ASP.NET MVC: Ignore custom attribute in a base controller class

时光毁灭记忆、已成空白 提交于 2019-11-29 04:59:23

I had a similar need for something like this and found that by creating an authorization filter (implementing/deriving from FilterAttribute, IAuthorizationFilter) rather than a regular action filter (deriving from ActionFilterAttribute), and setting Inherited=true and AllowMultiple=false on the attribute, that it would only run once at the appropriate spot.

This means I am able to "cascade" my filter down from a base controller (the site-wide default), to a derived controller (for example the AdminController or whatever), or even further down to an individual action method.

For example,

[AttributeUsage(AttributeTargets.Class|AttributeTargets.Method, Inherited=true, AllowMultiple=false)]
public class MyCustomAttribute : FilterAttribute, IAuthorizationFilter
{
    private MyCustomMode _Mode;
    public MyCustomAttribute(MyCustomMode mode)
    {
        _Mode = mode;
    }
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }
        // run my own logic here.
        // set the filterContext.Result to anything non-null (such as
        // a RedirectResult?) to skip the action method's execution.
        //
        //
    }
}

public enum MyCustomMode
{
    Enforce,
    Ignore
}

And then to use it, I can apply it to my super-controller,

[MyCustomAttribute(Ignore)]
public class BaseController : Controller
{
}

And I can change/override it for specific controllers, or even for specific actions!

[MyCustomAttribute(Enforce)]
public class AdministrationController : BaseController
{
    public ActionResult Index()
    {
    }

    [MyCustomAttribute(Ignore)] 
    public ActionResult SomeBasicPageSuchAsAHelpDocument()
    {
    }
}

This allowed me to "turn off" the filter for specific cases, while still being able to apply it as a default on either the whole controller or whole application.

Good luck!

Johnny Oshika

In your custom attribute, you can add this ShouldRun() check like this:

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (ShouldRun(filterContext))
        {
            // proceed with your code
        }
    }

    private bool ShouldRun(ActionExecutingContext filterContext)
    {
        var ignoreAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(IgnoreMyCustomAttribute), false);
        if (ignoreAttributes.Length > 0)
            return false;

        return true;
    }

ShouldRun() simply checks whether there's a "IgnoreMyCustomAttribute" on your action. If it's there, then your custom attribute won't do anything.

You'll now want to create a simple IgnoreMyCustomAttribute, which doesn't do anything:

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class IgnoreMyCustomAttribute: ActionFilterAttribute
{
}

Whenever you decorate your controller action with [IgnoreMyCustom], then MyCustomAttribute won't do anything. e.g.:

[IgnoreMyCustom]
public ViewResult MyAction() {
}

I'm not sure there is an easy way to remove attributes in this situation. But I have done something similar for a project and what I did, as it was only in a few instances I didn't want my attribute to run, was to create two attributes.

My first attribute was applied to my base controller as you've done but it was aware of the existance of a second attribute and by implementing that second attribute I could disable the attribute on the base class from running.

Not sure if it was the best solution but it worked for me.

This was applied to the base controller:

/// <summary>
/// This is used to force the schema to HTTP is it is HTTPS.
/// RequireHttpsAttribute or OptionalHttpsAttribute takes precedence if used.
/// </summary>
public class RequireHttpAttribute : FilterAttribute, IAuthorizationFilter
{
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
            throw new ArgumentNullException("filterContext");

        if (filterContext.HttpContext.Request.IsSecureConnection)
        {
            object[] attributes = filterContext.ActionDescriptor.GetCustomAttributes(true);
            if (!attributes.Any(a => a is RequireHttpsAttribute || a is OptionalHttpsAttribute))
            {
                HandleHttpsRequest(filterContext);
            }
        }
    }

    protected virtual void HandleHttpsRequest(AuthorizationContext filterContext)
    {
        //  only redirect for GET method, otherwise browser may not propogate the verb and request body correctly
        if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
            throw new InvalidOperationException(MvcResources.RequireHttpAttribute_MustNotUseSsl);

        //  redirect to HTTP version
        string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}

Like so:

[RequireHttp]
public abstract class Controller : System.Web.Mvc.Controller
{
}

I could then use what is effectively a dummy attribute to disable it.

/// <summary>
/// This attribute allows the action to be server on HTTP and HTTPS but neither is enforce.
/// RequireHttpsAttribute takes precedence if used.
/// </summary>
public class OptionalHttpsAttribute : FilterAttribute
{
    // This is deliberately empty, the attribute is used by RequireHttpAttribute to stop it changing schema to HTTP
}

Like so:

    [OptionalHttps]
    public ActionResult OptionalHttps()
    {
        return View();
    }
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!