I have a WCF service with a security attribute that's applicable only for a class. Is there a built-in .NET attribute or can I create an attribute that marks the method as 'excluded' where I could put in a method so that the class attribute won't be applied? I don't have access to the security attribute so I can't do any modifications with it. I can obviously create a separate class for the method, but it will involve a lot of refactoring.
[SecuredService] // I don't have access to this custom attribute
public class MyClass
{
[DoNotApplySecuredService]//is there a built in attribute like this?
public void MyMethod(){...}
}
Related
I've got a controller class which contains an attribute above it which logs system events.
the problem is that some of my methods in the controller contains sensitive data which i don't want to be saved in logs (such as passwords).
i tried to add a boolean property to the attribute which should signal to me if specific method contains sensitive data, and call the attribute on the method target (same attribute i used for the class target, just with the flag turned on) but it appears that the attribute above the class target is the one who has "priority" which means my sensitive data flag is always false.
does anyone knows how to make my method target override the class target when used above specific methods?
adding example for code here:
public class SystemEventAtt : Attribute {
public bool ContainsSensitiveData{ get; set; }
***
some additional code which logs stuff..
***
}
[SystemEventAtt]
public class SomeController : Controller {
[Route("someRoute")]
[SystemEventAtt(ContainsSensitiveData = true)]
[HttpPost]
public SomeObj FuncWhichContainsSensitiveData([FromBody] SomeOtherObj obj){
..some code
}
}
does anyone knows how to make my method target override the class target when used above specific methods?
If you want to only use SystemEventAtt attribute I think the answer is no.
Why don't you just add use attribute to your expectation writing log action?
Or there is another way.
You can create one attribute to represent you want to write log, and you can use reflection in SystemEventAtt attribute to get the action whether mark WriteLog attribute instead of use bool
public class WriteLogAttribute : Attribute {
}
public class SystemEventAtt : Attribute {
***
some additional code which logs stuff..
using reflection to get WriteLogAttribute check whether write log
***
}
In C# what are those brackets called above a method in MVC 3?
[ErrorHandler, SomethingHere]
public function Test() {
}
Not sure what you mean by "those brackets". What is preceding the function is an Attribute.
Microsoft MSDN: System.Attribute
And to expand a little in regards to usage:
An attribute is an annotation that can be placed on an element of source code and used to store application-specific information at compile time. This information is stored in the metadata and can be accessed either during application execution, through a process known as reflection, or when another tool reads the metadata. Attributes might change the behavior of the application during execution, provide transaction information about an object, or convey organizational information to a designer. gnu.org
These are called Attributes.An attribute is a class that inherits from the abstract class System.Attribute. By convention, all attributes are given a class name that ends with the word “Attribute”. Here are some MVC3 Attributes:
AcceptViewAttribute
ActionFilterAttribute
ActionMethodSelectorAttribute
ActionNameAttribute
ActionNameSelectorAttribute
AuthorizeAttribute
BindAttribute
CustomModelBinderAttribute
FilterAttribute
HandleErrorAttribute
HiddenInputAttribute
HttpDeleteAttribute
HttpGetAttribute
HttpPostAttribute
HttpPutAttribute
ModelBinderAttribute
NonActionAttribute
OutputCacheAttribute
RequireHttpsAttribute
ValidateAntiForgeryTokenAttribute
ValidateInputAttribute
and you can create your Custom Attributes
The MVC runtime uses Reflection to find attributes. Then MVC uses this information about located attributes to find the way how the method will be executed, what are the security restrictions and so on
Attributes
It infers the word Attribute, so your example is synonymous with:
[ErrorHandlerAttribute, SomethingHereAttribute]
public function Test() {
those are called method attributes. you can read more on the msdn site
Is it possible in C# in an attribute constructor to get the class that has the attribute assigned to it without having to pass that class name in.
[MyAttr]
public class A{}
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
[Serializable]
public class MyAttrAttribute: Attribute
{
public MyAttrAttribute()
{
//get info here about the class A etc
}
}
Attribute instances are completely independent of the types/fields/properties that they decorate; there is absolutely no way of accessing the context from an attribute. However, attributes also aren't created until you explicitly query them with reflection.
If you want to invoke some logic, then it must be done explicitly through code - so you might consider adding a method on your attribute that accepts the context object:
public void Invoke(object instance) {...}
for example, then use GetCustomAttribute to obtain it, cast it, and call .Invoke()
No. But why would you want to do this? What are you trying to achieve?
When you retrieve an attribute at run time, you do so from the type object representing the class. So even though the information is not stored in the attribute object, it is readily available.
This would have been a convenient feature, nice question. But fundamentally attributes are meant only as meta data to inspectors not to be inspectors - they are constant data.
My searches keep turning up only guides explaining how to use and apply attributes to a class. I want to learn how to create my own attribute classes and the mechanics of how they work.
