public LoginDomain BuscarPorEmailSenha(string email, string senha)
{
using (SqlConnection con = new SqlConnection(StringConexao))
{
string QuerySelect = "SELECT ID, NOME, EMAIL, SENHA, TIPO_USUARIO FROM USUARIOS WHERE EMAIL = @EMAIL AND SENHA =@SENHA";
using (SqlCommand cmd = new SqlCommand(QuerySelect, con))
{
cmd.Parameters.AddWithValue("@EMAIL", email);
cmd.Parameters.AddWithValue("@SENHA", senha);
con.Open();
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.HasRows)
{
LoginDomain login = new LoginDomain();
while (sdr.Read())
{
login.ID = Convert.ToInt32(sdr["ID"]);
login.Email = sdr["EMAIL"].ToString();
login.TipoUsuario = sdr["TIPO_USUARIO"].ToString();
}
return(login);
}
}
return(null);
}
}
public IHttpActionResult PostIsLogin([FromBody] dynamic value)
{
RetJsonModel result = new RetJsonModel();
try
{
string UserId = Convert.ToString(value.user_id);
//数据校验
RunVerify VD = new RunVerify();
VD.Run(UserId, new VerifyUser());
LoginDomain LD = new LoginDomain();
result = LD.IsLogin(UserId);
return(Json(result));
}
catch (Exception ex)
{
//记录失败日志
FunctionHelper.SaveFailLog("Login", "PostIsLogin", "api/login/status", "验证账号是否处在登陆中", Convert.ToString(value), ex.Message.ToString(), "POST");
result.status = 0;
result.msg = "数据异常,请重试";
result.time = FunctionHelper.GetTimestamp();
result.data = false;
return(Json(result));
}
}
public IHttpActionResult GetPermission(string user_id)
{
RetJsonModel result = new RetJsonModel();
try
{
LoginDomain LD = new LoginDomain();
//数据校验
RunVerify VD = new RunVerify();
VD.Run(user_id, new VerifyUser());
result = LD.GetRolePermission(user_id);
return(Json(result));
}
catch (Exception ex)
{
//记录失败日志
FunctionHelper.SaveFailLog("Login", "GetPermission", "api/login/per", "获取当前账号拥有的权限", "当前登录用户ID:" + user_id, ex.Message.ToString(), "POST");
result.status = 0;
result.msg = "数据异常,请重试";
result.time = FunctionHelper.GetTimestamp();
result.data = new List <string>();
return(Json(result));
}
}
public static LoginDomain LoginMapper(IDataReader reader)
{
LoginDomain model = new LoginDomain();
int index = 0;
model.Id = reader.GetInt32(index++);
model.Email = reader.GetString(index++);
model.Salt = reader.GetString(index++);
model.Password = reader.GetString(index++);
model.ModifiedBy = reader.GetString(index++);
return(model);
}
public void Update(LoginDomain user)
{
try
{
_repository.Update(new User
{
Email = user.email,
Password = user.password
});
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
public LoginDomain UserLogin(string email, string passwordHash)
{
LoginDomain response = new LoginDomain();
_dataProvider.ExecuteCmd(
"Login_Insert",
inputParamMapper : delegate(SqlParameterCollection paramList)
{
paramList.AddWithValue("Email", email);
paramList.AddWithValue("Password", passwordHash);
},
singleRecordMapper : delegate(IDataReader reader, short set)
{
response = LoginMapper(reader);
});
return(response);
}
public void Cadastrar(LoginDomain login)
{
using (SqlConnection con = new SqlConnection(StringConexao))
{
string QueryInsert = "INSERT INTO USUARIOS(EMAIL,SENHA,TIPO_USUARIO) VALUES (@EMAIL,@SENHA,@TIPO_USUARIO)";
using (SqlCommand cmd = new SqlCommand(QueryInsert, con))
{
cmd.Parameters.AddWithValue("@EMAIL", login.Email);
cmd.Parameters.AddWithValue("@SENHA", login.Senha);
cmd.Parameters.AddWithValue("@TIPO_USUARIO", login.TipoUsuario);
con.Open();
cmd.ExecuteNonQuery();
}
}
}
public async Task <string> Login(LoginDto loginDto)
{
var user = await _authRepository.GetUser(loginDto.Username);
if (user == null)
{
throw new Exception("User not found or password does not match");
}
if (!LoginDomain.VerifyPassword(loginDto.Password, user.Password, user.Salt))
{
throw new Exception("User not found or password does not match");
}
var token = _authRepository.CreateToken(user);
return(token);
}
public IActionResult Post(LoginDomain usuario)
{
try
{
//Chama o repositorio para efetuar o cadastro do usuário
LoginRepository.Cadastrar(usuario);
//Retorna um status code 200 informando que o usuário foi cadastrado
return(Ok(new
