I am trying to load Razor View from database.
I follow ASP.NET MVC and virtual views and VirtualPathProvider in MVC 5 to do that.
my Code :
VirtualPathProvider :
public class DbPathProvider : VirtualPathProvider
{
public override bool FileExists(string virtualPath)
{
var page = FindPage(virtualPath);
if (page == null)
{
return base.FileExists(virtualPath);
}
else
{
return true;
}
}
public override VirtualFile GetFile(string virtualPath)
{
var page = FindPage(virtualPath);
if (page == null)
{
return base.GetFile(virtualPath);
}
else
{
return new DbVirtualFile(virtualPath, page.PageData.ToArray());
}
}
private SiteModel FindPage(string virtualPath)
{
var db = new DatabaseContext();
var page = db.SiteModels.FirstOrDefault(x => x.SiteName == virtualPath);
return page;
}
}
VirtualFile
public class DbVirtualFile : VirtualFile
{
private byte[] data;
public DbVirtualFile(string virtualPath, byte[] data)
: base(virtualPath)
{
this.data = data;
}
public override System.IO.Stream Open()
{
return new MemoryStream(data);
}
}
Global.asax :
protected void Application_Start()
{
HostingEnvironment.RegisterVirtualPathProvider(new DbPathProvider());
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
Action :
public ActionResult Display(string id)
{
var db = new DatabaseContext();
var site = db.SiteModels.FirstOrDefault(x => x.PageName == id);
if (site == null)
{
return RedirectToAction("Index", "Home");
}
ViewBag.Body = site.PageContent;
return View(System.IO.Path.GetFileNameWithoutExtension(site.SiteName));
}
Data:
Case 1:
When virtualPath value is "/Views/Home/Contact.cshtml" then FileExists method return true and GetFile method is called.
Case 2:
When virtualPath value is "~/Home/Display/ce28bbb6-03cb-4bf4-8820-373890396a90" then FileExists method return true and GetFile method and Display Action is never called. and result is
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
I have no idea about dynamic view. I just read that two article and try to implement it.
Please tell me where I am doing wrong.
I am using MVC 5 and .NET 4.5
something I should be able to help you with.
There is something you are not thinking about which is ok, because I had loads of trouble with this too.
I think the issue you have here is knowing in what order everything fires.
This is what happens:
First the VirtualPathProvider FileExists method is called and
this is where you are doing your magic to find the page. My methods are slightly different to yours, here is an example:
public IList<Page> Pages
{
get
{
using (var uow = new UnitOfWork<SkipstoneContext>())
{
var companyService = new CompanyService(uow);
var company = companyService.GetTenant();
if (company != null)
{
var pageService = new PageService(uow, company.Id);
return pageService.GetPublished();
}
}
return null;
}
}
public override bool FileExists(string virtualPath)
{
if (IsVirtualPath(virtualPath))
{
if (FindPage(virtualPath) != null)
{
var file = (PageVirtualFile)GetFile(virtualPath);
return file.Exists;
}
}
return Previous.FileExists(virtualPath);
}
public override VirtualFile GetFile(string virtualPath)
{
if (IsVirtualPath(virtualPath))
{
var page = FindPage(virtualPath);
if (page != null)
{
var decodedString = Uri.UnescapeDataString(page.ViewData);
var bytes = Encoding.ASCII.GetBytes(decodedString);
return new PageVirtualFile(virtualPath, bytes);
}
}
return Previous.GetFile(virtualPath);
}
public override System.Web.Caching.CacheDependency GetCacheDependency(string virtualPath, System.Collections.IEnumerable virtualPathDependencies, DateTime utcStart)
{
if (IsVirtualPath(virtualPath))
return null;
return Previous.GetCacheDependency(virtualPath, virtualPathDependencies, utcStart);
}
public override string GetFileHash(string virtualPath, System.Collections.IEnumerable virtualPathDependencies)
{
if (IsVirtualPath(virtualPath))
return Guid.NewGuid().ToString();
return Previous.GetFileHash(virtualPath, virtualPathDependencies);
}
private Page FindPage(string virtualPath)
{
var virtualName = VirtualPathUtility.GetFileName(virtualPath);
var virtualExtension = VirtualPathUtility.GetExtension(virtualPath);
try
{
if (Pages != null)
{
var id = Convert.ToInt32(virtualName.Replace(virtualExtension, ""));
var page = Pages.Where(model => model.Id == id && model.Extension.Equals(virtualExtension, StringComparison.OrdinalIgnoreCase)).SingleOrDefault();
return page;
}
}
catch(Exception ex)
{
// Do nothing
}
return null;
}
private bool IsVirtualPath(string virtualPath)
{
var path = (VirtualPathUtility.GetDirectory(virtualPath) != "~/") ? VirtualPathUtility.RemoveTrailingSlash(VirtualPathUtility.GetDirectory(virtualPath)) : VirtualPathUtility.GetDirectory(virtualPath);
