/// <summary>
/// 生成url上面的Ticket,一般只有几秒有效期
/// </summary>
/// <param name="userId"></param>
/// <returns></returns>
public string GenerateTicket(string userId)
{
string sourceString = DateTime.Now.ToString("yyyy-MM-dd") + userId + DateTime.Now.ToString("HH:mm:ss");
string ticket = SymmetricEncryptHelper.AesEncode(sourceString, secretKey);
return(Base64SecureURL.Encode(ticket));
}
/// <summary>
/// 解析url上面的Ticket
/// </summary>
/// <param name="ticket"></param>
/// <returns>用户id,如果过期就返回""</returns>
public string DecodeTicket(string ticket)
{
string sourceString = SymmetricEncryptHelper.AesDecode(Base64SecureURL.Decode(ticket), secretKey);
string userId = sourceString.Substring(10, sourceString.Length - 18);
DateTime ticketDateTime = DateTime.Parse(sourceString.Substring(0, 10) + " " + sourceString.Substring(10 + userId.Length));
var diff = DateTime.Now - ticketDateTime;
if (diff.TotalSeconds > ticketTime)
{
return("");
}
return(userId);
}
/// <summary>
///
/// </summary>
/// <param name="filterContext"></param>
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
var actionDescriptor = (ControllerActionDescriptor)filterContext.ActionDescriptor;
IEnumerable <CustomAttributeData> methodAttributes = actionDescriptor.MethodInfo.CustomAttributes;
IEnumerable <CustomAttributeData> controllerAttributes = actionDescriptor.ControllerTypeInfo.CustomAttributes;
bool isAuthorization = true;
string permissionName = "";
foreach (CustomAttributeData item in controllerAttributes)
{
if (item.AttributeType.Name == "AllowAnonymousAttribute")
{
isAuthorization = false;
}
if (item.AttributeType.Name == "SSOAuthorizeAttribute")
{
isAuthorization = true;
if (item.ConstructorArguments.Count > 0)
{
permissionName = item.ConstructorArguments[0].Value.ToString();
}
}
}
foreach (CustomAttributeData item in methodAttributes)
{
if (item.AttributeType.Name == "AllowAnonymousAttribute")
{
isAuthorization = false;
}
if (item.AttributeType.Name == "SSOAuthorizeAttribute")
{
isAuthorization = true;
if (item.ConstructorArguments.Count > 0)
{
permissionName = item.ConstructorArguments[0].Value.ToString();
}
}
}
if (!isAuthorization)
{
return;
}
//验证配置文件
if (!VerifyConfig(filterContext))
{
return;
}
HttpRequest request = filterContext.HttpContext.Request;
var ssourl = request.Query["ssourls"];
var absoluteUrl = AppSettings.GetAbsoluteUri(request);
if (!string.IsNullOrEmpty(ssourl)) //sso 退出
{
var returnUrl = request.Query["returnUrl"];
////////清除本站cookie
List <string> ssoUrls = JsonSerializerHelper.Deserialize <List <string> >(Encoding.UTF8.GetString(Convert.FromBase64String(Base64SecureURL.Decode(ssourl))));
var cookie = request.Cookies[CookieKey];
if (cookie != null)
{
filterContext.HttpContext.Response.Cookies.Delete(CookieKey);
}
/////////////////////
for (var i = 0; i < ssoUrls.Count; i++)
{
if (absoluteUrl.Contains(ssoUrls[i]))
{
ssoUrls.RemoveAt(i);
break;
}
}
if (ssoUrls.Count > 0)
{
string newSsoUrls = JsonSerializerHelper.Serialize(ssoUrls);
filterContext.Result = new RedirectResult(ssoUrls[0] + "?ssourls=" + newSsoUrls.StrToBase64() + "&returnUrl=" + returnUrl);
}
else //最后一个
{
filterContext.Result = new RedirectResult(BaseUrl + "?returnUrl=" + returnUrl);
}
return;
}
string authorization = JwtManager.GetAuthorization(request, CookieKey);
string ticket = request.Query["ticket"];
if (string.IsNullOrEmpty(authorization))
{
if (string.IsNullOrEmpty(ticket))
{
filterContext.Result = GetActionResult(absoluteUrl);
return;
}
else
{
string from = AppSettings.GetApplicationUrl(request).ReplaceHttpPrefix().TrimEnd('/');
authorization = GetTokenByTicket(from, ticket, request.HttpContext.Connection.RemoteIpAddress.ToString());
if (!string.IsNullOrEmpty(authorization))
{
if (CookieTime != "session")
{
filterContext.HttpContext.Response.Cookies.Append(CookieKey, authorization, new CookieOptions()
{
Expires = DateTime.Now.AddMinutes(Convert.ToInt32(CookieTime))
});
}
else
{
filterContext.HttpContext.Response.Cookies.Append(CookieKey, authorization);
}
}
else
{
filterContext.Result = GetActionResult(absoluteUrl);
return;
}
}
}
try
{
var principal = JwtManager.ParseAuthorization(authorization, SecretKey, filterContext.HttpContext);
filterContext.HttpContext.User = principal;
if (!CheckPermission(permissionName, authorization))
{
filterContext.Result = new ResponseModel <string>(ErrorCode.error_permission, "");
}
}
catch (Exception ex) //token失效
{
Log4Net.ErrorLog(ex);
var httpCookie = filterContext.HttpContext.Request.Cookies[CookieKey];
if (httpCookie != null)
{
filterContext.HttpContext.Response.Cookies.Delete(CookieKey);
}
filterContext.Result = GetActionResult(absoluteUrl);
}
}
/// <summary>
/// url 安全的base64 编码 转 string
/// </summary>
/// <returns></returns>
public static string Base64ToStr(this string base64)
{
base64 = Base64SecureURL.Decode(base64);
return(Encoding.UTF8.GetString(Convert.FromBase64String(base64)));
}
/// <summary>
/// string 转成 url 安全的base64 编码
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string StrToBase64(this string str)
{
string base64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(str));
return(Base64SecureURL.Encode(base64));
}