forked from haoduotnt/aspnetwebstack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAttributeBasedPolicyProviderFactory.cs
182 lines (161 loc) · 7.34 KB
/
AttributeBasedPolicyProviderFactory.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Diagnostics.Contracts;
using System.Linq;
using System.Net.Http;
using System.Web.Cors;
using System.Web.Http.Controllers;
using System.Web.Http.Cors.Properties;
using System.Web.Http.Hosting;
using System.Web.Http.Routing;
namespace System.Web.Http.Cors
{
/// <summary>
/// An implementation of <see cref="ICorsPolicyProviderFactory"/> that returns the <see cref="ICorsPolicyProvider"/> from the controller or action attribute.
/// </summary>
public class AttributeBasedPolicyProviderFactory : ICorsPolicyProviderFactory
{
private const string HttpContextBaseKey = "MS_HttpContext";
/// <summary>
/// Gets or sets the default <see cref="ICorsPolicyProvider"/>.
/// </summary>
public ICorsPolicyProvider DefaultPolicyProvider { get; set; }
/// <summary>
/// Gets the <see cref="ICorsPolicyProvider" /> for the request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>
/// The <see cref="ICorsPolicyProvider" />.
/// </returns>
/// <exception cref="System.ArgumentNullException">request</exception>
[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "The object is registered for disposal when the request message is disposed.")]
public virtual ICorsPolicyProvider GetCorsPolicyProvider(HttpRequestMessage request)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
CorsRequestContext corsRequestContext = request.GetCorsRequestContext();
HttpActionDescriptor actionDescriptor = null;
if (corsRequestContext.IsPreflight)
{
HttpRequestMessage targetRequest = new HttpRequestMessage(new HttpMethod(corsRequestContext.AccessControlRequestMethod), request.RequestUri);
try
{
foreach (var property in request.Properties)
{
// The RouteData and HttpContext from the preflight request properties contain information
// relevant to the preflight request and not the actual request, therefore we need to exclude them.
if (property.Key != HttpPropertyKeys.HttpRouteDataKey &&
property.Key != HttpContextBaseKey)
{
targetRequest.Properties.Add(property.Key, property.Value);
}
}
HttpConfiguration config = request.GetConfiguration();
if (config == null)
{
throw new InvalidOperationException(SRResources.NoConfiguration);
}
IHttpRouteData routeData = config.Routes.GetRouteData(request);
if (routeData == null)
{
// No route data found for selecting action with EnableCorsAttribute, thus no ICorsPolicyProvider is returned
// and let the CorsMessageHandler flow the request to the normal Web API pipeline.
return null;
}
actionDescriptor = SelectAction(targetRequest, routeData, config);
}
catch
{
if (DefaultPolicyProvider != null)
{
return DefaultPolicyProvider;
}
throw;
}
finally
{
if (targetRequest != null)
{
request.RegisterForDispose(targetRequest);
}
}
}
else
{
actionDescriptor = request.GetActionDescriptor();
}
return GetCorsPolicyProvider(actionDescriptor);
}
private static void RemoveOptionalRoutingParameters(IDictionary<string, object> routeValueDictionary)
{
Contract.Assert(routeValueDictionary != null);
// Get all keys for which the corresponding value is 'Optional'.
// Having a separate array is necessary so that we don't manipulate the dictionary while enumerating.
// This is on a hot-path and linq expressions are showing up on the profile, so do array manipulation.
int max = routeValueDictionary.Count;
int i = 0;
string[] matching = new string[max];
foreach (KeyValuePair<string, object> kv in routeValueDictionary)
{
if (kv.Value == RouteParameter.Optional)
{
matching[i] = kv.Key;
i++;
}
}
for (int j = 0; j < i; j++)
{
string key = matching[j];
routeValueDictionary.Remove(key);
}
}
private ICorsPolicyProvider GetCorsPolicyProvider(HttpActionDescriptor actionDescriptor)
{
ICorsPolicyProvider policyProvider = null;
if (actionDescriptor != null)
{
HttpControllerDescriptor controllerDescriptor = actionDescriptor.ControllerDescriptor;
policyProvider = actionDescriptor.GetCustomAttributes<ICorsPolicyProvider>().FirstOrDefault();
if (policyProvider == null && controllerDescriptor != null)
{
policyProvider = controllerDescriptor.GetCustomAttributes<ICorsPolicyProvider>().FirstOrDefault();
}
}
if (policyProvider == null)
{
policyProvider = DefaultPolicyProvider;
}
return policyProvider;
}
private static HttpActionDescriptor SelectAction(HttpRequestMessage request, IHttpRouteData routeData, HttpConfiguration config)
{
request.SetRouteData(routeData);
RemoveOptionalRoutingParameters(routeData.Values);
HttpControllerDescriptor controllerDescriptor = config.Services.GetHttpControllerSelector().SelectController(request);
// Get the per-controller configuration
config = controllerDescriptor.Configuration;
request.SetConfiguration(config);
HttpRequestContext requestContext = request.GetRequestContext();
if (requestContext == null)
{
requestContext = new HttpRequestContext
{
Configuration = config,
RouteData = routeData,
Url = new UrlHelper(request),
VirtualPathRoot = config.VirtualPathRoot
};
}
HttpControllerContext controllerContext = new HttpControllerContext
{
RequestContext = requestContext,
Request = request,
ControllerDescriptor = controllerDescriptor
};
return config.Services.GetActionSelector().SelectAction(controllerContext);
}
}
}