if (path.Equals("~/Views/Routing", StringComparison.OrdinalIgnoreCase) || path.Equals("/Views/Routing", StringComparison.OrdinalIgnoreCase))
return true;
else
return false;
}
Now, if this page is served from the database it is a virtual page, so the next thing that happens is that it calls your MvcHandler (in my handler I have these functions)
protected override IAsyncResult BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, object state)
{
var vpp = new SkipstoneVirtualPathProvider(); // Create an instance of our VirtualPathProvider class
var requestContext = ((MvcHandler)httpContext.Handler).RequestContext; // Get our request context
var path = requestContext.HttpContext.Request.Url.AbsolutePath; // Get our requested path
var pages = vpp.Pages; // Get all the published pages for this company
if (pages != null && !string.IsNullOrEmpty(path)) // If we have any pages and we have a path
{
var page = this.MatchPage(pages, path);
if (page != null) // If we find the page
{
requestContext.RouteData.Values["controller"] = "Routing"; // Set the controller
requestContext.RouteData.Values["action"] = "Index"; // And the action
}
}
return base.BeginProcessRequest(httpContext, callback, state);
}
private Page MatchPage(IList<Page> pages, string path)
{
if (path == "/" || !path.EndsWith("/"))
{
var page = pages.Where(model => model.Path.Equals(path, StringComparison.OrdinalIgnoreCase)).SingleOrDefault(); // Try to match the path first
if (page == null) // If we have no page, then get the directory and see if that matches any page
{
path = VirtualPathUtility.RemoveTrailingSlash(VirtualPathUtility.GetDirectory(path));
page = pages.Where(model => model.Path.Equals(path, StringComparison.OrdinalIgnoreCase)).SingleOrDefault();
}
return page; // return our page or null if no page exists
}
return null; // return null if anything fails
}
Just in case, when you create your MvcHandler if you have not already done so, it must be registered in RouteConfig like this:
// default MVC route
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
).RouteHandler = new SkipstoneRouteHandler();
In my MvcHandler I get my page and if it matches any virtual page I move to a RoutingController
public ActionResult Index()
{
using (var uow = new UnitOfWork<SkipstoneContext>())
{
var userId = User.Identity.GetUserId();
var service = new PageService(uow, this.CompanyId);
var userService = new UserService(uow, this.CompanyId);
var user = userService.Get(userId);
var fileName = service.View(Request.Url, user);
if (!fileName.StartsWith(#"/") && !fileName.StartsWith("~/"))
return View(fileName); // Show the page
else
return Redirect(fileName); // Redirect to our page
}
}
just for your sake I will show the service.View method
/// <summary>
/// Views the CMS page
/// </summary>
/// <param name="uri">The current Request.Url</param>
/// <param name="user">The current User</param>
/// <returns>The filename of the requested page</returns>
public string View(Uri uri, User user)
{
var path = uri.AbsolutePath; // Get our Requested Url
var queryString = uri.Query;
var pages = this.GetPublished();
var page = pages.Where(model => model.Path.Equals(path, StringComparison.OrdinalIgnoreCase)).SingleOrDefault(); // Try to get the page
if (page == null) // If our page is null
page = pages.Where(model => model.Path.Equals(VirtualPathUtility.RemoveTrailingSlash(VirtualPathUtility.GetDirectory(path)))).SingleOrDefault(); // try to get the page based off the directory
if (page == null) // If the page is still null, then it doesn't exist
throw new HttpException(404, "This page has been deleted or removed."); // Throw the 404 error
if (page.Restricted && user == null) // If our page is restricted and we are not logged in
return "~/Account/LogOn?ReturnUrl=" + page.Path + queryString; // Redirect to the login page
if (user != null && page.Restricted)
{
if (PageService.IsForbidden(page, user))
throw new HttpException(401, "You do not have permission to view this page."); // Throw 401 error
}
return Path.GetFileNameWithoutExtension(page.Id.ToString());
}
Then we are taken back to our VirtualPathProvider and the process begins again, but this time the virtual path will look something like this: "~/Views/Routing/1331.aspx"
If you notice, my FindPage method also looks for an extension match which I store in the database too:
Then GetFile will be called and as long as you have followed my path, you should return the VirtualFile
I really hope that helps :)
I have same issue.
