Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

AuthorizeAttributeAclModule now tries getting filter providers from M…

…VC DependencyResolver first, before checking FilterProviders.Providers. This works better if using custom IoC filter providers (such as Autofac) and filter property injection.

Also, as per issue #21, AuthorizeAttributeAclModule now releases controllers built via ControllerFactory.  This fixes a memory leak problem when using IoC / DI, which tend to hang on to controller references.
  • Loading branch information...
commit a89e53d5422ac8c9fcc725173603e875b9a3ba28 1 parent 3dcc203
@aflatten authored
View
24 src/MvcSiteMapProvider/MvcSiteMapProvider/AuthorizeAttributeAclModule.cs
@@ -97,10 +97,14 @@ public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, D
// Create controller context
var controllerContext = new ControllerContext();
controllerContext.RequestContext = requestContext;
+
+ // Whether controller is built by the ControllerFactory (or otherwise by Activator)
+ bool factoryBuiltController = false;
try
{
string controllerName = requestContext.RouteData.GetRequiredString("controller");
controllerContext.Controller = ControllerBuilder.Current.GetControllerFactory().CreateController(requestContext, controllerName) as ControllerBase;
+ factoryBuiltController = true;
}
catch
{
@@ -149,8 +153,22 @@ public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, D
controllerDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList());
#else
+ IFilterProvider filterProvider = DependencyResolver.Current.GetService<IFilterProvider>();
+ IEnumerable<Filter> filters;
+
+ // If depencency resolver has an IFilterProvider registered, use it
+ if (filterProvider != null)
+ {
+ filters = filterProvider.GetFilters(controllerContext, actionDescriptor);
+ }
+ // Otherwise use FilterProviders.Providers
+ else
+ {
+ filters = FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor);
+ }
+
IEnumerable<AuthorizeAttribute> authorizeAttributesToCheck =
- FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor)
+ filters
.Where(f => typeof(AuthorizeAttribute).IsAssignableFrom(f.Instance.GetType()))
.Select(f => f.Instance as AuthorizeAttribute);
#endif
@@ -191,6 +209,10 @@ public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, D
{
// Restore HttpContext
httpContext.RewritePath(originalPath, true);
+
+ // Release controller
+ if (factoryBuiltController)
+ ControllerBuilder.Current.GetControllerFactory().ReleaseController(controllerContext.Controller);
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.