RequestService

Members

Namespace: ASPSecurityKit.NetCore
Assembly: ASPSecurityKit.NetCore.dll

Summary

Implements the INetRequestService for ASP.NET Core.

Constructors

#ctor(filterContext,settings,securityUtility,errorResource,xssValidator)

Summary

Initializes a new instance of the RequestService class.

Parameters
Name Type Description
filterContext Microsoft.AspNetCore.Mvc.Filters.ActionExecutingContext The filter context.
settings ASPSecurityKit.ISecuritySettings The security settings.
securityUtility ASPSecurityKit.ISecurityUtility The security utility.
errorResource ASPSecurityKit.IErrorMessageResourceProvider The error resource.
xssValidator ASPSecurityKit.Xss.IXssValidator The XSS validator.

Properties

Verb

Summary

Gets the http verb of the request.

Value

The http verb of the request.

Operation

Summary

Gets the name of the operation (action/endpoint) invoked.

Value

The name of the operation (action/endpoint) invoked.

IsSecureConnection

Summary

Gets a value indicate whether the connection is secure.

Value

true if the connection is secure; otherwise, false.

AbsoluteUri

Summary

Gets the Absolute URL for the request (including scheme, host, pathInfo etc.).

Value

The Absolute URL for the request (including scheme, host, pathInfo etc.).

RawUrl

Summary

Gets the relative URL sent in the request (such as /pathInfo?queryString).

Value

The relative URL sent in the request.

Headers

Summary

Gets the headers sent in the request.

Value

The headers sent in the request.

QueryString

Summary

Gets the queryString sent in the request as key/value pairs.

Value

The queryString sent in the request as key/value pairs.

Cookies

Summary

Gets the cookies sent in the request.

Value

The cookies sent in the request.

UserAgent

Summary

Gets the caller agent information from the request.

Value

The caller agent information from the request.

ControllerName

Summary

Gets the name of the controller that contains the requested action.

Value

The name of the controller that contains the requested action.

ActionName

Summary

Gets the method name of the requested action.

Value

The method name of the requested action.

Methods

GetCallerIp()

Summary

Gets the Remote IP of the caller.

Returns

The Remote IP of the caller.

Parameters

This method has no parameters.

Remarks

The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.

GetRawBody()

Summary

Gets the body (raw) from the request.

Returns

The body (raw) from the request.

Parameters

This method has no parameters.

GetRawBodyAsync()

Summary

Gets the body (raw) from the request.

Returns

The body (raw) from the request.

Parameters

This method has no parameters.

GetRawBodyAsync(cancellationToken)

Summary

Gets the body (raw) from the request.

Returns

The body (raw) from the request.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

IsMarkedWith(feature,verb)

Summary

Determines whether the requested operation is marked with the specified feature.

Returns

true if the requested operation is marked with the specified feature; otherwise, false.

Parameters
Name Type Description
feature ASPSecurityKit.RequestFeature The feature to check.
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetDisabledReason(verb)

Summary

Gets the reason of why action is disabled.

Returns

The reason of why action is disabled.

Parameters
Name Type Description
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetEntityCode()

Summary

Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.

Returns

The entity code for the requested operation.

Parameters

This method has no parameters.

Remarks

If AuthEntityAttribute is specified with a non-empty value, its Code is returned; otherwise, ControllerName is returned.

GetPermissionCode()

Summary

Gets the permissionCode for the requested operation.

Returns

The permissionCode for the requested operation.

Parameters

This method has no parameters.

WriteToResponse(failureReason,failureDescription,errors)

Summary

Writes the security check failure details to the response. See remarks for more details.

Parameters
Name Type Description
failureReason ASPSecurityKit.OpResult The failure reason.
failureDescription System.String The failure description.
errors System.Collections.Generic.List{ASPSecurityKit.AuthError} The detailed/additional error information to aid in troubleshooting.
Remarks

Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.

WriteToResponse(content,statusCode,contentType)

Summary

Writes the specified content to the response along with its type and HTTP status code.

Parameters
Name Type Description
content System.String The text to be written to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
contentType System.String The content type. Default is ‘text/plain’.
Exceptions
Type Description
System.ArgumentNullException When either content or contentType is null/empty/whitespace.

WriteToResponse(model,statusCode)

Summary

Writes the specified model to the response serialized as JSON along with the specified HTTP status code.

Parameters
Name Type Description
model System.Object The model object to be serialized as JSON and writtent to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
Exceptions
Type Description
System.ArgumentNullException When model is null.