Razor view engine not call GetFile if you virtualPath is not *.cshtml format.
You need generate {Guid}.cshtml path format
WARNING: ASP.NET 4 (MVC5) relative!
Despite the number of answers and a selected one, I will share my experience.
FileExists(string virtualPath)
gets called twice, once with a app relative path ("~/bla-bla") and once more with absolute one ("/bla-bla"). In my case the second one (the abs. path) fails. Seems like in ASP.NET 3 this was OK, however ASP.NET 4 (MVC5) checks it too. And requires it to return true. As a result
GetFile(string virtualPath)
doesn't get called.
For those who need to implement such behaviour VirtualPathUtility offers ToAbsolute and ToAppRelative convenience methods.
HTH
Related
I have a custom RouteBase, MyRoute which I want to work for an area "MyArea" which contains code like:
public override GetRouteData(HttpContextBase httpContext)
{
var result = new RouteData(this, new MvcRouteHandler());
result.Values.Add("area", "MyArea");
result.Values.Add("controller", "MyController");
result.Values.Add("action", "Index");
}
I register this in the MyAreaAreaRegistration.cs file:
public override string AreaName { get { return "MyArea"; } }
public override void RegisterArea(AreaRegistrationContext context)
{
context.Routes.Add(new MyRoute());
// other routes
context.MapRoute(/* ... */);
}
and when making requests, it successfully calls the Index action on MyController:
public ActionResult Index()
{
return this.View();
}
However, MVC doesn't search in the correct folders for the view:
The view 'Index' or its master was not found or no view engine supports the searched locations. The following locations were searched:
~/Views/MyController/Index.aspx
~/Views/MyController/Index.ascx
~/Views/Shared/Index.aspx
~/Views/Shared/Index.ascx
~/Views/MyController/Index.cshtml
~/Views/MyController/Index.vbhtml
~/Views/Shared/Index.cshtml
~/Views/Shared/Index.vbhtml
when the view is located in
~/Areas/MyArea/Views/MyController/Index.cshtml
How can I make MVC search in the correct area?
If you look at the source for AreaRegistrationContext.MapRoute you can see that it treats the area differently to the other route variables:
public Route MapRoute(string name, string url, object defaults, object constraints, string[] namespaces)
{
if (namespaces == null && this.Namespaces != null)
{
namespaces = this.Namespaces.ToArray<string>();
}
Route route = this.Routes.MapRoute(name, url, defaults, constraints, namespaces);
route.DataTokens["area"] = this.AreaName; // *** HERE! ***
bool flag = namespaces == null || namespaces.Length == 0;
route.DataTokens["UseNamespaceFallback"] = flag;
return route;
}
where this.AreaName is populated from the AreaRegistration.
So a quick fix for the problem is to replace the call:
result.Values.Add("area", "MyArea");
with
result.DataTokens["area"] = "MyArea";
I have created the filter below to restrict access to sections of my application to only users that are logged in. However, my app still complains that the user objects have not been instantiated before the filter fires the redirect. How can I make the redirect kick the user out before the action method has a chance to notice the objects are null?
Context
For completeness, it is worth mentioning:
UserSession.CurrentOrDefault();
Returns an object if it finds values stored in the current session, or null if the session doesn't exist.
The filter
public class RestrictAccess : ActionFilterAttribute
{
public UserRole RequiredRole { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var userSession = UserSession.CurrentOrDefault();
if(userSession != null)
{
int userRole = Convert.ToInt32(userSession.User.Role);
int requiredRole = Convert.ToInt32(this.RequiredRole);
if(userRole >= requiredRole)
{
base.OnActionExecuting(filterContext);
return;
}
else
{
HttpContext.Current.Response.Redirect("/");
return;
}
}
HttpContext.Current.Response.Redirect("/Session/Create");
}
}
An example action method that complains:
[RestrictAccess]
public ActionResult Index()
{
var userSession = UserSession.CurrentOrDefault();
// This is the part that throws the exception. userSession.User is null here.
