使用Ninject注入的自定义IAuthorizationFilter会停止执行其他ActionFilterAttrib

在我正在处理的项目中，有两个自定义ActionFilterAttribute类，它们是使用ninjects BindFilter注入的：

        kernel.BindFilter<LogErrorsAttribute>(FilterScope.Last, 0);
        kernel.BindFilter<CriticalErrorAttribute>(FilterScope.Last, 1);

这些一直运行良好。

我创建了一个自定义的IAuthorizationFilter过滤器，它也使用BindFilter:注入

        kernel.BindFilter<AuthorizationFilter>(FilterScope.Action, null).WhenActionMethodHas<Authorise>().WithPropertyValueFromActionAttribute<Authorise>("Roles", n => n.Roles).WithPropertyValueFromActionAttribute<Authorise>("Years", n => n.Years);

就其本身而言，这也很好。

我刚刚发现，如果我将Authorise标记应用于一个操作，那么两个自定义ActionFilterAttribute类将不再被调用。

我不明白为什么会发生这种事。我的自定义IAuthorizationFilter如下所示：

public class AuthorizationFilter : IAuthorizationFilter
{
    private readonly string[] RolesHaveAccessToApplication;
    public AuthorizationFilter()
    {
        //put roles which should allow user to see application, hardcoded for now, but later
        //this can be generated from the database
        var configRoles = ConfigurationManager.AppSettings["ApplicationRoles"];
        if(string.IsNullOrEmpty(configRoles))
            throw new Exception("The ApplicationRoles value has not been defined in the web.config file.");
        RolesHaveAccessToApplication = configRoles.Split(',');
    }
    [Inject]
    public IUserServices userService { get; set; }
    public string Roles { get; set; }
    public string Years { get; set; }

    protected bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (!httpContext.Request.IsAuthenticated)
            return false;

        if(!Roles.HasContent() && !Years.HasContent())
        {
            return RolesHaveAccessToApplication.Any(role => RolesHaveAccessToApplication.Any(n => n == role));
        }
        var AuthenticatedUserRoles = System.Web.Security.Roles.GetRolesForUser();
        bool isAuthorised = false;
        //first, lets check against to see if the user has any roles related to the application
        isAuthorised = RolesHaveAccessToApplication.Any(role => AuthenticatedUserRoles.Any(n => n == role));
        //if they don't, we throw them to access denied page
        if (!isAuthorised)
            return false;
        #region CheckRoles
        if (!string.IsNullOrEmpty(Roles) && AuthenticatedUserRoles.HasContent())
        {
            var authRoles = Roles.Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries);
            isAuthorised = authRoles.Any(role => AuthenticatedUserRoles.Any(n => n == role));
        }
        #endregion
        #region CheckYears
        if (!string.IsNullOrEmpty(Years) && AuthenticatedUserRoles.HasContent())
        {

            if (AuthenticatedUserRoles.Any(n => n == "Student"))
            {
                var yearRoles = Years.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                var user = userService.FetchUser(httpContext.User.Identity.Name);
                if (user != null)
                {
                    isAuthorised = yearRoles.Any(n => n == user.Year);
                }
            }
        }
        #endregion
        return isAuthorised;
    }
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        if(filterContext == null)
            throw new Exception("filtercontext is null");
        if (!filterContext.HttpContext.Request.IsAuthenticated)
            HandleUnauthorizedRequest(filterContext);
            if (AuthorizeCore(filterContext.HttpContext))
                SetCachePolicy(filterContext);
            else
                HandleUnauthorizedRequest(filterContext);

    }
    protected void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAuthenticated)
            filterContext.Result = new RedirectResult(new UrlHelper(filterContext.RequestContext).Action("Denied", "Home", new {Area = ""}));// new ViewResult { ViewName = "~/Home/Denied", View = new RazorView("Home") //ViewData = viewData }; 
        else
            filterContext.Result = new HttpUnauthorizedResult();
    }
    protected void SetCachePolicy(AuthorizationContext filterContext)
    {
           ..snip..
    } 
}
//Used as a filter for actions, and ninject is configured to bind AuthorizationFilter to this
public class Authorise : ActionFilterAttribute
{
    public string Roles { get; set; }
    public string Years { get; set; }
}

如有任何帮助，我们将不胜感激。

编辑：

这是其他过滤器之一：

public class CriticalErrorAttribute : ActionFilterAttribute
{
    [Inject]
    public IErrorServices ErrorService { private get; set; }
    public override void OnActionExecuted(ActionExecutedContext filterContext)
    {            //if the request is an ajax request, we don't want a redirect to happen
        //the controller dealing with the ajax request can fetch the critical
        //errors and pass them back to the user for display
        if (!filterContext.HttpContext.Request.IsAjaxRequest())
        {
            var criticalErrors = ErrorService.FetchCriticalErrors();
            if (criticalErrors.HasContent())
            {
                var helper = new UrlHelper(filterContext.RequestContext);
                var url = helper.Action("Error", "Home", new { area = "" });
                filterContext.Controller.TempData["CriticalErrorList"] = criticalErrors;
                filterContext.Result = new RedirectResult(url);
            }
        }
        base.OnActionExecuted(filterContext);
    }
}

如果域对象不能水合，它将记录一个严重错误。此筛选器检查此类错误，如果出现错误，则会将用户引导到错误页面。

已解决：

原来Darin是对的！但我的过滤器配置隐藏了这个问题。首先，我在导航项上有[Authorise]，其次，我将CriticalErrorAttribute绑定到每个操作。因此，每次构建菜单（欢迎、左侧、导航、子菜单）时，这个过滤器都会启动。在这个筛选器调用链的某个时刻，结果被应用到filterContext.Result-后面的结果隐藏了前面的（正确的）结果。

为了克服这个问题，我将CriticalErrorAttribute的BindFilter配置行调整为：

kernel.BindFilter<CriticalErrorAttribute>(FilterScope.Last, 0).When( (context, ad) =>
context.RouteData.DataTokens["action"] != null && context.RouteData.DataTokens["action"] !=
"Error" && context.RouteData.DataTokens["controller"] != "Navigation");

现在一切都很顺利！

filterContext.Result = ...