Beispiel #1
0
        /// <summary>
        /// token解密获取用户身份
        /// </summary>
        /// <returns></returns>
        private TokenUserInfo GetCurrentUserFromToken()
        {
            if (currentHttpContext == null)
            {
                return(null);
            }
            var author = currentHttpContext.Request.Headers["Authorization"];

            //var sysCode = _httpContext.Request.Query["SysCode"];
            if (string.IsNullOrWhiteSpace(author) || !author.FirstOrDefault().Contains("Bearer")) //|| sysCode.ToString().IsNullOrWhiteSpace())
            {
                return(null);
            }
            var           token = author.ToString().Substring("Bearer".Length).Trim();
            List <string> list;

            //token校验不通过或者token过期
            if (!SSOHelper.IsTokenValid(token, out list) ||
                Convert.ToDateTime(list[4]).AddMinutes(ConfigService.TokenOverTime) < DateTime.Now)
            {
                return(null);
            }
            //解析token获取用户信息
            var tokenUserInfo = new TokenUserInfo {
                UserID = Convert.ToInt32(list[0]), AccountName = list[1], UserName = list[2], IP = list[3], Token = token
            };

            return(tokenUserInfo);
        }
Beispiel #2
0
        public void OnActionExecuting(ActionExecutingContext context)
        {
            var author = context.HttpContext.Request.Headers["Authorization"];
            var param  = context.HttpContext.Request.GetRequestParam().JsonToObj <RequestBase>();

            //author为空或不以bearer开头
            if (string.IsNullOrWhiteSpace(author) || !author.FirstOrDefault().Contains("Bearer"))
            {
                context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                context.Result = new JsonResult(new { msg = "未知身份" });
                return;
            }
            //提取token
            var           token = author.ToString().Substring("Bearer".Length).Trim();
            List <string> list;

            //token无法解密,不再查询redis。
            if (!SSOHelper.IsTokenValid(token, out list))
            {
                context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                context.Result = new JsonResult(new { msg = "非法token" });
                return;
            }
            //生成token 的时间加上token生效的时间
            if (Convert.ToDateTime(list[4]).AddMinutes(Convert.ToDouble(BaseCore.Configuration.GetSection("AppSetting:TokenOverTime").Value)) < DateTime.Now)
            {
                context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                context.Result = new JsonResult(new { msg = "token已过期" });
                return;
            }
            //解析token获取用户信息
            var tokenUserInfo = new TokenUserInfo {
                UserID = Convert.ToInt32(list[0]), AccountName = list[1], UserName = list[2], IP = list[3], Token = token
            };

            ((BaseController)context.Controller).CurrentUser = tokenUserInfo;

            ////token生成时的ip与当前请求ip不一致
            //if (tokenUserInfo.IP != context.HttpContext.Connection.RemoteIpAddress.ToString())
            //{
            //    context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
            //    context.Result = new JsonResult(new { msg = "非法请求" });
            //    return;
            //}

            //context.Controller
            var redisCache  = (RedisCache)context.HttpContext.RequestServices.GetService(typeof(RedisCache));
            var userInfoKey = ConfigService.GetUserInfoRedisKey(token, param.SysCode);

            //token+sysCode组成的key是否存在
            if (!redisCache.Exists(userInfoKey))
            {
                context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                context.Result = new JsonResult(new { msg = "无权限" });
                return;
            }
        }
Beispiel #3
0
        static void TokenTest( )
        {
            var token = SSOHelper.GenerateToken("1", "boo", "boo", "127.0.0.1");

            Console.WriteLine($"token = {token} \r\n");
            List <string> list   = null;
            var           result = SSOHelper.IsTokenValid(token, out list);

            Console.WriteLine($"Token Valid Result = {result} ,list = {list.ToJson()}");
        }