public ApiMessageResult OnUserAuthorization(string nonceStr, string userToken,
UserAuthenticateAttribute userAuthenticateAttribute)
{
//返回结果
var result = new ApiMessageResult()
{
Status = 0
};
if (!string.IsNullOrEmpty(userToken))
{
if (!BLL.Sys.Implements.ApiSecurityService.CheckNonceStr(nonceStr, userToken))
{
result.Status = EnumApiStatus.ApiRepeatedAccess;
result.Msg = "非法请求(重复请求)";
return(result);
}
}
#region //通过API正常登录,有usertoken的验证方式
//用户是否登录(根据userToken取用户信息)
if (!BLL.Sys.Implements.ApiSecurityService.CheckUserTicket(userToken))
{
result = new ApiMessageResult()
{
Status = EnumApiStatus.ApiUserNotLogin, Msg = "用户未登录"
};
}
else
{
var loginUser = ApiSecurityService.GetUserTicket(userToken);
//扩展 药店用户,权限等同 用户
if (userAuthenticateAttribute != null &&
userAuthenticateAttribute.IsValidUserType &&
loginUser.UserType != userAuthenticateAttribute.UserType)
{
result = new ApiMessageResult()
{
Status = EnumApiStatus.ApiUserUnauthorized, Msg = "用户无权限访问"
};
}
else
{
//存入通过认证的登录用户信息
HttpContext.Current.Items["LoginUser"] = loginUser;
}
}
#endregion
return(result);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var req = HttpContext.Current.Request;
var userToken = getRequestParam("usertoken");
var encryptUserId = getRequestParam("userid");
if (!IsIgnoreUserAuthenticate(actionContext))
{
var model = SecurityHelper.IsLogin();
if (model == null)
{
var result = new ApiMessageResult()
{
Status = EnumApiStatus.ApiUserNotLogin, Msg = "用户未登录"
};
actionContext.Response = new HttpResponseMessage()
{
Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(result), Encoding.UTF8, "application/json")
};
return;
}
}
}
