在我的 C#MVC4 应用程序中,我正在执行一些不同的重定向到自定义授权属性内部的操作,具体取决于用户是否已登录,具有某个角色等。
我已将 authorize 属性放在我的某个操作结果之上。如果用户未登录或未经过身份验证或登录但不是我检查过的任何一个组的成员,我希望执行操作结果中的代码。如果用户已登录并且是任一组的成员,我希望重定向到另一个操作(这当前正在工作)。
使用我当前的代码,那些登录并在指定组内的代码是 re-directed。其他类别中列出的所有内容都会导致我的 AuthorizationContext 为 null。知道当它为空时调用 HandleUnauthorizedRequest,我试图覆盖它以允许访问原始的 actionresult 但是无法弄明白。
无论我尝试什么,我收到错误:Object Reference not set to an instance of an object
就行:filterContext.Result = new RedirectToRouteResult(
我的授权属性代码如下:
public class AuthorizeEditAttribute : AuthorizeAttribute
{
public string hName { get; set; }
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
// Check if user is authenticated and if this action requires authorization
if (filterContext.HttpContext.User.Identity.IsAuthenticated
&& filterContext.ActionDescriptor.IsDefined(typeof(AuthorizeAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AuthorizeAttribute), true))
{
List<object> attributes = new List<object>(filterContext.ActionDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true));
attributes.AddRange(filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true));
hName = filterContext.Controller.ValueProvider.GetValue("hSearch").AttemptedValue;
// Check all authorzation attributes
foreach (var attribute in attributes)
{
var authAttribute = attribute as AuthorizeAttribute;
if (authAttribute != null)
{
if ((filterContext.HttpContext.User.IsInRole("TCL-CAdmin")) || (filterContext.HttpContext.User.IsInRole("TCL-C Group")))
{
// User is not authorized to perform edits so redirect to Index_Perm ActionResult
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
//{ "area", "" },
{ "controller", "Home" },
{ "action", "Index_Perm" },
{ "hSearch", hName.ToString() }
});
break;
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
//{ "area", "" },
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
break;
}
}
}
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
}
}
}
我没有覆盖 HandleUnauthorizedRequest,而是尝试修改 OnAuthorization 的开头部分,如下所示:
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
}
我仍然收到有关对象引用的相同警告。
1 回答
该问题是由路由值“hSearch”引起的,该值被分配了 hName 的值。 hName 在我的每次尝试中始终为 null,因为我没有设置它的值,直到行:
hName = filterContext.Controller.ValueProvider.GetValue("hSearch").AttemptedValue;
从未被击中。