/// <summary>
/// 重写验证
/// </summary>
/// <param name="httpContext"></param>
/// <returns>是否验证成功</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
PrincipalUser principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
if (principalUser != null)
{
HttpContext.Current.User = principalUser;
return(true);
}
return(false);
}
/// <summary>
/// 日志记录
/// </summary>
/// <param name="folderName">文件夹名字</param>
/// <param name="message">内容</param>
/// <param name="fileName">文件名(不带后缀)</param>
/// <param name="path">保存文件地址</param>
public static void WriteLog(string folderName,
string message,
string fileName,
string path)
{
try
{
PrincipalUser principalUser = new PrincipalUser()
{
Name = "匿名用户",
UserId = Guid.Empty
};
var current = HttpContext.Current;
if (current != null)
{
principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
}
if (principalUser == null)
{
principalUser = new PrincipalUser()
{
Name = "匿名用户",
UserId = Guid.Empty
};
}
var strPath = string.IsNullOrEmpty(path) ? LogPath : path;
strPath = strPath + folderName + "\\" + DateTime.Now.ToString("yyyy-MM-dd");
lock (Lock)
{
var strFilename = strPath + "\\" + fileName + ".txt";
if (!Directory.Exists(strPath))
{
Directory.CreateDirectory(strPath);
}
var layout = new PatternLayout("%m%n");
var appender = new FileAppender(layout, strFilename, true);
BasicConfigurator.Configure(appender);
var log = log4net.LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
log.Info(
"</br>----------------------------------------------</br>\r\n" +
DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + " " + principalUser.Name + "(" + principalUser.UserId + ")" + "</br>\r\n" + message);
log4net.LogManager.Shutdown();
}
}
catch
{
throw new Exception("日志记录失败");
}
}
public async Task <JsonResult> Submit(UserLoginInput input)
{
var operateStatus = new OperateStatus();
try
{
//获取生成验证码的结果值
var verifyCode = VerifyCodeUtil.GetVerifyCode();
//判断录入验证码和生成的验证码值是否相等
if (input.Verify != verifyCode)
{
operateStatus.ResultSign = ResultSign.Error;
operateStatus.Message = "验证码错误";
return(Json(operateStatus));
}
//验证数据库信息
var info = await _userInfoLogic.CheckUserByCodeAndPwd(input);
if (info.Data != null)
{
var principalUser = new PrincipalUser
{
UserId = info.Data.UserId,
Code = info.Data.Code,
Name = info.Data.Name,
OrganizationId = info.Data.OrganizationId,
OrganizationName = info.Data.OrganizationName
};
principalUser.LoginId = Guid.NewGuid();
//写入Cookie信息
FormAuthenticationExtension.SetAuthCookie(principalUser.UserId.ToString(), principalUser, input.Remberme);
//是否具有返回路径
if (Url.IsLocalUrl(input.ReturnUrl) && input.ReturnUrl.Length > 1 && input.ReturnUrl.StartsWith("/") &&
!input.ReturnUrl.StartsWith("//") && !input.ReturnUrl.StartsWith("/\\"))
{
info.ResultSign = ResultSign.Successful;
info.Message = input.ReturnUrl;
}
//写入日志
WriteLoginLog(principalUser.LoginId);
}
return(Json(info));
}
catch (Exception ex)
{
operateStatus.Message = ex.Message;
return(Json(operateStatus));
}
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="exception">错误信息</param>
public ExceptionLogHandler(Exception exception)
: base("ExceptionLogToDatabase")
{
PrincipalUser principalUser = new PrincipalUser
{
Name = "匿名用户",
UserId = Guid.Empty
};
var current = HttpContext.Current;
if (current != null)
{
principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
}
if (principalUser == null)
{
principalUser = new PrincipalUser()
{
Name = "匿名用户",
UserId = Guid.Empty
};
}
log = new ExceptionLog
{
CreateTime = DateTime.Now,
Message = exception.Message,
