nothing, the requested Action will execute as normal...
}
IN MVC there is a greater separation of concerns for rendering the UI, so depending on what the code did in your base page will dictate where it goes in MVC.
If your code generated HTML than you will probably be creating custom HTML helpers and reusable partials views (.ascx). If it handled input data than it will go in a model binder class, and you can create a base model binder for common code. If it talked to your services and domain model than it will go in the controller, and again you can use a base controller. Queries to the persistence layer will go in your model, and reusing code here leads to a much larger discussion of your architecture.
We also moved from base Page classes in ASP.NET and found that a combination of a base controller and a base Model (ViewData) class works well.
So ex Page properties eg: CurrentUser are available from the base Controller and also passed to the base ViewData when its initiated so you can use them on the aspx page.