// My expectation was for this to be unreachable if user is null because of the filter.
var model = new IndexViewModel { User = userSession.User };
return View(model);
}
You should implement your own AuthorizeAttribute for that
public class Authorization : AuthorizeAttribute
{
public UserRole RequiredRole { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var userSession = UserSession.CurrentOrDefault();
if(userSession != null)
{
int userRole = Convert.ToInt32(userSession.User.Role);
int requiredRole = Convert.ToInt32(this.RequiredRole);
if(userRole >= requiredRole)
{
return true;
}
else
{
return false;
}
}
return false;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
try
{
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
filterContext.Result = new RedirectResult("/Session/Create");
}
}
catch (Exception)
{
filterContext.Result = new RedirectResult("/Session/Create");
}
}
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
}
When you call HttpContext.Current.Response.Redirect, you are going outside of the MVC architecture, so it does not know not to run the action method and so continues and errors.
Instead you should set the Result of your ActionExecutingContext filterContext to a RedirectResult like so:
public class RestrictAccess : ActionFilterAttribute
{
public UserRole RequiredRole { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var userSession = UserSession.CurrentOrDefault();
if(userSession != null)
{
int userRole = Convert.ToInt32(userSession.User.Role);
int requiredRole = Convert.ToInt32(this.RequiredRole);
if(userRole >= requiredRole)
{
base.OnActionExecuting(filterContext);
return;
}
else
{
filterContext.Result = new RedirectResult("/");
return;
}
}
filterContext.Result = new RedirectResult("/Session/Create");
}
}
I'm using the ASP.Net Web API behind Windows Authentication and using the [Authorize] attribute to dictate what controllers and functions users have access to. This works great. The problem is that I would like to have the help area reflect only what the user has been granted for access. Curious if anyone has achieved this in some fashion. Is this done at the level of the controller, the App Start, or the help controller.
Thanks in advance...
Code snippet of one of my controllers
[Authorize]
public class TaktTimeController : ApiController
{
private BIDataContainer db = new BIDataContainer();
// GET api/TaktTime
[Authorize(Roles="Admins")]
public IQueryable<TaktTime> GetTaktTimes()
{
return db.TaktTimes;
}
// GET api/TaktTime/5
[ResponseType(typeof(TaktTime))]
[Authorize(Roles = "Admins")]
public IHttpActionResult GetTaktTime(string id)
{
TaktTime takttime = db.TaktTimes.Find(id);
if (takttime == null)
{
return NotFound();
}
return Ok(takttime);
}
You will need to modify HelpController.cs and add the following method:
using System.Collections.ObjectModel;
private Collection<ApiDescription> FilteredDescriptions()
{
var descriptionsToShow = new Collection<ApiDescription>();
foreach (var apiDescription in Configuration.Services.GetApiExplorer().ApiDescriptions)
{
var actionDescriptor = apiDescription.ActionDescriptor as ReflectedHttpActionDescriptor;
var authAttribute = actionDescriptor?.MethodInfo.CustomAttributes.FirstOrDefault(x => x.AttributeType.Name == nameof(System.Web.Http.AuthorizeAttribute));
var roleArgument = authAttribute?.NamedArguments?.FirstOrDefault(x => x.MemberName == nameof(System.Web.Http.AuthorizeAttribute.Roles));
var roles = roleArgument?.TypedValue.Value as string;
if (roles?.Split(',').Any(role => User.IsInRole(role.Trim())) ?? false)
{
descriptionsToShow.Add(apiDescription);
}
}
return descriptionsToShow;
}
And call it from the Index() action:
return View(FilteredDescriptions());
This can be achieved in razor view something like the following would be what you need.
