抛出自定义异常并使用Postsharp捕获它们

时间:2013-02-21 14:45:16

标签: c# security exception-handling postsharp

我有2个属性:

  1. SecuredOperationAttribute
  2. ExceptionPolicyAttribute

    3. 如果用户无权访问控制器上的操作,那么我会抛出一个自定义 NonAuthorizedException ,但我无法在ExceptionPolicyAttribute

    上捕获它

    我的代码:

    [LogMethod]
[ExceptionPolicy]
public ActionResult Edit(int id)
{
   // some works on here
}

[Serializable]
public class ExceptionPolicyAttribute : OnExceptionAspect
{
    private ILog logger;
    private string methodName;

    public override void CompileTimeInitialize(MethodBase method, AspectInfo aspectInfo)
    {
        this.methodName = method.DeclaringType.FullName + "." + method.Name;
    }

    public override void OnException(MethodExecutionArgs args)
    {
        Guid guid = Guid.NewGuid();

        var stringBuilder = new StringBuilder(1024);

        // Write the exit message.
        stringBuilder.Append(this.methodName);
        stringBuilder.Append('(');

        // Write the current instance object, unless the method
        // is static.
        object instance = args.Instance;
        if (instance != null)
        {
            stringBuilder.Append("this=");
            stringBuilder.Append(instance);
            if (args.Arguments.Count > 0)
               stringBuilder.Append("; ");
        }

        // Write the list of all arguments.
        for (int i = 0; i < args.Arguments.Count; i++)
        {
            if (i > 0)
                stringBuilder.Append(", ");
            stringBuilder.Append(args.Arguments.GetArgument(i) ?? "null");
        }

        // Write the exception message.
        stringBuilder.AppendFormat("): Exception ");
        stringBuilder.Append(args.Exception.GetType().Name);
        stringBuilder.Append(": ");
        stringBuilder.Append(args.Exception.Message);

        logger.Error(stringBuilder.ToString(), args.Exception);

        args.FlowBehavior = FlowBehavior.Continue;
    }

    public override Type GetExceptionType(System.Reflection.MethodBase targetMethod)
    {
        return typeof(NonAuthorizedException);
    }
}

    安全属性是:

    [Serializable]
public class SecuredOperationAttribute: OnMethodBoundaryAspect
{
    public override void OnEntry(MethodExecutionArgs args)
    {
        IUserManager userManager = new UserManager();
        int userId = userManager.GetUserIdFromCookie;
        AdminUser adminUser = GenericSessionHelper<AdminUser>.Get(userId.ToString(), State.Session);
        if(!User.CanAccess)
        {
            args.ReturnValue = null;
            throw new NonAuthorizedException(string.Format("{0} userId li kullanıcının {1} işlemini yapmak için yetkisi yoktur",userId,args.Method.Name));
        }
        return;
    }
}

    可能有什么问题?我是否以错误的方式使用postharp?

1 个答案:

答案 0 :(得分:1)

我找到了解决方案: 我使用的属性如下:

[SecuredOperation]
[ExceptionPolicy]
public ActionResult Edit(int id)

但是ExceptionPolicy无法捕获异常。所以我将ExceptionPolicy移到Controller类的顶部:

[ExceptionPolicy]
    public class UserController : BaseAuthorizedUserController

现在可行。

相关问题
最新问题