How are attribute classes instantiated? Are they instantiated when the class they are applied to is instantiated? Is one instantiated for each class instantiated that it is applied to? E.g. if I apply the SerializableAttribute class to a MyData class, and I instantiate 5 MyData instances, will there be 5 instances of the SerializbleAttribute class created behind the scenes? Or is there just one instance shared between all of them?
How do attribute class instances access the class they are associated with? How does a SerializableAttribute class access the class it is applied to so that it can serialize it's data? Does it have some sort of SerializableAttribute.ThisIsTheInstanceIAmAppliedTo property? :) Or does it work in the reverse direction that whenever I serialize something, the Serialize function I pass the MyClass instance to will reflectively go through the Attributes and find the SerialiableAttribute instance?
I haven't use attributes in my day-to-day work before, but I have read about them.
Also I have done some tests, to back up what I'll say here. If I'm wrong in any place - feel free to tell me this :)
From what I know, attributes are not acting as regular classes. They aren't instantiated when you create an object that they are applied to, not one static instance, not 1 per each instance of the object.
Neither do they access the class that they are applied to..
Instead they act like properties (attributes? :P ) of the class. Not like the .NET class properties, more like in the "one property of glass is transparency" kind of property. You can check which attributes are applied to a class from reflection, and then act on it accordingly. They are essentially metadata that is attached to the class definition, not the objects of that type.
You can try to get the list of attributes on a class, method, property, etc etc.. When you get the list of these attributes - this is where they will be instantiated. Then you can act on the data within these attributes.
E.g. the Linq tables, properties have attributes on them that define which table/column they refer to. But these classes don't use these attributes. Instead, the DataContext will check the attributes of these objects when it will convert linq expression trees to SQL code.
Now for some real examples.. I've ran these in LinqPad, so don't worry about the strange Dump() method. I've replaced it with Console.WriteLine to make the code easier to understand for the people who don't know about it :)
void Main()
{
Console.WriteLine("before class constructor");
var test = new TestClass();
Console.WriteLine("after class constructor");
var attrs = Attribute.GetCustomAttributes(test.GetType()).Dump();
foreach(var attr in attrs)
if (attr is TestClassAttribute)
Console.WriteLine(attr.ToString());
}
public class TestClassAttribute : Attribute
{
public TestClassAttribute()
{
DefaultDescription = "hello";
Console.WriteLine("I am here. I'm the attribute constructor!");
}
public String CustomDescription {get;set;}
public String DefaultDescription{get;set;}
public override String ToString()
{
return String.Format("Custom: {0}; Default: {1}", CustomDescription, DefaultDescription);
}
}
[Serializable]
[TestClass(CustomDescription="custm")]
public class TestClass
{
public int Foo {get;set;}
}
The console result of this method is:
before class constructor
after class constructor
I am here. I'm the attribute constructor!
Custom: custm; Default: hello
And the Attribute.GetCustomAttributes(test.GetType()) returns this array:
(the table shows all available columns for all entries.. So no, the Serializable attribute does not have these properties :) )
Got any more questions? Feel free to ask!
UPD:
I've seen you ask a question: why use them?
As an example I'll tell you about the XML-RPC.NET library.
You create your XML-RPC service class, with methods that will represent the xml-rpc methods. The main thing right now is: in XmlRpc the method names can have some special characters, like dots. So, you can have a flexlabs.ProcessTask() xml rpc method.
You would define this class as follows:
[XmlRpcMethod("flexlabs.ProcessTask")]
public int ProcessTask_MyCustomName_BecauseILikeIt();
This allows me to name the method in the way I like it, while still using the public name as it has to be.
Attributes are essentially meta data that can be attached to various pieces of your code. This meta data can then be interogate and affect the behaviour of certain opperations.
Attributes can be applied to almost every aspect of your code. For example, attributes can be associated at the Assembly level, like the AssemblyVersion and AssemblyFileVersion attributes, which govern the version numbers associated with the assembly.
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
Then the Serializable attribute for example can be applied to a type declaration to flag the type as supporting serialization. In fact this attribute has special meaning within the CLR and is actually stored as a special directive directly on the type in the IL, this is optimized to be stored as a bit flag which can be processed much more efficiently, there are a few attributes on this nature, which are known as pseudo custom attributes.
Still other attributes can be applied to methods, properties, fields, enums, return values etc. You can get an idea of the possible targets an attribute can be applied to by looking at this link
http://msdn.microsoft.com/en-us/library/system.attributetargets(VS.90).aspx
Further to this, you can define your own custom attributes which can then be applied to the applicable targets that your attributes are intended for. Then at runtime your code could reflect on the values contained in the custom attributes and take appropriate actions.
For a rather naive example, and this is just for the sake of example :)
You might want to write a persistence engine that will automatically map Classes to tables in your database and map the properties of the Class to table columns. You could start with defining two custom attributes
TableMappingAttribute
ColumnMappingAttribute
Which you can then apply to your classes, as an example we have a Person class
[TableMapping("People")]
public class Person
{
[ColumnMapping("fname")]
public string FirstName {get; set;}
[ColumnMapping("lname")]
public string LastName {get; set;}
}
When this compiles, other than the fact that the compiler emits the additional meta data defined by the custom attributes, little else is impacted. However you can now write a PersistanceManager that can dynamically inspect the attributes of an instance of the Person class and insert the data into the People table, mapping the data in the FirstName property to the fname column and the LastName property to the lname column.
