CODEWITHSUNDEEP
c#securityexceptionpostsharp
shortcode
shortcode

Reputation: 457

Throw an custom exception and catch them with Postsharp

I have 2 attributes:

  1. SecuredOperationAttribute
  2. ExceptionPolicyAttribute

If user doesn't has an access to the action on controller then I throw an custom NonAuthorizedException but I can't catch it on ExceptionPolicyAttribute

My code:

[LogMethod]
[ExceptionPolicy]
public ActionResult Edit(int id)
{
   // some works on here
}

[Serializable]
public class ExceptionPolicyAttribute : OnExceptionAspect
{
    private ILog logger;
    private string methodName;

    public override void CompileTimeInitialize(MethodBase method, AspectInfo aspectInfo)
    {
        this.methodName = method.DeclaringType.FullName + "." + method.Name;
    }

    public override void OnException(MethodExecutionArgs args)
    {
        Guid guid = Guid.NewGuid();

        var stringBuilder = new StringBuilder(1024);

        // Write the exit message.
        stringBuilder.Append(this.methodName);
        stringBuilder.Append('(');

        // Write the current instance object, unless the method
        // is static.
        object instance = args.Instance;
        if (instance != null)
        {
            stringBuilder.Append("this=");
            stringBuilder.Append(instance);
            if (args.Arguments.Count > 0)
               stringBuilder.Append("; ");
        }

        // Write the list of all arguments.
        for (int i = 0; i < args.Arguments.Count; i++)
        {
            if (i > 0)
                stringBuilder.Append(", ");
            stringBuilder.Append(args.Arguments.GetArgument(i) ?? "null");
        }

        // Write the exception message.
        stringBuilder.AppendFormat("): Exception ");
        stringBuilder.Append(args.Exception.GetType().Name);
        stringBuilder.Append(": ");
        stringBuilder.Append(args.Exception.Message);

        logger.Error(stringBuilder.ToString(), args.Exception);

        args.FlowBehavior = FlowBehavior.Continue;
    }

    public override Type GetExceptionType(System.Reflection.MethodBase targetMethod)
    {
        return typeof(NonAuthorizedException);
    }
}

And the secure attribute is:

[Serializable]
public class SecuredOperationAttribute: OnMethodBoundaryAspect
{
    public override void OnEntry(MethodExecutionArgs args)
    {
        IUserManager userManager = new UserManager();
        int userId = userManager.GetUserIdFromCookie;
        AdminUser adminUser = GenericSessionHelper<AdminUser>.Get(userId.ToString(), State.Session);
        if(!User.CanAccess)
        {
            args.ReturnValue = null;
            throw new NonAuthorizedException(string.Format("{0} userId li kullanıcının {1} işlemini yapmak için yetkisi yoktur",userId,args.Method.Name));
        }
        return;
    }
}

What could be a problem? Am I using postsharp in a wrong way?

Upvotes: 1

Views: 721

Answers (1)

shortcode
shortcode

Reputation: 457

I found the solution: I was using attributes as like :

[SecuredOperation]
[ExceptionPolicy]
public ActionResult Edit(int id)

but ExceptionPolicy couldn't catch exception. so I moved the ExceptionPolicy to top of the Controller Class:

[ExceptionPolicy]
    public class UserController : BaseAuthorizedUserController

now it works.

Upvotes: 1

Related Questions