#if (User.IsInRole("admin"))
{
<div>
<!--Text for admin here-->
</div>
}
#if (User.IsInRole("user"))
{
<div>
<!--Text for user here-->
</div>
}
The same logic can be used in WebApi controllers
public string Get()
{
if(User.IsInRole("admin"))
{
return "Text for admin";
}
if(User.IsInRole("user"))
{
return "Text for user";
}
}
Building upon Stanislav's approach, I have added support for AllowAnonymous, username-based authorization, controller attributes and global authorization filters.
public ActionResult Index()
{
ViewBag.DocumentationProvider = Configuration.Services.GetDocumentationProvider();
//return View(Configuration.Services.GetApiExplorer().ApiDescriptions);
return View(FilteredDescriptions());
}
private Collection<ApiDescription> FilteredDescriptions()
{
var list = Configuration.Services.GetApiExplorer().ApiDescriptions
.Where(apiDescription =>
{
// action attributes
if (apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var actionAuthorizeAttributes = apiDescription.ActionDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (actionAuthorizeAttributes.Count != 0)
{
return actionAuthorizeAttributes.All(IsUserAuthorized);
}
// controller attributes
if (apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var controllerAuthorizeAttributes = apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (controllerAuthorizeAttributes.Count != 0)
{
return controllerAuthorizeAttributes.All(IsUserAuthorized);
}
// global attributes
if (apiDescription.ActionDescriptor.Configuration.Filters.OfType<AllowAnonymousAttribute>().Any())
{
return true;
}
var globalAuthorizeAttributes = apiDescription.ActionDescriptor.Configuration.Filters.OfType<AuthorizeAttribute>().ToList();
if (globalAuthorizeAttributes.Count != 0)
{
return globalAuthorizeAttributes.All(IsUserAuthorized);
}
return true;
})
.ToList();
return new Collection<ApiDescription>(list);
}
private bool IsUserAuthorized(AuthorizeAttribute authorizeAttribute)
{
return User.Identity.IsAuthenticated
&& (authorizeAttribute.Roles == "" || authorizeAttribute.Roles.Split(',').Any(role => User.IsInRole(role.Trim())))
&& (authorizeAttribute.Users == "" || authorizeAttribute.Users.Split(',').Any(user => User.Identity.Name == user));
}
I have created a customized role base authorization attribute.My idea is that when a user with role name "employee" Log In should not be allowed to access the "admin" page through URL. But when I implement the [MyRoleAuthorization] in Employee controller and Log In the error says "This webpage has a redirect loop".
This is code for [MyRoleAuthorization]
public class MyRoleAuthorization : AuthorizeAttribute
{
string isAuthorized;
private string AuthorizeUser(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext != null)
{
var context = filterContext.RequestContext.HttpContext;
if (Convert.ToString(context.Session["RoleName"]) == "Admin")
{
isAuthorized = "Admin";
}
else if (Convert.ToString(context.Session["RoleName"]) == "Employee")
{
isAuthorized = "Employee";
}
else if (Convert.ToString((context.Session["RoleName"])) == "Customer")
{
isAuthorized = "Customer";
}
else
{
throw new ArgumentException("filterContext");
}
}
return isAuthorized;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
throw new ArgumentException("filterContext");
if (AuthorizeUser(filterContext) == "Admin")
{
filterContext.Result = new RedirectToRouteResult
(new RouteValueDictionary(new { controller = "Admin" }));
}
else if (AuthorizeUser(filterContext) == "Employee")
{
filterContext.Result = new RedirectToRouteResult
(new RouteValueDictionary(new { controller = "Employee" }));
}
else if (AuthorizeUser(filterContext) == "Customer")
{
filterContext.Result = new RedirectToRouteResult
(new RouteValueDictionary(new { controller = "Customer" }));
}
}
}
}
My Employee controller looks like this
[MyRoleAuthorization]
public ActionResult Index()
{
var employee = db.Employee.Include(e => e.User);
return View(employee.ToList());
}
Can you please help me.
Your redirection code is always going to redirect the user to the Employee Index Action, even when the action your are redirecting to is authenticated for the employee. You will need to provide another set of rules in your authorization and change your OnAuthorize method.
