public CallResult CreateTicket(string ticket, string clientIP)
{
try
{
if (string.IsNullOrEmpty(ticket))
return new CallResult(-1, "票据为空。");
else if (string.IsNullOrEmpty(clientIP))
return new CallResult(-1, "客户端IP地址为空。");
else
{
SSOAuthTicket authTicket = new SSOAuthTicket(ticket);
if (authTicket == null)
return new CallResult(-1, "票据格式不正确。");
else if (!authTicket.HasValid)
return new CallResult(-1, "票据无效。");
else
{
bool result = this.provider.CreateTicket(authTicket, clientIP);
return new CallResult(result ? 0 : -1, result ? "创建票据存储成功。" : "发生未知异常。");
}
}
}
catch (Exception e)
{
return new CallResult(-1, e.Message);
}
}
/// <summary>
/// 创建票据数据存储。
/// </summary>
/// <param name="ticket">票据。</param>
/// <param name="clientIP">客户端IP地址。</param>
/// <returns></returns>
public bool CreateTicket(SSOAuthTicket ticket, string clientIP)
{
bool result = false;
if (ticket != null && ticket.HasValid)
{
string err = null;
result = this.TicketVerification(ref ticket, clientIP, out err);
if (!result)
{
SSOTicket data = new SSOTicket();
data.Token = ticket.Token;
data.UserData = ticket.UserData;
data.IssueDate = ticket.IssueDate;
data.Expiration = ticket.Expiration;
data.IssueClientIP = clientIP;
data.RenewalCount = 0;
data.LastRenewalIP = string.Empty;
this.sSOTicketEntity.DestroyTicket(data.UserData);
result = this.sSOTicketEntity.UpdateRecord(data);
}
}
return result;
}
public SSOCallResult TicketVerification(string ticket, string clientIP)
{
try
{
if (string.IsNullOrEmpty(ticket))
return new SSOCallResult(-1, "票据为空。");
else if (string.IsNullOrEmpty(clientIP))
return new SSOCallResult(-1, "客户端IP地址为空。");
else
{
SSOAuthTicket authTicket = new SSOAuthTicket(ticket);
if (authTicket == null)
return new SSOCallResult(-1, "票据格式不正确。");
else if (!authTicket.HasValid)
return new SSOCallResult(-1, "票据无效。");
else
{
string err = null;
bool result = this.provider.TicketVerification(ref authTicket, clientIP, out err);
if (result)
return new SSOCallResult(0, authTicket.ToString(), err);
return new SSOCallResult(-1, err);
}
}
}
catch (Exception e)
{
return new SSOCallResult(-1, e.Message);
}
}
public SSOCallResult DestroyTicket(string ticket, string clientIP)
{
try
{
if (string.IsNullOrEmpty(ticket))
return new SSOCallResult(-1, "票据为空。");
else if (string.IsNullOrEmpty(clientIP))
return new SSOCallResult(-1, "客户端IP地址为空。");
else
{
SSOAuthTicket authTicket = new SSOAuthTicket(ticket);
if (authTicket == null)
return new SSOCallResult(-1, "票据格式不正确。");
else if (!authTicket.HasValid)
return new SSOCallResult(-1, "票据无效。");
else
{
bool result = this.provider.DestroyTicket(ref authTicket, clientIP);
if (result)
return new SSOCallResult(0, authTicket.ToString(), "销毁票据成功。");
return new SSOCallResult(-1, "发生未知错误。");
}
}
}
catch (Exception e)
{
return new SSOCallResult(-1, e.Message);
}
}
/// <summary>
/// 设置当前上下文的票据。
/// </summary>
/// <param name="context"></param>
/// <param name="ticket"></param>
/// <returns></returns>
bool SetCurrentAuthTicket(HttpContext context, SSOAuthTicket ticket)
{
bool result = false;
string ticketName = this.config.TicketName;
if (context != null && ticket != null && !string.IsNullOrEmpty(ticketName))
{
switch (this.config.LocalStorage)
{
case EnumLocalStorage.Cookies:
HttpCookie cookie = context.Request.Cookies[ticketName];
if (cookie != null)
