/// <summary>
/// 身份合法验证
/// match_signature:加密签名
/// match_timestamp:时间戳
/// match_nonce:1-20个随机数字字符
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(HttpActionContext actionContext)
{
#region 1. 判断是否登录合法用户
if (actionContext.ActionDescriptor.ControllerDescriptor
.GetCustomAttributes <HCQ2_Common.Attributes.SkipApiAttribute>(false).Count == 0)
{
//控制器未加登录排除特性 需要验证是否登录
string userid = HttpContext.Current.Request[AuthorityConstant.USER_ID];//用户编码
userid = (string.IsNullOrEmpty(userid)) ? HttpContext.Current.Request.Headers[AuthorityConstant.USER_ID] : userid;
userid = (string.IsNullOrEmpty(userid)) ? HttpContext.Current.Request.Form[AuthorityConstant.USER_ID] : userid;
if (string.IsNullOrEmpty(userid))
{
System.IO.Stream postData = HttpContext.Current.Request.InputStream;
System.IO.StreamReader sreader = new System.IO.StreamReader(postData);
string postContext = sreader.ReadToEnd();
//sreader.Close();
if (!string.IsNullOrEmpty(postContext) && postContext.IndexOf(AuthorityConstant.USER_ID) > -1)
{
HCQ2_Model.WebApiModel.ParamModel.CheckLoginBaseModel model =
JsonHelper.JsonStrToObject <HCQ2_Model.WebApiModel.ParamModel.CheckLoginBaseModel>(
postContext);
userid = model.userid;
}
}
if (string.IsNullOrEmpty(userid))
{
//如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
{
errcode = WebResultCode.Error,
errmsg = "非法用户~",
value = null
});
}
else
{
//验证是否合法登录用户
HCQ2_Model.T_User user =
OperateContext.Current.bllSession.T_User.Select(s => s.user_guid.Equals(userid))
.FirstOrDefault();
if (null == user)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
{
errcode = WebResultCode.Error,
errmsg = "非法用户~",
value = null
});
}
}
}
#endregion
}
/// <summary>
/// 身份合法验证
/// match_signature:加密签名
/// match_timestamp:时间戳
/// match_nonce:1-20个随机数字字符
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(HttpActionContext actionContext)
{
//获取请求的Action
string action = actionContext.ActionDescriptor.ActionName;
string postContext = string.Empty;
//已被注释
#region 1. 从http请求头里获取需要验证的数据信息
string match_signature = HttpContext.Current.Request[AuthorityConstant.MATCH_SIGNATURE]; //加密签名
string match_timestamp = HttpContext.Current.Request[AuthorityConstant.MATCH_TIMESTAMP]; //时间戳
string match_nonce = HttpContext.Current.Request[AuthorityConstant.MATCH_NONCE]; //随机字符串1-20
match_signature = (string.IsNullOrEmpty(match_signature)) ? HttpContext.Current.Request.Headers[AuthorityConstant.MATCH_SIGNATURE] : match_signature;
match_signature = (string.IsNullOrEmpty(match_signature)) ? HttpContext.Current.Request.Form[AuthorityConstant.MATCH_SIGNATURE] : match_signature;
match_timestamp = (string.IsNullOrEmpty(match_timestamp))
? HttpContext.Current.Request.Headers[AuthorityConstant.MATCH_TIMESTAMP]
: match_timestamp;
match_timestamp = (string.IsNullOrEmpty(match_timestamp)) ? HttpContext.Current.Request.Form[AuthorityConstant.MATCH_TIMESTAMP] : match_timestamp;
match_nonce = (string.IsNullOrEmpty(match_nonce))
? HttpContext.Current.Request.Headers[AuthorityConstant.MATCH_NONCE]
: match_nonce;
match_nonce = (string.IsNullOrEmpty(match_nonce)) ? HttpContext.Current.Request.Form[AuthorityConstant.MATCH_NONCE] : match_nonce;
if (string.IsNullOrEmpty(match_signature))
{
System.IO.Stream postData = HttpContext.Current.Request.InputStream;
System.IO.StreamReader sreader = new System.IO.StreamReader(postData);
postContext = sreader.ReadToEnd();
//sreader.Close();
if (!string.IsNullOrEmpty(postContext) && postContext.IndexOf(AuthorityConstant.MATCH_SIGNATURE) > -1)
{
HCQ2_Model.WebApiModel.ParamModel.CheckParam model =
