/// <summary>
/// 取得當前使用者資料
/// </summary>
/// <returns></returns>
public static DetailResponse GetCurrentUser()
{
var user = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser;
return(new DetailResponse
{
Ok = user != null,
Code = "1",
Data = user == null
? null
: new
{
UserId = user.IdentityKey,
user.LastName,
user.FirstName,
user.Name,
user.ProfessionId,
user.DepartmentId,
user.HospitalDistrictId,
user.ProfessionName,
user.DepartmentName,
user.HospitalDistrictName
}
});
}
/// <summary>
/// 登出
/// </summary>
/// <returns></returns>
public static GeneralResponse Logout()
{
AuthenticatorProvider.Logout();
return(new GeneralResponse {
Ok = true
});
}
public void Fill(StringDictionary argSdUserDetail)
{
if (argSdUserDetail.Count < 1)
{
return;
}
UserId = IdentityKey = Convert.ToInt32(argSdUserDetail["UserId"]);
Account = argSdUserDetail["Account"];
IsAdministrator = AuthenticatorProvider.IsAdministrator(Account);
FirstName = argSdUserDetail["FirstName"];
LastName = argSdUserDetail["LastName"];
Name = string.Format("{0}{1}", FirstName, LastName);
Password = argSdUserDetail["Password"];
ProfessionId = Convert.ToInt16(argSdUserDetail["ProfessionId"]);
DepartmentId = Convert.ToInt16(argSdUserDetail["DepartmentId"]);
HospitalDistrictId = Convert.ToInt16(argSdUserDetail["HospitalDistrictId"]);
ProfessionName = argSdUserDetail["ProfessionName"];
DepartmentName = argSdUserDetail["DepartmentName"];
HospitalDistrictName = argSdUserDetail["HospitalDistrictName"];
EncryptPassword = argSdUserDetail["EncryptPassword"];
Functions = argSdUserDetail["Functions"];
Operations = argSdUserDetail["Operations"];
EmployeeNo = argSdUserDetail["EmployeeNo"];
Status = Convert.ToInt32(argSdUserDetail["Status"]);
PrimaryRule = Convert.ToInt64(argSdUserDetail["PrimaryRule"]);
RuleGroups = argSdUserDetail["RuleGroups"];
//個人自定義權限
BindOperatePermission(Operations);
//個人自定義擁有的功能清單
BindFunction(Functions);
}
public ActionResult Login()
{
//20131205 登入改用Ajax處理
if (AuthenticatorProvider.Logged())
{
return(RedirectToAction("Index", "Home"));
}
return(View(new InternalDataTransferToView()));
}
public ActionResult Register(UserParameter param)
{
//20131205 註冊改用Ajax處理
if (AuthenticatorProvider.Logged())
{
return(RedirectToAction("Index", "Home"));
}
return(View(new InternalDataTransferToView {
Data = param
}));
}
public ActionResult AjaxChangePassword(string old, string pwd)
{
JsonNetResult result = new JsonNetResult();
var r = new DetailResponse();
try
{
old = Md5.Encrypt(old);
string Password = AzDG.Encrypt(pwd);
string EncryptPassword = Md5.Encrypt(pwd);
Tw.Com.Kooco.Admin.Entitys.User userDetail = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser;
if (string.IsNullOrEmpty(userDetail.EncryptPassword) || !userDetail.EncryptPassword.Equals(old))
{
r.Code = "-1";
r.Data = "舊密碼驗證錯誤";
}
else if (pwd.Length < 8)
{
r.Code = "-1";
r.Data = "新密碼長度必須大於或等於8個字元";
}
else
{
int n = DataAccessProvider.User.ChangePassword(userDetail.Account, Password, EncryptPassword);
if (n == 1)
{
userDetail.Password = Password;
userDetail.EncryptPassword = EncryptPassword;
r.Ok = true;
}
else
{
r.Code = "-2";
r.Data = "修改密碼失敗";
}
}
}
catch (Exception ex)
{
Log.Error(ex.Message, ex);
r.Code = "-11";
}
result.Data = r;
return(result);
}
/// <summary>
/// 將登入者擁有的功能排列成階層樹後放到快取內,若快取已產生則直接使用快取內的功能階層樹
/// </summary>
/// <param name="t"></param>
/// <returns></returns>
public static IEnumerable <Entitys.Function> GenTree(DataTable t)
{
var user = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser;
// =
// CacheProvider.Get<IEnumerable<Entitys.Function>>($"functionTree{user.Account}");
//if (functilonTree != null) return functilonTree;
var functionItems = t.Rows.Cast <DataRow>()
.ToDictionary(
row => row["Code"].ToString(),
row => new Entitys.Function
{
FunctionId = Convert.ToInt32(row["FunctionId"]),
Code = row["Code"].ToString(),
Parent = row["Parent"].ToString(),
Name = row["Name"].ToString(),
Icon = row["Icon"].ToString(),
Parameters = row["Parameters"].ToString(),
Target = row["Target"].ToString(),
Son = new Dictionary <string, Entitys.Function>()
});
var removeItem = new List <string>();
foreach (var item in functionItems)
{
if (!functionItems.ContainsKey(item.Value.Parent) ||
