I have a problem with the FluentSecurity when the ActionNameSelectorAttribute is used on controller's action.
public static void Configure()
{
var applicationConfiguration = DependencyResolver.Current.GetService<IApplicationConfiguration>();
var superUserGroupName = applicationConfiguration.GetSuperUserGroupName();
var userGroupName = applicationConfiguration.GetUserGroupName();
var securityConfiguration = SecurityConfigurator.Configure(configuration =>
{
configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
configuration.GetRolesFrom(System.Web.Security.Roles.GetRolesForUser);
configuration.ForAllControllers().DenyAnonymousAccess().CachePerHttpRequest();
configuration.ForAllControllers().RequireAnyRole(superUserGroupName).CachePerHttpRequest();
configuration.For<Elmah.Mvc.ElmahController>().RequireAnyRole(userGroupName).CachePerHttpRequest();
configuration.ApplyProfile<ProjectSecurityProfile>();
configuration.ApplyProfile<ProjectsSecurityProfile>();
configuration.ApplyProfile<RewecoSecurityProfile>();
configuration.DefaultPolicyViolationHandlerIs(() => new HttpUnauthorizedPolicyViolationHandler());
});
securityConfiguration.AssertAllActionsAreConfigured();
}
When I run the application under the configuration above with the AssertAllActionsAreConfigured everything seems to be correct, no exceptions. But as soon as I call the action methods in the ActualHoursAssignmentController where the HttpParamAction is used , which is the class which inherits from ActionNameSelectorAttribute I get the exception.
Security has not been configured for controller PDATA.Web.Controllers.ActualHoursAssignmentController, action ActionChoiceByNameAttributeValue Area: (not set) Controller: ActualHoursAssignment Action: ActionChoiceByNameAttributeValue
public class HttpParamActionAttribute : ActionNameSelectorAttribute
{
public static string ActionChoiceByNameAttributeValue
{
get { return "ActionChoiceByNameAttributeValue"; }
}
public override bool IsValidName([NotNull] ControllerContext controllerContext,
[NotNull] string actionName, [NotNull] MethodInfo methodInfo)
{
if (controllerContext == null)
{
throw new ArgumentNullException("controllerContext");
}
if (actionName == null)
{
throw new ArgumentNullException("actionName");
}
if (methodInfo == null)
{
throw new ArgumentNullException("methodInfo");
}
if (String.IsNullOrWhiteSpace(actionName))
{
throw new ArgumentException("actionName");
}
if (String.IsNullOrWhiteSpace(methodInfo.Name))
{
throw new ArgumentException("methodInfo.Name");
}
if (actionName.Equals(methodInfo.Name, StringComparison.InvariantCultureIgnoreCase))
return true;
if (!actionName.Equals(ActionChoiceByNameAttributeValue, StringComparison.InvariantCultureIgnoreCase))
return false;
var request = controllerContext.RequestContext.HttpContext.Request;
return request[methodInfo.Name] != null;
}
}
Usage of HttpParamAction attribute in ActualHoursAssignmentController
public class ActualHoursAssignmentController : PdataBaseController
{
[HttpParamAction]
[HttpPost]
public ActionResult UpdateAssignment(ActualHoursAssignmentViewModel vm)
{
}
[HttpParamAction]
[HttpPost]
public ActionResult DeleteAssignment(ActualHoursAssignmentViewModel vm)
{
}
}
UPDATE:
Because I didn't find the solution I temporary eliminate of usage HttpParamActionAttribute. Instead of that I'm using this solution to call multiple buttons in the one Form, but the question persists, maybe it is a bug.