JsonHelper.JsonStrToObject <HCQ2_Model.WebApiModel.ParamModel.CheckParam>(
postContext);
match_signature = model.match_signature;
match_timestamp = model.match_timestamp;
match_nonce = model.match_nonce;
}
}
if (string.IsNullOrEmpty(match_signature))
{
//如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
{
errcode = WebResultCode.Exception,
errmsg = "授权验证信息不全~",
value = null
});
}
#endregion
#region 2. 验证数据
else
{
//2. 获取请求头部参数不为空Request[AuthorityConstant.MATCH_SIGNATURE]
bool mark = Authority.AuthorityCheck.AuthoritySignature(match_signature, match_timestamp,
match_nonce);
if (!mark)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
{
errcode = WebResultCode.Error,
errmsg = WebApiStatusCode.认证失败.ToString(),
value = null
});
}
else
{
#region 3. 判断是否登录合法用户 ----------注释
//if (actionContext.ActionDescriptor.ControllerDescriptor
// .GetCustomAttributes<HCQ2_Common.Attributes.SkipApiAttribute>(false).Count == 0)
//{
// //控制器未加登录排除特性 需要验证是否登录
// string userid = HttpContext.Current.Request[AuthorityConstant.USER_ID];//用户编码
// userid = (string.IsNullOrEmpty(userid)) ? HttpContext.Current.Request.Headers[AuthorityConstant.USER_ID] : userid;
// userid = (string.IsNullOrEmpty(userid)) ? HttpContext.Current.Request.Form[AuthorityConstant.USER_ID] : userid;
// if (string.IsNullOrEmpty(userid))
// {
// //如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401
// actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
// new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
// {
// errcode = WebResultCode.Error,
// errmsg = "非法用户~",
// value = null
// });
// }
// else
// {
// //验证是否合法登录用户
// HCQ2_Model.T_User user =
// OperateContext.Current.bllSession.T_User.Select(s => s.user_guid.Equals(userid))
// .FirstOrDefault();
// if (null == user)
// {
// actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
// new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
// {
// errcode = WebResultCode.Error,
// errmsg = "非法用户~",
// value = null
// });
// }
// }
//}
#endregion
#region 3. 判断是否登录合法用户
if (actionContext.ActionDescriptor.ControllerDescriptor
.GetCustomAttributes <HCQ2_Common.Attributes.SkipApiAttribute>(false).Count == 0)
{
//控制器未加登录排除特性 需要验证是否登录
string userid = HttpContext.Current.Request[AuthorityConstant.USER_ID];//用户编码
userid = (string.IsNullOrEmpty(userid)) ? HttpContext.Current.Request.Headers[AuthorityConstant.USER_ID] : userid;
userid = (string.IsNullOrEmpty(userid)) ? HttpContext.Current.Request.Form[AuthorityConstant.USER_ID] : userid;
if (string.IsNullOrEmpty(userid))
{
if (string.IsNullOrEmpty(postContext))
{
System.IO.Stream postData = HttpContext.Current.Request.InputStream;
System.IO.StreamReader sreader = new System.IO.StreamReader(postData);
postContext = sreader.ReadToEnd();
}
//sreader.Close();
if (!string.IsNullOrEmpty(postContext) && postContext.IndexOf(AuthorityConstant.USER_ID) > -1)
{
HCQ2_Model.WebApiModel.ParamModel.CheckLoginBaseModel model =
JsonHelper.JsonStrToObject <HCQ2_Model.WebApiModel.ParamModel.CheckLoginBaseModel>(
postContext);
userid = model.userid;
}
}
if (string.IsNullOrEmpty(userid))
{
//如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
{
errcode = WebResultCode.Error,
errmsg = "非法用户~",
value = null
});
}
else
{
//验证是否合法登录用户
HCQ2_Model.T_User user =
OperateContext.Current.bllSession.T_User.Select(s => s.user_guid.Equals(userid))
.FirstOrDefault();
if (null == user)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
new HCQ2_Model.ViewModel.WebAPI.WebApiResultJsonModel()
{
errcode = WebResultCode.Error,
errmsg = "非法用户~",
value = null
});
}
}
}
#endregion
}
}
#endregion
//3. 判断是否登录合法用户
}