GetAttribute<T>()

Summary

Gets an attribute instance of the specified type from the requested action if defined; otherwise, null.

Returns

An attribute instance of the specified type from the requested action if defined; otherwise, null.

Parameters

This method has no parameters.

Generic Types
Name Description
T Type of the attribute.

GetParameterValue(parameterName)

Summary

Sync method not supported because CompositeValueProvider doesn’t support the same.

Returns

A value by the specified parameter name from the requested action.

Parameters
Name Type Description
parameterName System.String Name of the parameter.
Exceptions
Type Description
System.NotSupportedException Use GetParameterValueAsync instead.

GetParameterValueAsync(parameterName)

Summary

Gets a value by the specified parameter name from the requested action.

Returns

A value by the specified parameter name from the requested action.

Parameters
Name Type Description
parameterName System.String Name of the parameter.

GetParameterValueAsync(parameterName,cancellationToken)

Summary

Gets a value by the specified parameter name from the requested action.

Returns

A value by the specified parameter name from the requested action.

Parameters
Name Type Description
parameterName System.String Name of the parameter.
cancellationToken System.Threading.CancellationToken The cancellation token.

GetActionMethodInfo()

Summary

Gets the metadata for the requested action.

Returns

The metadata for the requested action.

Parameters

This method has no parameters.

GetActionParameters()

Summary

Gets the parameters for the requested action.

Returns

The action method parameters as key-value pairs.

Parameters

This method has no parameters.

Redirect(url)

Summary

Redirects to the specified URL.

Parameters
Name Type Description
url System.String The URL.

Summary

Adds the specified cookie to the response. If the cookie already exists, it’ll be overridden.

Parameters
Name Type Description
cookie System.Net.Cookie The cookie.

ExpireCookie(name)

Summary

Sets an expired cookie in the response by the specified name if it exists in the request.

Returns

true if a cookie by the specified name was found in the request and set as expired in the response; otherwise, false.

Parameters
Name Type Description
name System.String The cookie name.

IsApiRequest()

Summary

Determines whether the request is a HTTP API request or not.

Returns

true if the request is HTTP API request; otherwise, false.

Parameters

This method has no parameters.

GetContainer()

Summary

Gets the DI container for the current request.

Returns

The DI container for the current request.

Parameters

This method has no parameters.

ValidateForXss()

Summary

Performs XS validation on the input data related to this request instance.

Parameters

This method has no parameters.

Exceptions
Type Description
ASPSecurityKit.Xss.XssDetectedException When XSS characters are found.
Remarks

The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.

GetPermissionCode(actionDescriptor)

Summary

Gets the permission code for the specified request.

Returns

The permission code.

Parameters
Name Type Description
actionDescriptor Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor The action descriptor.

GetCallerIpAsync()

Summary

Gets the Remote IP of the caller.

Returns

The Remote IP of the caller.

Parameters

This method has no parameters.

Remarks

The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.

GetCallerIpAsync(cancellationToken)

Summary

Gets the Remote IP of the caller.

Returns

The Remote IP of the caller.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.

IsMarkedWithAsync(feature,verb)

Summary

Determines whether the requested operation is marked with the specified feature.

Returns

true if the requested operation is marked with the specified feature; otherwise, false.

Parameters
Name Type Description
feature ASPSecurityKit.RequestFeature The feature to check.
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

IsMarkedWithAsync(feature,cancellationToken,verb)

Summary

Determines whether the requested operation is marked with the specified feature.

Returns

true if the requested operation is marked with the specified feature; otherwise, false.

Parameters
Name Type Description
feature ASPSecurityKit.RequestFeature The feature to check.
cancellationToken System.Threading.CancellationToken The cancellation token.
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetDisabledReasonAsync(verb)

Summary

Gets the reason of why action is disabled.

Returns

The reason of why action is disabled.

Parameters
Name Type Description
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetDisabledReasonAsync(verb,cancellationToken)

Summary

Gets the reason of why action is disabled.

Returns

The reason of why action is disabled.

Parameters
Name Type Description
verb System.Threading.CancellationToken The http verb (method). Null indicates to use the verb associated with the current request.
cancellationToken System.String The cancellation token.

GetEntityCodeAsync()

Summary

Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.

Returns

The entity code for the requested operation.

Parameters

This method has no parameters.

Remarks

If AuthEntityAttribute is specified with a non-empty value, its Code is returned; otherwise, ControllerName is returned.

GetEntityCodeAsync(cancellationToken)

Summary

Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.