StackTrace = exception.StackTrace,
ExceptionType = exception.GetType().FullName,
CreateUserCode = principalUser.Code,
CreateUserName = principalUser.Name,
ServerHost = String.Format("{0}【{1}】", IpBrowserUtil.GetServerHost(), IpBrowserUtil.GetServerHostIp()),
ClientHost = String.Format("{0}", IpBrowserUtil.GetClientIp()),
Runtime = "Web"
};
//获取服务器信息
var request = HttpContext.Current.Request;
log.RequestUrl = string.Format("{0} ", request.Url);
log.HttpMethod = request.HttpMethod;
log.UserAgent = request.UserAgent;
var inputStream = request.InputStream;
var streamReader = new StreamReader(inputStream);
var requestData = HttpUtility.UrlDecode(streamReader.ReadToEnd());
log.RequestData = requestData;
log.InnerException = exception.InnerException != null?GetExceptionFullMessage(exception.InnerException) : "";
}
/// <summary>
/// 重写Controller,此处可写入登录日志
/// </summary>
/// <param name="requestContext">上下文对象</param>
protected override void Initialize(RequestContext requestContext)
{
base.Initialize(requestContext);
//从Cookie里面获取用户信息
CurrentUser = FormAuthenticationExtension.Current(SystemWeb.HttpContext.Current.Request);
if (CurrentUser != null)
{
_operationLogHandler = new OperationLogHandler(Request)
{
log =
{
CreateUserCode = CurrentUser.Code,
CreateUserName = CurrentUser.Name
}
};
}
}
public async Task <RedirectResult> Logout()
{
//获取当前用户信息
var currentUser = FormAuthenticationExtension.Current(SystemWeb.HttpContext.Current.Request);
if (currentUser != null)
{
var loginLog = await _loginLogLogic.GetByIdAsync(currentUser.LoginId);
if (loginLog != null)
{
loginLog.LoginOutTime = DateTime.Now;
var timeSpan = (TimeSpan)(loginLog.LoginOutTime - loginLog.LoginTime);
loginLog.StandingTime = timeSpan.TotalHours;
await _loginLogLogic.UpdateAsync(loginLog);
}
}
FormAuthenticationExtension.SignOut();
return(Redirect("/Account/Login"));
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="loginLogId">登录Id</param>
public LoginLogHandler(Guid loginLogId)
: base("LoginLogToDatabase")
{
PrincipalUser principalUser = new PrincipalUser
{
Name = "匿名用户",
UserId = Guid.Empty
};
var current = HttpContext.Current;
if (current != null)
{
principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
}
if (principalUser == null)
{
principalUser = new PrincipalUser()
{
Name = "匿名用户",
UserId = Guid.Empty
};
}
var request = HttpContext.Current.Request;
log = new LoginLog
{
LoginLogId = loginLogId,
CreateUserId = principalUser.UserId,
CreateUserCode = principalUser.Code ?? "",
CreateUserName = principalUser.Name,
ServerHost = String.Format("{0}【{1}】", IpBrowserUtil.GetServerHost(), IpBrowserUtil.GetServerHostIp()),
ClientHost = String.Format("{0}", IpBrowserUtil.GetClientIp()),
UserAgent = request.Browser.Browser + "【" + request.Browser.Version + "】",
OsVersion = IpBrowserUtil.GetOsVersion(),
LoginTime = DateTime.Now,
IpAddressName = IpBrowserUtil.GetAddressByApi()
};
//根据提供的api接口获取登录物理地址:http://whois.pconline.com.cn/
}
/// <summary>
/// 构造函数
/// </summary>
public SqlLogHandler(string operateSql,
DateTime endDateTime,
double elapsedTime,
string parameter
)
: base("SqlLogToDatabase")
{
PrincipalUser principalUser = new PrincipalUser
{
Name = "匿名用户",
UserId = Guid.Empty
};
var current = HttpContext.Current;
if (current != null)
{
principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
}
if (principalUser == null)
{
principalUser = new PrincipalUser()
{
Name = "匿名用户",
UserId = Guid.Empty
};
}
log = new SqlLog
{
SqlLogId = CombUtil.NewComb(),
CreateTime = DateTime.Now,
CreateUserId = principalUser.UserId,