{
cookie.Value = ticket.ToString();
context.Response.SetCookie(cookie);
}
else
{
cookie = new HttpCookie(ticketName, ticket.ToString());
context.Response.AppendCookie(cookie);
}
result = true;
break;
case EnumLocalStorage.Session:
context.Session[ticketName] = ticket.ToString();
result = true;
break;
}
}
return result;
}
/// <summary>
/// 从当前上下文中获取票据。
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
SSOAuthTicket CurrentAuthTicket(HttpContext context)
{
lock (this)
{
iPower.IRMP.SSO.SSOAuthTicket ticket = null;
string ticketName = this.config.TicketName;
if (context != null && !string.IsNullOrEmpty(ticketName))
{
switch (this.config.LocalStorage)
{
case EnumLocalStorage.Cookies:
HttpCookie cookie = context.Request.Cookies[ticketName];
if (cookie != null)
ticket = new SSOAuthTicket(cookie.Value);
break;
case EnumLocalStorage.Session:
object obj = context.Session[ticketName];
if (obj != null)
ticket = new SSOAuthTicket(obj.ToString());
break;
}
}
return ticket;
}
}
/// <summary>
/// 用户登录(不跳转)。
/// </summary>
/// <param name="userSign">用户登录账号。</param>
/// <param name="password">用户登录密码。</param>
/// <param name="err">异常错误信息。</param>
/// <returns>登录成功返回true,失败返回false。</returns>
public bool SignInNotRedirect(string userSign, string password, out string err)
{
lock (this)
{
err = null;
bool result = false;
try
{
if (string.IsNullOrEmpty(userSign) || string.IsNullOrEmpty(password))
err = "用户登录帐号或密码为空!";
else
{
SSOCallResult callResult = this.ServicePoxy.SignIn(userSign, password);
result = callResult.ResultCode == 0;
err = callResult.ResultMessage;
if (result)
{
SSOAuthTicket ticket = new SSOAuthTicket(callResult.Ticket);
result = this.SetCurrentAuthTicket(HttpContext.Current, ticket);
}
}
}
catch (Exception e)
{
err = e.Message;
}
return result;
}
}
/// <summary>
/// 初始化模块,并使其为处理请求做好准备。
/// </summary>
/// <param name="context"></param>
public void Init(HttpApplication context)
{
if (context != null)
{
context.PreRequestHandlerExecute += new EventHandler(delegate(object sender, EventArgs e)
{
#region 验证单点登录。
try
{
lock (this)
{
HttpApplication app = sender as HttpApplication;
if (app != null && app.Context != null)
{
IUser userInfo = app.Context.Handler as IUser;
if (userInfo != null)
{
SSOAuthTicket ticket = this.CurrentAuthTicket(app.Context);
if (ticket != null && ticket.HasValid)
{
SSOCallResult callResult = this.ServicePoxy.TicketVerification(ticket.ToString());
if (callResult.ResultCode == 0)
{
ticket = new SSOAuthTicket(callResult.Ticket);
userInfo.CurrentUserID = ticket.CurrentUserID;
userInfo.CurrentUserName = ticket.CurrentUserName;
this.SetCurrentAuthTicket(app.Context, ticket);
}
else
{
userInfo.CurrentUserID = GUIDEx.Null;
userInfo.CurrentUserName = string.Empty;
this.log.CreateWarningLog(callResult.ResultMessage);
}
}
if (!userInfo.CurrentUserID.IsValid && !this.IsIgnore(app.Context.Request.Url))
{
this.RedirectLogin(app.Context);
}
}
}
}
}
catch (Exception ex)
{
this.log.CreateErrorLog(ex.Message);
throw ex;
}
#endregion
});
context.PostRequestHandlerExecute += new EventHandler(delegate(object sender, EventArgs e)
{
#region 验证用户系统授权。
lock (this)
{
HttpApplication app = sender as HttpApplication;
if (app != null && !this.IsIgnore(app.Context.Request.Url))
{
IUser userInfo = app.Context.Handler as IUser;