{
mensagem = "Usuário Cadastrado"
}));
}
catch
{
return(BadRequest());
}
}
public async Task <bool> Register(RegisterDto registerDto)
{
try {
byte[] passwordHash, salt;
if (_authRepository.GetUser(registerDto.Username) != null)
{
throw new Exception("This username is already registered");
}
LoginDomain.CreatePasswordHash(registerDto.Password, out passwordHash, out salt);
var user = new User()
{
Username = registerDto.Username,
Password = passwordHash,
Salt = salt
};
await _authRepository.Register(user);
return(true);
} catch (Exception ex) {
throw ex;
}
}
public IHttpActionResult PostLogin([FromBody] dynamic value)
{
RetJsonModel result = new RetJsonModel();
try
{
string UserId = Convert.ToString(value.user_id);
string PassWord = Convert.ToString(value.password);
LoginDomain LD = new LoginDomain();
result = LD.Login(UserId, PassWord);
return(Json(result));
}
catch (Exception ex)
{
//记录错误日志
FunctionHelper.SaveFailLog("Login", "PostLogin", "api/login/login", "登录接口", Convert.ToString(value), ex.Message.ToString(), "POST");
result.status = 0;
result.time = FunctionHelper.GetTimestamp();
result.msg = "登录失败,请重试";
return(Json(result));
}
}
public Result <User> Authorize(LoginDomain userData)
{
var user = _repository.GetByEmail(userData.email);
var result = new Result <User>();
if (user.Password == Md5.Generate(userData.password))
{
result.Success = true;
result.Message = "Authorized.";
result.Data = new User
{
Id = user.Id,
Name = user.Name,
Email = user.Email
};
}
else
{
result.Success = false;
result.Message = "Not authorized.";
}
return(result);
}
public Result <IUser> Authorize(LoginDomain userData)
{
var result = new Result <IUser>();
if (userData.email == "*****@*****.**" && userData.password == "1234567890")
{
result.Success = true;
result.Message = "User authorized.";
result.Data = new LoggedUser
{
Id = 1,
Name = userData.email,
Credentials = "01|02|09",
IsAdmin = false
};
}
else
{
result.Success = false;
result.Message = "Not authorized.";
}
return(result);
}
private bool IsAccessible(HubDescriptor hubDescriptor, IRequest request)
{
try
{
#region Connection validity check
// Find request principle.
var principle = request.User;
// Request has been authenticated before.
if (principle != null && principle.Identity != null && principle.Identity.IsAuthenticated)
{
return(true);
}
#endregion
#region Authentication cookie analyze
// Find authentication cookie from the request.
var formAuthenticationCookie = request.Cookies[FormsAuthentication.FormsCookieName];
// Invalid form authentication cookie.
if (formAuthenticationCookie == null)
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error("Invalid authentication cookie");
return(false);
}
//Cookie value is invalid
if (string.IsNullOrWhiteSpace(formAuthenticationCookie.Value))
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error("Invalid authentication cookie value");
return(false);
}
#endregion
#region Form authentication ticket
// Decrypt the authentication cookie value to authentication ticket instance.
var formAuthenticationTicket = FormsAuthentication.Decrypt(formAuthenticationCookie.Value);
// Ticket is invalid.
if (formAuthenticationTicket == null)
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error("Invalid authentication cookie ticket");
return(false);
}
// User data is invalid.
if (string.IsNullOrWhiteSpace(formAuthenticationTicket.UserData))
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error("Invalid authentication cookie user data");
return(false);
}
#endregion
#region IP Address validation
// Find the user data in the ticket.
var loginViewModel = JsonConvert.DeserializeObject <LoginItem>(formAuthenticationTicket.UserData);
// User data is invalid.
if (loginViewModel == null)
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error("Authentication ticket information is invalid.");
return(false);
}
// Find IP Address of request.
var requestIpAddress = _loginDomain.FindRequestIpAddress(request.GetHttpContext());
// Cookie doesn't come from the same origin.