As to your question regarding the instances of the attributes, the instance of the attribute is not created for each instance of your Class. All instances of People will share the same instance of the TableMappingAttribute and ColumnMappingAttributes. In fact, the attribute instances are only created when you actually query for the attributes the first time.
Yes they're instantiated with the parameters you give it.
The attribute does not "access" the class. The attribute is attached to the class' / property's attribute list in the reflection data.
[Serializable]
public class MyFancyClass
{ ... }
// Somewhere Else:
public void function()
{
Type t = typeof(MyFancyClass);
var attributes = t.GetCustomAttributes(true);
if (attributes.Count(p => p is SerializableAttribute) > 0)
{
// This class is serializable, let's do something with it!
}
}
Think of attributes are post-its that are attached to the classes or method definitions (embedded in the assembly metadata).
You can then have a processor/runner/inspector module that accepts these types by reflecting, looks for these post-its and handles them differently. This is called declarative programming. You declare some behavior instead of writing code for them in the type.
Serializable attribute on a type declares that it is built to be serialized. The XmlSerializer can then accept an object of this class and do the needful. You mark the methods that need to be serialized/hidden with the right post-its.
another example would the NUnit. The NUnit runner looks at the [TestFixture] attributes all classes defined in the target assembly to identify test classes. It then looks for methods marked with [Test] attribute to identify the tests, which it then runs and displays the results.
You may want to run through this tutorial at MSDN which has most of your questions answered along with an example at the end. Although they could have extracted a method called
Audit(Type anyType); instead of duplicating that code. The example 'prints information' by inspecting attributes.. but you could do anything in the same vein.
If you take an eye out this downloadable open source code LINQ to Active Directory (CodePlex), you might find interesting the mechanism of the Attributes.cs file where Bart De Smet has written all of his attributes classes definitions. I have learned attributes there.
In short, you may specialize the Attribute class and code some specialized properties for your needs.
public class MyOwnAttributeClass : Attribute {
public MyOwnAttributeClass() {
}
public MyOwnAttributeClass(string myName) {
MyName = myName;
}
public string MyName { get; set; }
}
and then, you may use it wherever MyOwnAttributeClass gets useful. It might either be over a class definition or a property definition.
[MyOwnAttributeClass("MyCustomerName")]
public class Customer {
[MyOwnAttributeClass("MyCustomerNameProperty")]
public string CustomerName { get; set; }
}
Then, you can get it through reflection like so:
Attribute[] attributes = typeof(Customer).GetCustomAttribute(typeof(MyOwnAttributeClass));
Consider that the attribute you put between square brackets is always the constructor of your attribute. So, if you want to have a parameterized attribute, you need to code your constructor as such.
This code is provided as is, and may not compile. Its purpose is to give you an idea on how it works.
Indeed, you generally want to have a different attribute class for a class than for a property.
Hope this helps!
Not much time to give you a fuller answer, but you can find the Attributes that have been applied to a value using Reflection. As for creating them, you inherit from the Attribute Class and work from there - and the values that you supply with an attribute are passed to the Attribute class's constructor.
It's been a while, as you might be able to tell...
Martin
I've been reading a text about an extension to C# and at one point it says that "An attribute decoration X may only be applied to fields of type Y."
I haven't been able to find a definition for attribute decoration, and I'm not making much sense out of this by exchanging the two.
It's probably referring to the Attribute class. For example, you can mark a type as serializable via the SerializableAttribute. When you apply an attribute, you can leave off the "Attribute" suffix.
[Serializable]
public class SomeClass {
}
Attributes provide a means to add meta-data about the code.
Attributes are used to add metadata to .NET (C#) code in a structured manner. What a lot of people don't realise, though, is that there are actually two types of attribute.
The simplest is custom attributes, where you define an attribute that specific classes look for to alter the way they work. A common example is the System.Xml.Serialization attributes which are read by the XmlSerializer to alter its output, e.g. a class could be marked up something like the following to specify its namespace and that the field should be an attribute:
[XmlType(Namespace = "http://mycompany.com/")]
public class MyClass
{
[XmlAttribute]
public string MyField;
}
Custom attributes like this have no meaning to the compiler or the runtime, they are just added to the class as part of its metadata, and can be retrieved by a call to Type.GetCustomAttributes.
The other main group of attributes is pseudo-custom attributes, which actually have meaning to either the compiler or the runtime. The example in the post by Haacked with SerializableAttribute is actually an example of a pseudo-custom attribute. It is actually stored as part of the type definition and cannot be retrieved using Type.GetCustomAttributes. You cannot create your own pseudo-custom attributes.
So it's likely what you're dealing with here is a custom attribute which is being looked for by a specific tool.