赶上从RequiredRole等政策的例外使用流利的安全重定向 [英] Catch exceptions from RequiredRole and other policies to redirect using Fluent Security

问题描述

使用使用DenyAnonymousAccess，DenyAuthenticationAccess和RequireRole流利的安全，我已经配置了网站的访问。

Using Fluent Security, I have configured website access using DenyAnonymousAccess, DenyAuthenticationAccess and RequireRole.

SecurityConfigurator.Configure(configuration =>
{
    configuration.ResolveServicesUsing(new FluentSecurityServiceLocator());
    configuration.GetAuthenticationStatusFrom(CurrentUser.IsAuthenticated);

    configuration.GetRolesFrom(CurrentUser.Roles);

    configuration.For<HomeController>().DenyAnonymousAccess();
    configuration.For<ReportsController>().RequireRole(UserRole.Administrator);
    configuration.For<AccountController>().DenyAuthenticatedAccess();

    configuration.For<AccountController>(x => x.ChangePassword()).DenyAnonymousAccess();
});

我已经处理了PolictyViolationException为DenyAnonymousAccess并重定向到登录页面。

I've handled the PolictyViolationException for DenyAnonymousAccess and redirected to the logon page.

public ActionResult Handle(PolicyViolationException exception)
{
    return new RedirectToRouteResult(
       new RouteValueDictionary(new { action = "Login", controller = "Account" })
       );
}

但我不知道，如果赶上从RequireRole一个例外是相同的过程？我需要的，如果RequireRole违反重定向。

But I'm not sure if catching an exception from RequireRole is the same process? I need to redirect if RequireRole is violated.

此外，当没有登录的用户和点击连接到一个角色的链接，我得到denyanonymousaccess异常的未处理版本。我在做什么错在我的配置和实现??

Also, when user isn't logged on and clicks a link attached to a role, I get the unhandled version of denyanonymousaccess exception. What am I doing wrong in my configuration and implementation??

推荐答案

您必须正确定义违规处理程序类的名称。这取决于需要被处理的违规。
如果你正在处理的违规DenyAnonymousAccessPolicy，您违反处理程序类的名称必须与策略的名称开始，它必须实现IPolicyViolationHandler。这个规则必须遵循所有违反政策的行为
像这样的：

You have to define the name of the violation handler class correctly. It depends on the violation which needs to be handled. If you are handling the violation for DenyAnonymousAccessPolicy, your violation handler class must have the name start with the policy name and it must implement IPolicyViolationHandler. This rule must be followed for all policy violations like this:

public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {

        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Account",
            action = "LogOn",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);

    }
}

有关RequireRolePolicy，处理程序应该是这样的：

For RequireRolePolicy, the handler should look like this:

public class RequireRolePolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {

        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Home",
            action = "Home",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);

    }
}

检查此链接的一口流利的安全政策违规处理程序进一步了解。

Check this link for further knowledge on fluent security policy violation handlers.

http://www.fluentsecurity.net/wiki/Policy-violation-处理器 - 2.0

希望它可以帮助！

这篇关于赶上从RequiredRole等政策的例外使用流利的安全重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！