ISystem systemInfo = app.Context.Handler as ISystem;
if (userInfo != null && systemInfo != null && userInfo.CurrentUserID.IsValid && systemInfo.CurrentSystemID.IsValid)
{
CallResult callResult = this.ServicePoxy.UserAuthorizationVerification(userInfo.CurrentUserID, systemInfo.CurrentSystemID,
app.Context.Request.UserHostAddress);
if (callResult != null && callResult.ResultCode == -1)
{
throw new Exception(callResult.ResultMessage);
}
}
}
}
#endregion
});
}
}
/// <summary>
/// 验证票据的存储。
/// </summary>
/// <param name="ticket">票据。</param>
/// <param name="clientIP">客户端IP地址。</param>
/// <param name="err">异常错误信息。</param>
/// <returns></returns>
public bool TicketVerification(ref SSOAuthTicket ticket,string clientIP, out string err)
{
bool result = false;
err = null;
try
{
if (string.IsNullOrEmpty(clientIP))
throw new ArgumentNullException("clientIP", "客户端IP地址不能为空!");
if (!ticket.HasValid)
err = "票据无效!";
else
result = this.ssoTicketDbProvider.TicketVerification(ref ticket, clientIP, out err);
}
catch (Exception e)
{
err = e.Message;
}
return result;
}
/// <summary>
/// 验证票据的存储。
/// </summary>
/// <param name="ticket">票据。</param>
/// <param name="clientIP">客户端IP地址。</param>
/// <param name="err">异常错误信息。</param>
/// <returns></returns>
public bool TicketVerification(ref SSOAuthTicket ticket, string clientIP, out string err)
{
bool result = false;
err = null;
if (!ticket.HasValid)
err = "票据无效。";
else if (string.IsNullOrEmpty(clientIP))
err = "客户端IP地址为空。";
else
{
SSOTicket data = new SSOTicket();
data.Token = ticket.Token;
result = this.sSOTicketEntity.LoadRecord(ref data);
if (!result)
err = "票据在数据库中不存在。";
else if (!data.HasValid)
err = "数据库中的票据已无效。";
else
{
try
{
err = "票据有效。";
double interval = Math.Abs((ticket.Expiration - ticket.IssueDate).TotalSeconds);
if ((interval > 0) && (Math.Abs((data.Expiration - DateTime.Now).TotalSeconds) <= (interval / 3.0)))
{
DateTime newExpiration = data.Expiration.AddSeconds(interval);
ticket.Expiration = data.Expiration = newExpiration;
data.RenewalCount += 1;
data.LastRenewalIP = clientIP;
result = this.sSOTicketEntity.UpdateRecord(data);
err = "票据已续约。";
}
}
catch (Exception e)
{
err = e.Message;
}
}
}
return result;
}
/// <summary>
/// 销毁票据。
/// </summary>
/// <param name="ticket">票据。</param>
/// <param name="clientIP">客户端IP地址。</param>
/// <returns></returns>
public bool DestroyTicket(ref SSOAuthTicket ticket, string clientIP)
{
bool result = false;
if (ticket.HasValid && !string.IsNullOrEmpty(clientIP))
{
DateTime expiration = DateTime.Now;
SSOTicket data = new SSOTicket();
data.Token = ticket.Token;
if (this.sSOTicketEntity.LoadRecord(ref data))
{
if (data.HasValid)
{
data.Expiration = expiration;
data.LastRenewalIP = clientIP;
result = this.sSOTicketEntity.UpdateRecord(data);
}
}
ticket.Expiration = expiration;
if (!result)
result = true;
}
return result;
}
public bool TicketVerification(ref SSOAuthTicket ticket, string clientIP, out string err)
{
try
{
Poxy.SSOCallResult callResult = this.providerService.TicketVerification(ticket.ToString(), clientIP);
err = callResult.ResultMessage;
bool result = callResult.ResultCode == 0;
if (result)
ticket = new SSOAuthTicket(callResult.Ticket);
return result;
}
catch (Exception e)
{
err = e.Message;
return false;
}
}
public bool DestroyTicket(ref SSOAuthTicket ticket, string clientIP)
