public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
var request = context.Request;
var authorization = request.Headers.Authorization;
// 如果没认证信息,或类型不同,放弃
if (authorization == null || authorization.Scheme != "Basic")
{
return;
}
// 没有认证参数~ 放弃
if (string.IsNullOrEmpty(authorization.Parameter))
{
context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request);
return;
}
// 解析用户名密码失败~ 放弃
var userNameAndPasword = ExtractUserNameAndPassword(authorization.Parameter);
if (userNameAndPasword == null)
{
context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request);
return;
}
var email = userNameAndPasword.Item1;
var password = userNameAndPasword.Item2;
// 查询登录的用户是谁
var db = new GreatSQLContext();
var userQuery = from u in db.Users
where u.Email == email && u.Password == password
select u;
var user = await userQuery.FirstOrDefaultAsync(cancellationToken);
// 找不到?放弃
if (user == null)
{
context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request);
return;
}
// var a = new ClaimsPrincipal(new[] { new ClaimsIdentity(new [] { new Claim(ClaimTypes.Name, user.Name) }, "Basic") });
// 最终认证成功,记录授权和认证信息
context.Principal = new SimplePrincipal
{
Identity = new SimpleIdentity
{
Name = user.Email,
AuthenticationType = "Basic",
IsAuthenticated = true,
User = user
}
};
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken,
Func <Task <HttpResponseMessage> > continuation)
{
// 尝试获取认证后获得的授权信息
var simplePrincipal = actionContext.RequestContext.Principal as SimplePrincipal;
if (simplePrincipal == null)
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "No Authentication"
}
}
;
var id = simplePrincipal.Identity as SimpleIdentity;
if (id == null)
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "No Authentication"
}
}
;
var db = new GreatSQLContext();
var ruleGroup = await db.Groups.FindAsync(cancellationToken, id.User.RuleGroupID);
// 更新认证数据
id.User.RuleGroup = ruleGroup;
var userRule = (Rule)ruleGroup.Rule;
if ((userRule & Rule) == 0)
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "Unauthorized Group"
}
}
;
var responseMessage = await continuation();
return(responseMessage);
}