CreateUserCode = principalUser.Code,
CreateUserName = principalUser.Name,
OperateSql = operateSql,
ElapsedTime = elapsedTime,
EndDateTime = endDateTime,
Parameter = parameter
};
}
/// <summary>
/// 构造函数
/// </summary>
public DataLogHandler(byte operateType,
string operateTable,
string operateData = null,
string operateAfterData = null)
: base("DataLogToDatabase")
{
PrincipalUser principalUser = new PrincipalUser
{
Name = "匿名用户",
UserId = Guid.Empty
};
var current = HttpContext.Current;
if (current != null)
{
principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
}
if (principalUser == null)
{
principalUser = new PrincipalUser()
{
Name = "匿名用户",
UserId = Guid.Empty
};
}
log = new DataLog()
{
OperateType = operateType,
OperateTable = operateTable,
OperateData = operateData,
OperateAfterData = operateAfterData,
CreateTime = DateTime.Now,
CreateUserId = principalUser.UserId,
CreateUserCode = principalUser.Code,
CreateUserName = principalUser.Name,
DataLogId = CombUtil.NewComb()
};
}
/// <summary>
/// 执行方法前进入该重置方法
/// 1、一个帐号只能在一个地方登录
/// 2、权限验证
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//获取当前登录人员信息
PrincipalUser currentUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
#region 是否具有忽略验证特性
//是否具有忽略特性:若有忽略特性则不进行其他的验证
if (filterContext.ActionDescriptor.IsDefined(typeof(IgnoreAttribute), false))
{
return;
}
#endregion
#region 一个帐号只能在一个浏览器登录
if (GlobalParams.Get("loginOnce").ToString() == "是")
{
//如果当前登录人员信息不为空
if (currentUser != null)
{
//检查对应登录状态缓存是否为空
if (HttpRuntime.Cache[currentUser.Code] != null)
{
if (filterContext.HttpContext.Session != null &&
HttpRuntime.Cache[currentUser.Code].ToString() !=
filterContext.HttpContext.Session.SessionID)
{
//清空Session
filterContext.HttpContext.Session.Remove(currentUser.Code);
//清空Cookie
FormAuthenticationExtension.SignOut();
//跳转强制下线界面
ErrorRedirect(filterContext, "/Error/HaveLogin");
}
}
//否则重新赋值Cache
else
{
if (filterContext.HttpContext.Session != null)
{
filterContext.HttpContext.Session[currentUser.Code] = currentUser.UserId;
HttpRuntime.Cache[currentUser.Code] = filterContext.HttpContext.Session.SessionID;
}
}
}
}
#endregion
#region 用户是否登录
PrincipalUser principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request);
if (principalUser == null)
{
ErrorRedirect(filterContext, "/Error/ReturnToLogin");
return;
}
#endregion
#region 是否具有HttpPost/HttpGet请求验证
var isAjaxRequest = filterContext.HttpContext.Request.IsAjaxRequest();
#endregion
#region 验证该方法是否需要进行权限验证
//todo:1、获取用户信息。2、从缓存中获取该用户权限,若没有数据则从数据库中重新拉取(有可能缓存失效),再将权限数据填充到缓存中。
//配置的当前系统代码
string appCode = ConfigurationManager.AppSettings["AppCode"];
//区域
string area = string.Empty;
//控制器
string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
//方法
string action = filterContext.ActionDescriptor.ActionName;
var routeData = filterContext.RequestContext.RouteData;
if (routeData.DataTokens["area"] != null)
{
area = routeData.DataTokens["area"].ToString();
}
//调用Api接口查看是否具有该权限
string apiUrl = ConfigurationManager.AppSettings["SolutionApiUrl"];
//是否为Ajax请求,若是Ajax请求则不进行界面验证(此处只验证视图)
if (!isAjaxRequest)
{
if (currentUser != null)
{
//string request = RequestUtil.SendPostRequest(apiUrl + "api/System/Permission/GetSystemPermissionsMvcRote",
//"UserId=" + currentUser.UserId + "&AppCode=" + appCode + "&Area=" + area + "&Controller=" + controller + "&Action=" + action);
//OperateStatus operateStatus = request.Deserialize<OperateStatus>();
//if (operateStatus.ResultSign == ResultSign.Error)
//{
// //ErrorRedirect(filterContext, "/Error/Warn");
//}
}
}
#endregion
}