Returns

The entity code for the requested operation.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

If AuthEntityAttribute is specified with a non-empty value, its Code is returned; otherwise, ControllerName is returned.

GetPermissionCodeAsync()

Summary

Gets the permissionCode for the requested operation.

Returns

The permissionCode for the requested operation.

Parameters

This method has no parameters.

GetPermissionCodeAsync(cancellationToken)

Summary

Gets the permissionCode for the requested operation.

Returns

The permissionCode for the requested operation.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

WriteToResponseAsync(failureReason,failureDescription,errors)

Summary

Writes the security check failure details to the response. See remarks for more details.

Parameters
Name Type Description
failureReason ASPSecurityKit.OpResult The failure reason.
failureDescription System.String The failure description.
errors System.Collections.Generic.List{ASPSecurityKit.AuthError} The detailed/additional error information to aid in troubleshooting.
Remarks

Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.

WriteToResponseAsync(failureReason,failureDescription,cancellationToken,errors)

Summary

Writes the security check failure details to the response. See remarks for more details.

Parameters
Name Type Description
failureReason ASPSecurityKit.OpResult The failure reason.
failureDescription System.String The failure description.
cancellationToken System.Threading.CancellationToken The cancellation token.
errors System.Collections.Generic.List{ASPSecurityKit.AuthError} The detailed/additional error information to aid in troubleshooting.
Remarks

Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.

WriteToResponseAsync(content,statusCode,contentType)

Summary

Writes the specified content to the response along with its type and HTTP status code.

Parameters
Name Type Description
content System.String The text to be written to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
contentType System.String The content type. Default is ‘text/plain’.
Exceptions
Type Description
System.ArgumentNullException When either content or contentType is null/empty/whitespace.

WriteToResponseAsync(content,cancellationToken,statusCode,contentType)

Summary

Writes the specified content to the response along with its type and HTTP status code.

Parameters
Name Type Description
content System.String The text to be written to the response.
cancellationToken System.Threading.CancellationToken The cancellation token.
statusCode System.Int32 The HTTP status code. Default is 200.
contentType System.String The content type. Default is ‘text/plain’.
Exceptions
Type Description
System.ArgumentNullException When either content or contentType is null/empty/whitespace.

WriteToResponseAsync(model,statusCode)

Summary

Writes the specified model to the response serialized as JSON along with the specified HTTP status code.

Parameters
Name Type Description
model System.Object The model object to be serialized as JSON and writtent to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
Exceptions
Type Description
System.ArgumentNullException When model is null.

WriteToResponseAsync(model,cancellationToken,statusCode)

Summary

Writes the specified model to the response serialized as JSON along with the specified HTTP status code.

Parameters
Name Type Description
model System.Object The model object to be serialized as JSON and writtent to the response.
cancellationToken System.Threading.CancellationToken The cancellation token.
statusCode System.Int32 The HTTP status code. Default is 200.
Exceptions
Type Description
System.ArgumentNullException When model is null.

GetActionMethodInfoAsync()

Summary

Gets the metadata for the requested action.

Returns

The metadata for the requested action.

Parameters

This method has no parameters.

GetActionMethodInfoAsync(cancellationToken)

Summary

Gets the metadata for the requested action.

Returns

The metadata for the requested action.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

GetActionParametersAsync()

Summary

Gets the parameters for the requested action.

Returns

The action method parameters as key-value pairs.

Parameters

This method has no parameters.

GetActionParametersAsync(cancellationToken)

Summary

Gets the parameters for the requested action.

Returns

The action method parameters as key-value pairs.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

ValidateForXssAsync()

Summary

Performs XS validation on the input data related to this request instance.

Parameters

This method has no parameters.

Exceptions
Type Description
ASPSecurityKit.Xss.XssDetectedException When XSS characters are found.
Remarks

The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.

ValidateForXssAsync(cancellationToken)

Summary

Performs XS validation on the input data related to this request instance.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
ASPSecurityKit.Xss.XssDetectedException When XSS characters are found.
Remarks

The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.

GetPermissionCodeAsync(actionDescriptor)

Summary

Gets the permission code for the specified request.

Returns

The permission code.

Parameters
Name Type Description
actionDescriptor Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor The action descriptor.

GetPermissionCodeAsync(actionDescriptor,cancellationToken)

Summary

Gets the permission code for the specified request.

Returns

The permission code.

Parameters
Name Type Description
actionDescriptor Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor The action descriptor.
cancellationToken System.Threading.CancellationToken The cancellation token.