Such as
public class MyRoleAuthorization : AuthorizeAttribute
{
/// <summary>
/// the allowed types
/// </summary>
readonly string[] allowedTypes;
/// <summary>
/// Default constructor with the allowed user types
/// </summary>
/// <param name="allowedTypes"></param>
public MyRoleAuthorization(params string[] allowedTypes)
{
this.allowedTypes = allowedTypes;
}
/// <summary>
/// Gets the allowed types
/// </summary>
public string[] AllowedTypes
{
get { return this.allowedTypes; }
}
/// <summary>
/// Gets the authorize user
/// </summary>
/// <param name="filterContext">the context</param>
/// <returns></returns>
private string AuthorizeUser(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext != null)
{
var context = filterContext.RequestContext.HttpContext;
string roleName = Convert.ToString(context.Session["RoleName"]);
switch (roleName)
{
case "Admin":
case "Employee":
case "Customer":
return roleName;
default:
throw new ArgumentException("filterContext");
}
}
throw new ArgumentException("filterContext");
}
/// <summary>
/// The authorization override
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
throw new ArgumentException("filterContext");
string authUser = AuthorizeUser(filterContext);
if (!this.AllowedTypes.Any(x => x.Equals(authUser, StringComparison.CurrentCultureIgnoreCase)))
{
filterContext.Result = new HttpUnauthorizedResult();
return;
}
}
}
This can then be decorated as
public class EmployeeController : Controller
{
[MyRoleAuthorization("Employee")]
public ActionResult Index()
{
return View();
}
}
Now your login code should be modified to send the user to the correct controller.
Your biggest problem is when you go to the employee controller as an employee, you're redirected to the employee controller, where your attribute redirects you to the employee controller and so on. Try to avoid redirecting within the attribute as it makes your code brittle & when you come back in a years time, you won't remember why your routes don't work as you intend
Try this:
public class MyRoleAuthorization : AuthorizeAttribute
{
public string Role{get;set;}
private string AuthorizeUser(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext != null)
{
var context = filterContext.RequestContext.HttpContext;
return (string)context.Session["RoleName"];
}
throw new ArgumentException("filterContext");
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
throw new ArgumentException("filterContext");
var role = AuthorizeUser(filterContext);
if (role.Equals(Role))
{
// insert positive outcome from role check, ie let the action continue
}
else
{
// denied! redirect to login page or show denied page (403)
}
}
}
[MyRoleAuthorization("Employee")]
public ActionResult Index()
{
var employee = db.Employee.Include(e => e.User);
return View(employee.ToList());
}
It seems that when authorized, you redirect to the Customer controller, for example. This controller likely has your attribute on it, and so it authorizes the user, who is seen as a customer, and redirects to the Customer controller... Which has your attribute on it, and so it authorizes the user...
Infinite loop.
How do you get the current area name in the view or controller?
Is there anything like ViewContext.RouteData.Values["controller"] for areas?
From MVC2 onwards you can use ViewContext.RouteData.DataTokens["area"]
HttpContext.Current.Request.RequestContext.RouteData.DataTokens["area"]
You can get it from the controller using:
ControllerContext.RouteData.DataTokens["area"]
In ASP.NET Core 1.0 the value is found in
ViewContext.RouteData.Values["area"];
I just wrote a blog entry about this, you can visit that for more details, but my answer was to create an Extension Method, shown below.
The key kicker was that you pull the MVC Area from the .DataTokens and the controller/action from the .Values of the RouteData.
public static MvcHtmlString TopMenuLink(this HtmlHelper htmlHelper, string linkText, string controller, string action, string area, string anchorTitle)
{
var urlHelper = new UrlHelper(htmlHelper.ViewContext.RequestContext);
var url = urlHelper.Action(action, controller, new { #area = area });
var anchor = new TagBuilder("a");
anchor.InnerHtml = HttpUtility.HtmlEncode(linkText);
anchor.MergeAttribute("href", url);
anchor.Attributes.Add("title", anchorTitle);
var listItem = new TagBuilder("li");
listItem.InnerHtml = anchor.ToString(TagRenderMode.Normal);
if (CheckForActiveItem(htmlHelper, controller, action, area))
listItem.GenerateId("menu_active");
return MvcHtmlString.Create(listItem.ToString(TagRenderMode.Normal));
}
private static bool CheckForActiveItem(HtmlHelper htmlHelper, string controller, string action, string area)
{
if (!CheckIfTokenMatches(htmlHelper, area, "area"))
return false;
if (!CheckIfValueMatches(htmlHelper, controller, "controller"))
return false;
return CheckIfValueMatches(htmlHelper, action, "action");
}
private static bool CheckIfValueMatches(HtmlHelper htmlHelper, string item, string dataToken)
{
var routeData = (string)htmlHelper.ViewContext.RouteData.Values[dataToken];
if (routeData == null) return string.IsNullOrEmpty(item);
return routeData == item;
}
private static bool CheckIfTokenMatches(HtmlHelper htmlHelper, string item, string dataToken)
{
var routeData = (string)htmlHelper.ViewContext.RouteData.DataTokens[dataToken];
if (dataToken == "action" && item == "Index" && string.IsNullOrEmpty(routeData))
return true;
if (dataToken == "controller" && item == "Home" && string.IsNullOrEmpty(routeData))
return true;
if (routeData == null) return string.IsNullOrEmpty(item);
return routeData == item;
}
Then you can implement it as below :
<ul id="menu">
#Html.TopMenuLink("Dashboard", "Home", "Index", "", "Click here for the dashboard.")