{
Poxy.SSOCallResult callResult = this.providerService.DestroyTicket(ticket.ToString(), clientIP);
bool result = callResult.ResultCode == 0;
if (result)
ticket = new SSOAuthTicket(callResult.Ticket);
else
throw new Exception(callResult.ResultMessage);
return result;
}
public bool CreateTicket(SSOAuthTicket ticket, string clientIP)
{
Poxy.CallResult callResult = this.providerService.CreateTicket(ticket.ToString(), clientIP);
bool result = (callResult.ResultCode == 0);
if (!result)
throw new Exception(callResult.ResultMessage);
return result;
}
/// <summary>
/// 验证用户名和密码。
/// </summary>
/// <param name="systemID">系统ID。</param>
/// <param name="userSign">用户账号。</param>
/// <param name="password">用户密码。</param>
/// <param name="clientIP">客户端IP地址。</param>
/// <param name="err">异常错误信息。</param>
/// <returns>如果用户名和密码有效,则返回用户信息;否则返回null。</returns>
public SSOAuthTicket UserAuthorizationVerification(string systemID, string userSign, string password, string clientIP, out string err)
{
SSOAuthTicket ticket = null;
err = null;
try
{
if (string.IsNullOrEmpty(systemID))
throw new ArgumentNullException("systemID", "系统ID不能为空!");
else if (string.IsNullOrEmpty(userSign))
throw new ArgumentNullException("userSign", "用户账号不能为空!");
else if (string.IsNullOrEmpty(password))
throw new ArgumentNullException("password", "用户密码不能为空!");
else if (string.IsNullOrEmpty(clientIP))
throw new ArgumentNullException("clientIP", "客户端IP地址不能为空!");
IUser userInfo = this.authenticationProvider.UserAuthorizationVerification(userSign, password, out err);
if (userInfo != null)
{
bool result = this.authorizedToVerify.UserAuthorizationVerification(userInfo.CurrentUserID, systemID, clientIP, out err);
if (result)
{
DateTime issueDate = DateTime.Now;
DateTime expiration = issueDate.AddMinutes(this.config.TicketExpiredInterval);
ticket = new SSOAuthTicket(GUIDEx.New, userInfo, issueDate, expiration);
result = this.ssoTicketDbProvider.CreateTicket(ticket, clientIP);
if (!result)
{
ticket = null;
throw new Exception("创建票据存储发生错误!");
}
}
}
}
catch (Exception e)
{
err = e.Message;
}
return ticket;
}
public SSOCallResult TicketVerification(string ticket)
{
try
{
SSOCallResult callResult = null;
if (this.VerifyCredential(this))
{
if (string.IsNullOrEmpty(ticket))
throw new ArgumentNullException("ticket", "票据为空!");
SSOAuthTicket authTicket = new SSOAuthTicket(ticket);
if (authTicket == null)
throw new ArgumentException("票据格式不正确!");
if (!authTicket.HasValid)
callResult = new SSOCallResult(-1, "票据无效!");
else
{
string clientIP = this.Context.Request.UserHostAddress;
string err = null;
bool result = this.factory.TicketVerification(ref authTicket, clientIP, out err);
if (result)
callResult = new SSOCallResult(0, authTicket.ToString(), "验证票据成功。");
else
callResult = new SSOCallResult(-1, err);
}
}
return callResult;
}
catch (Exception e)
{
this.log.CreateErrorLog(e.Message);
return new SSOCallResult(-1, e.Message);
}
}
/// <summary>
/// 销毁票据。
/// </summary>
/// <param name="ticket">票据。</param>
/// <param name="clientIP">客户端IP地址。</param>
/// <returns></returns>
public bool DestroyTicket(ref SSOAuthTicket ticket, string clientIP)
{
if (string.IsNullOrEmpty(clientIP))
throw new ArgumentNullException("clientIP", "客户端IP地址不能为空!");
return this.ssoTicketDbProvider.DestroyTicket(ref ticket, clientIP);
}
