Namespace DataWeb.Filter
Classes
DataWebAuthorizeAttribute
Represents an attribute that is used to restrict access to controllers and actions
requiring DataWeb authentication. Unauthenticated requests receive 401 Unauthorized;
authenticated users without the IsDataWeb flag also receive 401 Unauthorized
(consider using 403 Forbidden for semantic correctness in that case).
DataWebAuthorizeAttribute.DataWebAuthorizeFilter
Authorization filter created by DataWebAuthorizeAttribute via TypeFilterAttribute. Enforces two checks:
- The user must be authenticated (IsAuthenticated).
- The user must be a DataWeb user (IsDataWeb).
DisableHotlinkingAttribute
Action filter attribute that prevents hotlinking of images by inspecting the Referer header.
When a request originates from an external domain, the original image is replaced with a
placeholder image (wwwroot/images/hotlinking.png), or a 404 Not Found if the
placeholder is missing.
DisableHotlinkingAttribute.DisableHotlinkingFilter
Authorization filter created by DisableHotlinkingAttribute via TypeFilterAttribute.
Resolves IHttpService from the request service container to obtain the application base URL,
then compares it against the Referer header to determine whether the request originates
from an external domain.
NavigationAuthorizeAttribute
Authorization attribute that verifies whether the current user is allowed to access
the navigation node identified by the nav query parameter (or the legacy inav parameter).
When authorization fails, the response is either an HTTP status code or a redirect to the access-denied page,
depending on the configured NavigationAuthorizeAttribute.ResponseMode.
NavigationAuthorizeAttribute.NavigationAuthorizeFilter
Authorization filter created by NavigationAuthorizeAttribute via TypeFilterAttribute.
Resolves the navigation node from the nav query parameter and delegates permission
checking to GetNavigationContextAsync(Navigation, IUser, CancellationToken).
SharedKeyAuthorizeAttribute
A custom authorization attribute for checking shared key authorization.
SharedKeyAuthorizeAttribute.SharedKeyAuthorizeFilter
A filter for checking shared key authorization.
StagingAuthorizeAttribute
Authorization attribute that restricts access to actions in a staging environment.
When AppSettings.Staging.IsStagingArea is false the filter is a no-op and all requests pass through.
When staging is active, access is granted only to requests carrying valid staging credentials,
validated either via an encrypted cookie (Cookie) or a shared key header (HeaderKey).
StagingAuthorizeAttribute.StagingAuthorizeFilter
Authorization filter created by StagingAuthorizeAttribute via TypeFilterAttribute.
Skips all checks when AppSettings.Staging.IsStagingArea is false.
ValidateModelAttribute
A custom action filter attribute for validating the model state of the action.
ValidateModelAttribute.ValidateModelFilter
Action filter created by ValidateModelAttribute via TypeFilterAttribute.
Short-circuits the pipeline with 400 Bad Request when IsValid is false,
returning the full ModelStateDictionary as the response body.
Enums
DataWebAuthorizeAttribute.ResponseMode
Defines the available response modes when authorization fails.
- StatusCode — returns an HTTP status code (default).
- Redirect — redirects to the login page, preserving the original URL as a
returnurlquery parameter.
NavigationAuthorizeAttribute.ResponseErrorCode
Defines the HTTP error status code returned when authorization fails and StatusCode is active.
NavigationAuthorizeAttribute.ResponseMode
Defines how the filter responds when authorization fails.
- StatusCode — returns an HTTP status code (default).
- Redirect — redirects to the access-denied page, preserving the original URL as a
returnurlquery parameter.
StagingAuthorizeAttribute.ValidationMode
Defines how the filter validates staging credentials.