#Html.TopMenuLink("Courses", "Home", "Index", "Courses", "List of our Courses.")
</ul>
I created an extension method for RouteData that returns the current area name.
public static string GetAreaName(this RouteData routeData)
{
object area;
if (routeData.DataTokens.TryGetValue("area", out area))
{
return area as string;
}
return null;
}
Since RouteData is available on both ControllerContext and ViewContext it can be accessed in your controller and views.
It is also very easy to test:
[TestFixture]
public class RouteDataExtensionsTests
{
[Test]
public void GetAreaName_should_return_area_name()
{
var routeData = new RouteData();
routeData.DataTokens.Add("area", "Admin");
routeData.GetAreaName().ShouldEqual("Admin");
}
[Test]
public void GetAreaName_should_return_null_when_not_set()
{
var routeData = new RouteData();
routeData.GetAreaName().ShouldBeNull();
}
}
There is no need to check if RouteData.DataTokens is null since this always initialized internally.
Get area name in View (.NET Core 2.2):
ViewContext?.ActionDescriptor?.RouteValues["area"]
MVC Futures has an AreaHelpers.GetAreaName() method. However, use caution if you're using this method. Using the current area to make runtime decisions about your application could lead to difficult-to-debug or insecure code.
I know this is old, but also, when in a filter like ActionFilter, the context does not easily provide you with the area information.
It can be found in the following code:
var routeData = filterContext.RequestContext.RouteData;
if (routeData.DataTokens["area"] != null)
area = routeData.DataTokens["area"].ToString();
So the filterContext is being passed in on the override and the correct RouteData is found under the RequestContext. There is a RoutData at the Base level, but the DataTokens DO NOT have the area in it's dictionary.
To get area name in the view, in ASP.NET Core MVC 2.1:
#Context.GetRouteData().Values["area"]
I dont know why but accepted answer is not working. It returns null with e.g ( maybe about mvc, i use .net core )
http://localhost:5000/Admin/CustomerGroup
I always debug the variable and fetch data from in it.
Try this. It works for me
var area = ViewContext.RouteData.Values["area"]
Detailed logical example
Layout = ViewContext.RouteData.Values["area"] == null ? "_LayoutUser" : "_LayoutAdmin";
Asp .Net Core 3.1
Scenario: I wanted to retrieve the current area name in a ViewCompnent Invoke method.
public IViewComponentResult Invoke()
{
string areaName = this.RouteData.Values["area"];
//Your code here...
return View(items);
}
I know this is a very very old post but we can use the Values Property exactly the same way as the DataTokens
Url.RequestContext.RouteData.Values["action"] worked for me.
In MVC 5, this seems to be needed now. When in a Controller, pass this.ControllerContext.RouteData to this routine:
/// <summary>
/// Get the name of the Area from the RouteData
/// </summary>
/// <param name="routeData"></param>
/// <returns></returns>
private static string GetArea(RouteData routeData)
{
var area = routeData.DataTokens["area"]?.ToString();
if (area != null)
{
// this used to work
return area;
}
// newer approach
var matchedList = routeData.Values["MS_DirectRouteMatches"] as List<RouteData>;
if (matchedList != null)
{
foreach (var matchedRouteData in matchedList)
{
if (matchedRouteData.DataTokens.TryGetValue("area", out var rawArea))
{
return rawArea.ToString();
}
}
}
return "";
}