Should trigger AbpHandledException for auth exceptions.

[panchengtao]

when I created a new user named 'cargo', he was not assigned any permissions(I just try to tested). Then I use the[AbpMvcAuthorize(PermissionNames.Pages_Users)]attribute with the HomeController, it was obvious that cargo's login to the /home/index would be denied,

So… how can I handle the 403 exception in abp.zero, I think HandleErrorAttribute would work, but I found the MyCompanyName.Template.Project didn's write any code to deal with the situation that when the users' permissions was denied by Attribute, but it worked well, or I just didn's found?

Some code & exception
exception:'HTTP Error 403.0 - Required permissions are not granted. At least one of these permissions must be granted: Pages.Users'

code:

[AbpMvcAuthorize(PermissionNames.Pages_Users)]
    public class HomeController : ProjectControllerBase
    {
        public ActionResult Index()
        {
            return View();
        }
    }

[hikalkan]

Hi,

This is done in the framework, not in the startup template. This is the filter does authorization: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeFilter.cs

It uses some other classes, and finally the exception is thrown here: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp/Authorization/PermissionCheckerExtensions.cs#L276

[panchengtao]

Actually, I have tried to handle the 403 exception by using HandleErrorAttribute,

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public class ExceptionFilter : HandleErrorAttribute
    {
        public override void OnException(ExceptionContext filterContext)
        {
            base.OnException(filterContext);
            ……

            Exception exception = filterContext.Exception;
            HttpException httpException = new HttpException(null, exception);
            var code= httpException.GetHttpCode();

            ……
        }
    }

but it didn't work, even exception could't enter the ExceptionFilter( I have use the ExceptionFilter with the BaseController). In addition, other exceptions throwed could be catch and hadle by the ExceptionFilter

[hikalkan]

Hi,

Exception filters can not handle authorization errors (this is by design of ASP.NET MVC. You can probably find info in it's own documentation). And also auth filters can not throw exceptions. This is why we handled it and didn't throwed here: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeFilter.cs#L40

But, it seems we skipped triggering AbpHandledException event for auth exceptions. We will do it in a short time.