DataWeb
Search Results for

    Show / Hide Table of Contents

    Namespace DataWeb.Filter

    Classes

    DataWebAuthorizeAttribute

    Represents an attribute that is used to restrict access to controllers and actions requiring DataWeb authentication. Unauthenticated requests receive 401 Unauthorized; authenticated users without the IsDataWeb flag also receive 401 Unauthorized (consider using 403 Forbidden for semantic correctness in that case).

    DataWebAuthorizeAttribute.DataWebAuthorizeFilter

    Authorization filter created by DataWebAuthorizeAttribute via TypeFilterAttribute. Enforces two checks:

    1. The user must be authenticated (IsAuthenticated).
    2. The user must be a DataWeb user (IsDataWeb).

    DisableHotlinkingAttribute

    Action filter attribute that prevents hotlinking of images by inspecting the Referer header. When a request originates from an external domain, the original image is replaced with a placeholder image (wwwroot/images/hotlinking.png), or a 404 Not Found if the placeholder is missing.

    DisableHotlinkingAttribute.DisableHotlinkingFilter

    Authorization filter created by DisableHotlinkingAttribute via TypeFilterAttribute. Resolves IHttpService from the request service container to obtain the application base URL, then compares it against the Referer header to determine whether the request originates from an external domain.

    NavigationAuthorizeAttribute

    Authorization attribute that verifies whether the current user is allowed to access the navigation node identified by the nav query parameter (or the legacy inav parameter). When authorization fails, the response is either an HTTP status code or a redirect to the access-denied page, depending on the configured NavigationAuthorizeAttribute.ResponseMode.

    NavigationAuthorizeAttribute.NavigationAuthorizeFilter

    Authorization filter created by NavigationAuthorizeAttribute via TypeFilterAttribute. Resolves the navigation node from the nav query parameter and delegates permission checking to GetNavigationContextAsync(Navigation, IUser, CancellationToken).

    SharedKeyAuthorizeAttribute

    A custom authorization attribute for checking shared key authorization.

    SharedKeyAuthorizeAttribute.SharedKeyAuthorizeFilter

    A filter for checking shared key authorization.

    StagingAuthorizeAttribute

    Authorization attribute that restricts access to actions in a staging environment. When AppSettings.Staging.IsStagingArea is false the filter is a no-op and all requests pass through. When staging is active, access is granted only to requests carrying valid staging credentials, validated either via an encrypted cookie (Cookie) or a shared key header (HeaderKey).

    StagingAuthorizeAttribute.StagingAuthorizeFilter

    Authorization filter created by StagingAuthorizeAttribute via TypeFilterAttribute. Skips all checks when AppSettings.Staging.IsStagingArea is false.

    ValidateModelAttribute

    A custom action filter attribute for validating the model state of the action.

    ValidateModelAttribute.ValidateModelFilter

    Action filter created by ValidateModelAttribute via TypeFilterAttribute. Short-circuits the pipeline with 400 Bad Request when IsValid is false, returning the full ModelStateDictionary as the response body.

    Enums

    DataWebAuthorizeAttribute.ResponseMode

    Defines the available response modes when authorization fails.

    • StatusCode — returns an HTTP status code (default).
    • Redirect — redirects to the login page, preserving the original URL as a returnurl query parameter.

    NavigationAuthorizeAttribute.ResponseErrorCode

    Defines the HTTP error status code returned when authorization fails and StatusCode is active.

    • Forbidden — returns 403 Forbidden (default).
    • NotFound — returns 404 Not Found, useful to hide the existence of a resource.

    NavigationAuthorizeAttribute.ResponseMode

    Defines how the filter responds when authorization fails.

    • StatusCode — returns an HTTP status code (default).
    • Redirect — redirects to the access-denied page, preserving the original URL as a returnurl query parameter.

    StagingAuthorizeAttribute.ValidationMode

    Defines how the filter validates staging credentials.

    • Cookie — validates an encrypted cookie named stg (default). Unauthenticated requests are redirected to the staging login page.
    • HeaderKey — validates the X-StagingKey request header against AppSettings.Staging.StagingPassword using constant-time comparison. Invalid requests receive 403 Forbidden.
    In this article
    Back to top Generated by DocFX