public ApiMessageResult OnUserAuthorization(string nonceStr, string userToken, UserAuthenticateAttribute userAuthenticateAttribute) { //返回结果 var result = new ApiMessageResult() { Status = 0 }; if (!string.IsNullOrEmpty(userToken)) { if (!BLL.Sys.Implements.ApiSecurityService.CheckNonceStr(nonceStr, userToken)) { result.Status = EnumApiStatus.ApiRepeatedAccess; result.Msg = "非法请求(重复请求)"; return(result); } } #region //通过API正常登录,有usertoken的验证方式 //用户是否登录(根据userToken取用户信息) if (!BLL.Sys.Implements.ApiSecurityService.CheckUserTicket(userToken)) { result = new ApiMessageResult() { Status = EnumApiStatus.ApiUserNotLogin, Msg = "用户未登录" }; } else { var loginUser = ApiSecurityService.GetUserTicket(userToken); //扩展 药店用户,权限等同 用户 if (userAuthenticateAttribute != null && userAuthenticateAttribute.IsValidUserType && loginUser.UserType != userAuthenticateAttribute.UserType) { result = new ApiMessageResult() { Status = EnumApiStatus.ApiUserUnauthorized, Msg = "用户无权限访问" }; } else { //存入通过认证的登录用户信息 HttpContext.Current.Items["LoginUser"] = loginUser; } } #endregion return(result); }
public override void OnAuthorization(HttpActionContext actionContext) { var req = HttpContext.Current.Request; var userToken = getRequestParam("usertoken"); var encryptUserId = getRequestParam("userid"); if (!IsIgnoreUserAuthenticate(actionContext)) { var model = SecurityHelper.IsLogin(); if (model == null) { var result = new ApiMessageResult() { Status = EnumApiStatus.ApiUserNotLogin, Msg = "用户未登录" }; actionContext.Response = new HttpResponseMessage() { Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(result), Encoding.UTF8, "application/json") }; return; } } }