functionItems[item.Value.Parent].Son.ContainsKey(item.Value.Code))
{
continue;
}
functionItems[item.Value.Parent].Son[item.Value.Code] = functionItems[item.Value.Code];
removeItem.Add(item.Value.Code);
}
foreach (var key in removeItem)
{
functionItems.Remove(key);
}
IEnumerable <Function> functilonTree = functionItems.Values.ToList();
//CacheProvider.Insert($"functionTree{user.Account}", functilonTree);
return(functilonTree);
}
public GraphServiceClient GetAuthenticatedClient(AuthenticatorProvider provider = AuthenticatorProvider.ConfidentialApplicationClient, string token = "")
{
GraphServiceClient client = null;
switch (provider)
{
case AuthenticatorProvider.PublicClient:
client = new GraphServiceClient(new DelegateAuthenticationProvider(
async(requestMessage) =>
{
var clientApplication = PublicClientApplicationBuilder
.Create(_clientId)
.WithTenantId(_tenantId)
.Build();
var result = await clientApplication.AcquireTokenByUsernamePassword(_graphScopes
, _username
, _password).ExecuteAsync();
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", result.AccessToken);
}));
break;
case AuthenticatorProvider.ConfidentialApplicationClient:
client = new GraphServiceClient(new DelegateAuthenticationProvider(
async(requestMessage) =>
{
var clientApplication = ConfidentialClientApplicationBuilder.Create(_clientId)
.WithRedirectUri(_redirectUri)
.WithTenantId(_tenantId)
.WithClientSecret(_clientSecret)
.Build();
var result = await clientApplication.AcquireTokenForClient(_defaultScope)
.ExecuteAsync();
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", result.AccessToken);
}));
break;
case AuthenticatorProvider.ConfidentialUserClient:
client = new GraphServiceClient(new DelegateAuthenticationProvider(
async(requestMessage) =>
{
var userAssertion = new UserAssertion(token, "urn:ietf:params:oauth:grant-type:jwt-bearer");
var clientApplication = ConfidentialClientApplicationBuilder.Create(_clientId)
.WithClientSecret(_clientSecret)
.WithTenantId(_tenantId)
.Build();
var result = await clientApplication.AcquireTokenOnBehalfOf(_defaultScope, userAssertion)
.ExecuteAsync();
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", result.AccessToken);
}));
break;
default:
break;
}
return(client);
}
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
return(AuthenticatorProvider.Logged());
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
filterContext.HttpContext.User = AuthenticatorProvider.GetUser();
var aa = typeof(AllowAnonymousAttribute);
var ad = filterContext.ActionDescriptor;
var skipAuthorization = ad.GetCustomAttributes(aa, true).Any() || ad.ControllerDescriptor.IsDefined(aa, true);
AuthAttribute Auth = null;
if (ad.GetCustomAttributes(typeof(AuthAttribute), true).Any())
{
var list = ad.GetCustomAttributes(typeof(AuthAttribute), true);
Auth = (AuthAttribute)list[0];
}
string clientIp = filterContext.HttpContext.Request.UserHostAddress;
if (Auth != null && Auth.AllowIpList != null && Auth.AllowIpList.Contains(clientIp))
{
return;
}
if (!skipAuthorization)
{
base.OnAuthorization(filterContext);
if (AuthenticatorProvider.GetUser() == null)
{
return;
}
User user = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser;
var TokensForArea = filterContext.RouteData.DataTokens["area"];
string area = (TokensForArea == null) ? null : TokensForArea.ToString();
var controller = ad.ControllerDescriptor.ControllerName;
var action = ad.ActionName;
string path = (area == null) ? string.Format("/{0}/{1}", controller, action) : string.Format("/{0}/{1}/{2}", area, controller, action);
//log.DebugFormat("{0} {1} {2}", Section.Get.Web.MasterAdmin, user.Account, Section.Get.Web.MasterAdmin.Contains(user.Account));
if (Section.Get.Web.MasterAdmin.Contains(user.Account) && Section.Get.Web.MasterAdminIp.Contains(clientIp))
{
return;
}
if (!user.AuthPath.Contains(path) && (Auth != null && !Auth.IsDefault))
{
object obj;
if (Auth != null)
{
obj = new { area = "", controller = "User", action = "AccessDenied", rt = (int)Auth.Type };
}
else
{
obj = new { area = "", controller = "User", action = "AccessDenied", rt = (int)ResponseType.HTML };
}
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(obj));
return;
}
}
}
