Beispiel #1
0
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            AllowAnonymousAttribute allowAnonymous = (context.ActionDescriptor as ControllerActionDescriptor).MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute), false) as AllowAnonymousAttribute;

            if (allowAnonymous == null)
            {
                const string prefix = "Bearer ";

                bool result = context.HttpContext.Request.Headers.TryGetValue("Authorization", out StringValues authorization);

                ResponseResult responseResult = CommonFactory.CreateResponseResult;

                //如果不包含授权信息
                if (!result)
                {
                    context.Result = new JsonResult(responseResult.Failed("未授权的访问")); return;
                }

                string info = authorization.ToString().Trim();

                //空字符  不包含Bearer
                if (string.IsNullOrWhiteSpace(info) || !info.Contains(prefix))
                {
                    context.Result = new JsonResult(responseResult.Failed("未授权的访问")); return;
                }

                //token错误
                if (!_authService.ValidateToken(info.Substring(prefix.Length)))
                {
                    context.Result = new JsonResult(responseResult.Failed("未授权的访问")); return;
                }
            }
        }
Beispiel #2
0
            private static IList <object> TranslateMetadata(ImmutableArray <object> metadata)
            {
                if (!metadata.IsDefaultOrEmpty)
                {
                    var translatedMetadata = new List <object>(metadata.Length);
                    foreach (var metadataEntry in metadata)
                    {
                        object translatedEntry = metadataEntry;
                        if (metadataEntry is RpcAuthorizeAttribute rpcAuthorize)
                        {
                            translatedEntry = new AuthorizeAttribute
                            {
                                AuthenticationSchemes = rpcAuthorize.AuthenticationSchemes,
                                Policy = rpcAuthorize.Policy,
                                Roles  = rpcAuthorize.Roles
                            };
                        }
                        else if (metadataEntry is RpcAllowAnonymousAttribute rpcAllowAnonymous)
                        {
                            translatedEntry = new AllowAnonymousAttribute();
                        }

                        translatedMetadata.Add(translatedEntry);
                    }

                    return(translatedMetadata);
                }

                return(Array.Empty <object>());
            }
Beispiel #3
0
        public void AuthUserAsync_should_have_allow_anonymous_attribute()
        {
            // Assert
            Type       controllerType = typeof(AuthController);
            MethodBase methodBase     = controllerType.GetMethod(nameof(_authController.AuthUserAsync));
            AllowAnonymousAttribute anonymousAttribute = methodBase.GetCustomAttribute <AllowAnonymousAttribute>();

            Assert.IsTrue(anonymousAttribute != null);
        }
        public When_Data_Import_Controller_Index_Action_Allow_Anonymous_Attribute()
        {
            const BindingFlags flags = BindingFlags.Instance | BindingFlags.Static | BindingFlags.Public;

            var methodInfos = typeof(DataImportController)
                              .GetMember(nameof(DataImportController.Index), MemberTypes.Method, flags)
                              .Cast <MethodInfo>().ToList();

            _allowAnonymousAttributeGet  = methodInfos[0].GetCustomAttribute <AllowAnonymousAttribute>();
            _allowAnonymousAttributePost = methodInfos[1].GetCustomAttribute <AllowAnonymousAttribute>();
        }
Beispiel #5
0
        public void Index_Allows_AnonymousAccess()
        {
            // Arrange
            MethodInfo methodInfo = typeof(HomeController).GetMethod("Index");

            object[] actualAttrs = methodInfo.GetCustomAttributes(typeof(AllowAnonymousAttribute), inherit: true);

            // Act
            AllowAnonymousAttribute actualAttr = actualAttrs.Single() as AllowAnonymousAttribute;

            // Assert
            Assert.NotNull(actualAttr);
        }
Beispiel #6
0
        /// <summary>
        /// Sets the value of <see cref="RequiresAuthorization"/> and <see cref="AuthorizeAttribute"/>
        /// </summary>
        protected void SetAuthorizationInfo()
        {
            AuthorizeAttribute      authAttribute      = Method.GetCustomAttribute <AuthorizeAttribute>() ?? Method.DeclaringType.GetCustomAttribute <AuthorizeAttribute>();
            AllowAnonymousAttribute anonymousAttribute = Method.GetCustomAttribute <AllowAnonymousAttribute>();

            bool requireAuth = authAttribute != null;

            if (anonymousAttribute != null)
            {
                requireAuth = false;
            }

            RequiresAuthorization = requireAuth;
            AuthorizeAttribute    = requireAuth ? authAttribute : null;
        }
Beispiel #7
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            //如果用户方法的Action带有AllowAnonymousAttribute,则不进行授权验证
            ControllerActionDescriptor descriptor = context.ActionDescriptor as ControllerActionDescriptor;
            AllowAnonymousAttribute    allowAnonymousAttribute = descriptor.MethodInfo.GetCustomAttribute <AllowAnonymousAttribute>(false);

            if (allowAnonymousAttribute != null)
            {
                await next();

                return;
            }
            else
            {
                string token = context.HttpContext.Request.Headers["Authorization"];
                if (string.IsNullOrWhiteSpace(token))
                {
                    //throw new ValidException("无效的Token!");
                    token = context.HttpContext.Request.Headers["Token"];
                }
                //if (!string.IsNullOrWhiteSpace(token))
                //{
                //    var tokenHash = this.encryptionService.CreateHash(token, "SHA1");

                //    var userToken = await RedisHelper.GetAsync($"token_{tokenHash}");

                //    if (token == userToken)
                //    {
                //        await RedisHelper.SetAsync($"token_{tokenHash}", token, 60 * 60 * 24);
                //    }
                //    else
                //    {
                //        throw new ValidException("Token验证失败!");
                //    }
                //}
                else
                {
                    throw new ValidException("无效的Token!");
                }

                await next();
            }
        }
        public static IEndpointConventionBuilder AddKubernetesProbes(
            this IEndpointRouteBuilder endpoints,
            int probePort)
        {
            if (endpoints is null)
            {
                throw new ArgumentNullException(nameof(endpoints));
            }

            string host           = $"*:{(probePort > 0 ? $"{probePort}" : "*")}";
            var    allowAnonymous = new AllowAnonymousAttribute();

            endpoints
            .MapHealthChecks("healthz/ready")
            .RequireHost(host)
            .WithMetadata(allowAnonymous);
            return(endpoints
                   .MapHealthChecks("healthz/live")
                   .RequireHost(host)
                   .WithMetadata(allowAnonymous));
        }
        public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
        {
            AllowAnonymousAttribute allowAnonymousAttribute = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().FirstOrDefault();

            if (allowAnonymousAttribute != null)
            {
                return(Task.FromResult <object>(null));
            }

            if (actionContext.Request.Headers.Contains(AUTH_TOKEN))
            {
                var authToken = actionContext.Request.Headers.GetValues(AUTH_TOKEN).First();
                var user      = DbUtility.GetUserByToken(authToken);

                if (user != null)
                {
                    var userModel = new UserModel()
                    {
                        Id = user.Id, Username = user.Username, Token = authToken
                    };
                    var principal = new UserPrincipal(userModel);
                    SetPrincipal(principal);
                    return(Task.FromResult <object>(null));
                }
                else
                {
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                    return(Task.FromResult <object>(null));
                }
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                return(Task.FromResult <object>(null));
            }
        }