if (string.IsNullOrEmpty(requestIpAddress) || !requestIpAddress.Equals(loginViewModel.IpAddress))
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error(string.Format("Cookie doesn't come from the same origin as the request (Source: {0} - Target: {1})", loginViewModel.IpAddress, loginViewModel.Password));
return(false);
}
#endregion
#region Passsword
// No password is included in cookie.
if (string.IsNullOrEmpty(loginViewModel.Password))
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error("No password is included in the cookie.");
return(false);
}
// Find password setting.
var passwordSetting = _loginDomain.FindPasswordSetting(loginViewModel.Password);
if (passwordSetting == null)
{
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error(string.Format("Password {0}", loginViewModel.Password));
return(false);
}
#endregion
#region Terminal
// Analyze client ip address.
var ips = LoginDomain.AnalyzeIpAddress(requestIpAddress);
// Find terminal by searching ip address.
var terminal = _loginDomain.FindTerminalFromIpAddress(ips);
// No terminal has been found in the request.
if (terminal == null)
{
// Unauthenticated request is allowed to access function.
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error(string.Format("No terminal has been found with IP : {0}", requestIpAddress));
return(false);
}
// Accessible terminals are defined.
// Terminal cannot access to the sensitive hub.
if (_accessibleTerminals != null && !_accessibleTerminals.Any(x => x.Equals(terminal.F06_TerminalNo)))
{
// Unauthenticated request is allowed to access function.
if (IsAnonymousAllowed(hubDescriptor))
{
return(true);
}
Logger.Error(string.Format("No terminal has been found with IP : {0}", requestIpAddress));
return(false);
}
#endregion
var claimIdentity = new ClaimsIdentity(null, _loginDomain.AuthenticationClaimName);
claimIdentity.AddClaim(new Claim(ClientIdentities.TerminalNo, terminal.F06_TerminalNo));
claimIdentity.AddClaim(new Claim(ClientIdentities.IpAddress, requestIpAddress));
var httpContext = request.GetHttpContext();
httpContext.User = new ClaimsPrincipal(claimIdentity);
return(true);
}
catch (Exception exception)
{
Logger.Error(exception.Message, exception);
return(false);
}
}
/// <summary>
/// This function is for parsing cookie, querying database and decide whether user can access the function or not.
/// </summary>
/// <param name="authorizationContext"></param>
public void OnAuthorization(AuthorizationContext authorizationContext)
{
#if !UNAUTHORIZED_DEBUG
using (var context = new KCSGDbContext())
using (var unitOfWork = new UnitOfWork(context))
{
try
{
var loginDomain = new LoginDomain(unitOfWork);
// Initiate authentication result.
var authenticationResult = new AuthenticationResult();
#region Authentication cookie & ticket validation
var formAuthenticationCookie =
authorizationContext.RequestContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (formAuthenticationCookie == null)
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
FormsAuthentication.SignOut();
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error("Authentication cookie is invalid.");
return;
}
//Cookie value is invalid
if (string.IsNullOrWhiteSpace(formAuthenticationCookie.Value))
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error("Authentication cookie value is invalid.");
return;
}
// Decrypt the authentication cookie value to authentication ticket instance.
var formAuthenticationTicket = FormsAuthentication.Decrypt(formAuthenticationCookie.Value);
// Ticket is invalid.
if (formAuthenticationTicket == null)
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error("Authentication ticket is not valid.");
return;
}
// User data is invalid.
if (string.IsNullOrWhiteSpace(formAuthenticationTicket.UserData))
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error("Authentication ticket's user data is invalid.");
return;
}
#endregion
#region IP Address validation
// Find the user data in the ticket.
var loginViewModel = JsonConvert.DeserializeObject <LoginItem>(formAuthenticationTicket.UserData);
// User data is invalid.
if (loginViewModel == null)
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error("Authentication ticket information is invalid.");
return;
}
// Find IP Address of request.
var requestIpAddress = loginDomain.FindRequestIpAddress(authorizationContext.HttpContext);
// Cookie doesn't come from the same origin.
if (string.IsNullOrEmpty(requestIpAddress) || !requestIpAddress.Equals(loginViewModel.IpAddress))
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error(string.Format("Cookie doesn't come from the same origin as the request (Source: {0} - Target: {1})", loginViewModel.IpAddress, loginViewModel.Password));
return;
}
#endregion
#region Passsword
// No password is included in cookie.
