Ejemplo n.º 1
0
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            // 支持预请求
            if (filterContext.HttpContext.Request.HttpMethod.ToLower() == "options")
            {
                filterContext.Result = new EmptyResult();
                return;
            }

            if (!isAuth)
            {
                return;
            }

            ResultWebData result = new ResultWebData();

            //获取token
            string token = filterContext.HttpContext.Request.Headers["QWF-User-Token"].SafeConvert().ToStr();
            string appId = filterContext.HttpContext.Request.Headers["QWF-AppID"].SafeConvert().ToStr();
            //string url = filterContext.HttpContext.Request.RawUrl;
            string url = filterContext.HttpContext.Request.Url.AbsolutePath;

            if (token.StrValidatorHelper().StrIsNullOrEmpty() || appId.StrValidatorHelper().StrIsNullOrEmpty())
            {
                //cookie 取值
                if (filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_UserToken] == null || filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_AppId] == null)
                {
                    throw new QWF.Framework.GlobalException.UIValidateException("用户没有登录或登录超时,请重新登录!", GlobalConst.LoginURL);
                }
                token = filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_UserToken].Value.SafeConvert().ToStr();
                appId = filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_AppId].Value.SafeConvert().ToStr();
            }
            //验证用户
            using (var qwfContext = DbAccess.DbFrameworkContext.Create())
            {
                var identifider = new Services.SvrModels.SvrUserIdentifier()
                {
                    UserId   = 0,
                    UserName = string.Empty
                };

                Services.BLL.UserHelper userHelper = new Services.BLL.UserHelper(qwfContext, identifider);
                //验证用户 token
                Services.BLL.User user = userHelper.CheckUserToken(appId, token);

                //验证用户URL 权限

                if (!user.CheckUserInMenuPermission(url))
                {
                    throw new QWF.Framework.GlobalException.PermissionException(user.GetUserName() + "没有权限访问(" + url + ")");
                }

                //验证通过则 设置当前用户信息到Session
                HttpContext.Current.Session[GlobalConst.SESSION_Key_UserInfo] = user.GetSvrShortUserInfo();
                HttpContext.Current.Session.Timeout = 40;

                qwfContext.SaveChanges();
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        /// 获取当前用户基本信息
        /// </summary>
        /// <returns></returns>
        public static SvrShortUserInfo GetCurrentInfo()
        {
            SvrShortUserInfo currentUser = null;

            //优先在当前Session中取当前用户对象
            if (HttpContext.Current.Session[GlobalConst.SESSION_Key_UserInfo] != null)
            {
                currentUser = (SvrShortUserInfo)HttpContext.Current.Session[GlobalConst.SESSION_Key_UserInfo];
                HttpContext.Current.Session.Timeout = 40;
            }
            else if (HttpContext.Current.Request.Cookies[GlobalConst.COOKIE_Key_UserToken] != null && HttpContext.Current.Request.Cookies[GlobalConst.COOKIE_Key_AppId] != null)
            {
                //在COOKIE获取用户对象
                string token = HttpContext.Current.Request.Cookies[GlobalConst.COOKIE_Key_UserToken].Value.ToString();
                string appId = HttpContext.Current.Request.Cookies[GlobalConst.COOKIE_Key_AppId].Value.ToString();

                using (var qwfContext = DbAccess.DbFrameworkContext.Create())
                {
                    var identifider = new Services.SvrModels.SvrUserIdentifier();

                    Services.BLL.UserHelper userHelper = new Services.BLL.UserHelper(qwfContext, identifider);
                    //验证用户token
                    Services.BLL.User user = userHelper.CheckUserToken(appId, token);

                    //验证通过 设置Seesion
                    HttpContext.Current.Session[GlobalConst.SESSION_Key_UserInfo] = user.GetSvrShortUserInfo();
                    HttpContext.Current.Session.Timeout = 40;

                    qwfContext.SaveChanges();

                    currentUser = user.GetSvrShortUserInfo();
                }
            }

            return(currentUser);
        }