使用ActionNameSelectorAttribute时抛出“尚未为控制器配置安全性”的异常

时间:2014-09-18 12:10:30

标签: c# asp.net-mvc fluent-security

当控制器的操作使用ActionNameSelectorAttribute时, FluentSecurity 出现问题。

public static void Configure()
{
    var applicationConfiguration = DependencyResolver.Current.GetService<IApplicationConfiguration>();
    var superUserGroupName = applicationConfiguration.GetSuperUserGroupName();
    var userGroupName = applicationConfiguration.GetUserGroupName();

    var securityConfiguration = SecurityConfigurator.Configure(configuration =>
                                   {
                                       configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
                                       configuration.GetRolesFrom(System.Web.Security.Roles.GetRolesForUser);

                                       configuration.ForAllControllers().DenyAnonymousAccess().CachePerHttpRequest();
                                       configuration.ForAllControllers().RequireAnyRole(superUserGroupName).CachePerHttpRequest();
                                       configuration.For<Elmah.Mvc.ElmahController>().RequireAnyRole(userGroupName).CachePerHttpRequest();

                                       configuration.ApplyProfile<ProjectSecurityProfile>();
                                       configuration.ApplyProfile<ProjectsSecurityProfile>();
                                       configuration.ApplyProfile<RewecoSecurityProfile>();

                                       configuration.DefaultPolicyViolationHandlerIs(() => new HttpUnauthorizedPolicyViolationHandler());
                                   });
    securityConfiguration.AssertAllActionsAreConfigured();
}

当我使用AssertAllActionsAreConfigured在上面的配置下运行应用程序时,一切似乎都是正确的,没有例外。但是,只要我在使用ActualHoursAssignmentController的{​​{1}}中调用操作方法,这是继承自HttpParamAction的类,我就会得到异常。

尚未为控制器PDATA配置安全性.Web.Controllers.ActualHoursAssignmentController,action ActionChoiceByNameAttributeValue区域:(未设置)控制器:ActualHoursAssignment操作:ActionChoiceByNameAttributeValue 

ActionNameSelectorAttribute

public class HttpParamActionAttribute : ActionNameSelectorAttribute { public static string ActionChoiceByNameAttributeValue { get { return "ActionChoiceByNameAttributeValue"; } } public override bool IsValidName([NotNull] ControllerContext controllerContext, [NotNull] string actionName, [NotNull] MethodInfo methodInfo) { if (controllerContext == null) { throw new ArgumentNullException("controllerContext"); } if (actionName == null) { throw new ArgumentNullException("actionName"); } if (methodInfo == null) { throw new ArgumentNullException("methodInfo"); } if (String.IsNullOrWhiteSpace(actionName)) { throw new ArgumentException("actionName"); } if (String.IsNullOrWhiteSpace(methodInfo.Name)) { throw new ArgumentException("methodInfo.Name"); } if (actionName.Equals(methodInfo.Name, StringComparison.InvariantCultureIgnoreCase)) return true; if (!actionName.Equals(ActionChoiceByNameAttributeValue, StringComparison.InvariantCultureIgnoreCase)) return false; var request = controllerContext.RequestContext.HttpContext.Request; return request[methodInfo.Name] != null; } }

中使用HttpParamAction属性 
ActualHoursAssignmentController

更新: 因为我没有找到解决方案,我临时消除了使用public class ActualHoursAssignmentController : PdataBaseController { [HttpParamAction] [HttpPost] public ActionResult UpdateAssignment(ActualHoursAssignmentViewModel vm) { } [HttpParamAction] [HttpPost] public ActionResult DeleteAssignment(ActualHoursAssignmentViewModel vm) { } } 。而不是我使用this解决方案来调用一个表单中的多个按钮,但问题仍然存在,也许这是一个错误。

1 个答案:

答案 0 :(得分:0)

看起来旧版本的FluentSecurity存在一个问题,支持Controller继承,请参阅:

https://github.com/kristofferahl/FluentSecurity/wiki/Securing-controllers#securing-controllers-based-on-inheritance

相关问题
最新问题