if (string.IsNullOrEmpty(loginViewModel.Password))
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error("No password is included in the cookie.");
return;
}
// Find password setting.
var passwordSetting = loginDomain.FindPasswordSetting(loginViewModel.Password);
if (passwordSetting == null)
{
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error(string.Format("Password {0}", loginViewModel.Password));
return;
}
// Find the password level.
authenticationResult.PasswordLevel = passwordSetting.F16_PswdLevel;
#endregion
#region Terminal
// Analyze client ip address.
var ips = loginDomain.AnalyzeIpAddress(requestIpAddress);
// Find terminal by searching ip address.
var terminal = loginDomain.FindTerminalFromIpAddress(ips);
// No terminal has been found in the request.
if (terminal == null)
{
// Unauthenticated request is allowed to access function.
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Sign the user out to clear the cookie.
FormsAuthentication.SignOut();
// Treat the request as unauthorized.
authorizationContext.Result = new HttpUnauthorizedResult();
Log.Error(string.Format("No terminal has been found with IP : {0}", requestIpAddress));
return;
}
// Update authentication result.
authenticationResult.TerminalNo = terminal.F06_TerminalNo;
#endregion
#region Cookie authentication
// Find the current system time on the server.
var systemTime = DateTime.Now;
// Login is successful, save the information in the cookie for future use.
formAuthenticationTicket = new FormsAuthenticationTicket(1, loginDomain.AuthenticationTicketName, systemTime,
systemTime.AddMinutes(30), true, JsonConvert.SerializeObject(loginViewModel));
// Initialize cookie contain the authorization ticket.
var httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formAuthenticationTicket));
authorizationContext.HttpContext.Response.Cookies.Add(httpCookie);
// Set credential for the HttpContext.
var claimIdentity = new ClaimsIdentity(null, loginDomain.AuthenticationClaimName);
claimIdentity.AddClaim(new Claim(ClientIdentities.TerminalNo, authenticationResult.TerminalNo));
claimIdentity.AddClaim(new Claim(ClientIdentities.IpAddress, requestIpAddress));
claimIdentity.AddClaim(new Claim(ClientIdentities.PasswordLevel, authenticationResult.PasswordLevel));
#endregion
#region Accessible screens
// Find list of accessible screens by using terminal functions & functions management.
var availableScreens = loginDomain.FindAccessibleScreens(authenticationResult.TerminalNo,
authenticationResult.PasswordLevel);
// No screen has been found.
if (availableScreens == null || availableScreens.Count < 1)
{
// Unauthenticated request is allowed to access function.
if (IsAnonymousAllowed(authorizationContext))
{
return;
}
// Treat the request as forbidden.
authorizationContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
Log.Error(string.Format("No available screen has been found for terminal {0}", authenticationResult.TerminalNo));
return;
}
// Update available screens list to the terminal.
authenticationResult.AccessibleScreens = availableScreens;
// Identity update.
claimIdentity.AddClaim(new Claim(ClientIdentities.AccessibleScreens, string.Join(",", authenticationResult.AccessibleScreens)));
if (_screens != null)
{
claimIdentity.AddClaim(new Claim(ClientIdentities.AccessingScreen, string.Join(",", _screens)));
}
var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
authorizationContext.HttpContext.User = claimsPrincipal;
// At least one screen has been specified to the target controller/action.
if (_screens != null && _screens.Length > 0)
{
// Check whether terminal can access to screen or not.
var isScreenAccessible = availableScreens.Any(x => _screens.Any(y => x.Equals(y)));
if (!isScreenAccessible)
{
// Treat the request as forbidden.
authorizationContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
Log.Error(string.Format("Terminal {0} cannot access to screens : {1}", authenticationResult.TerminalNo, string.Join(",", _screens)));
}
}
// Access of terminal to screen is locked.
if (IsAccessLocked(terminal.F06_TerminalNo))
{
var urlHelper = new UrlHelper(HttpContext.Current.Request.RequestContext);
authorizationContext.Result = new RedirectResult(urlHelper.Action("Index", "Home", new { Area = "", @isLockScreen = true }));
}
#endregion
}
catch (UnauthorizedAccessException)
{
authorizationContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
}
}
#elif UNAUTHORIZED_DEBUG
#endif
}
