/// <summary> /// 重写验证 /// </summary> /// <param name="httpContext"></param> /// <returns>是否验证成功</returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { PrincipalUser principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); if (principalUser != null) { HttpContext.Current.User = principalUser; return(true); } return(false); }
/// <summary> /// 日志记录 /// </summary> /// <param name="folderName">文件夹名字</param> /// <param name="message">内容</param> /// <param name="fileName">文件名(不带后缀)</param> /// <param name="path">保存文件地址</param> public static void WriteLog(string folderName, string message, string fileName, string path) { try { PrincipalUser principalUser = new PrincipalUser() { Name = "匿名用户", UserId = Guid.Empty }; var current = HttpContext.Current; if (current != null) { principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); } if (principalUser == null) { principalUser = new PrincipalUser() { Name = "匿名用户", UserId = Guid.Empty }; } var strPath = string.IsNullOrEmpty(path) ? LogPath : path; strPath = strPath + folderName + "\\" + DateTime.Now.ToString("yyyy-MM-dd"); lock (Lock) { var strFilename = strPath + "\\" + fileName + ".txt"; if (!Directory.Exists(strPath)) { Directory.CreateDirectory(strPath); } var layout = new PatternLayout("%m%n"); var appender = new FileAppender(layout, strFilename, true); BasicConfigurator.Configure(appender); var log = log4net.LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); log.Info( "</br>----------------------------------------------</br>\r\n" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + " " + principalUser.Name + "(" + principalUser.UserId + ")" + "</br>\r\n" + message); log4net.LogManager.Shutdown(); } } catch { throw new Exception("日志记录失败"); } }
public async Task <JsonResult> Submit(UserLoginInput input) { var operateStatus = new OperateStatus(); try { //获取生成验证码的结果值 var verifyCode = VerifyCodeUtil.GetVerifyCode(); //判断录入验证码和生成的验证码值是否相等 if (input.Verify != verifyCode) { operateStatus.ResultSign = ResultSign.Error; operateStatus.Message = "验证码错误"; return(Json(operateStatus)); } //验证数据库信息 var info = await _userInfoLogic.CheckUserByCodeAndPwd(input); if (info.Data != null) { var principalUser = new PrincipalUser { UserId = info.Data.UserId, Code = info.Data.Code, Name = info.Data.Name, OrganizationId = info.Data.OrganizationId, OrganizationName = info.Data.OrganizationName }; principalUser.LoginId = Guid.NewGuid(); //写入Cookie信息 FormAuthenticationExtension.SetAuthCookie(principalUser.UserId.ToString(), principalUser, input.Remberme); //是否具有返回路径 if (Url.IsLocalUrl(input.ReturnUrl) && input.ReturnUrl.Length > 1 && input.ReturnUrl.StartsWith("/") && !input.ReturnUrl.StartsWith("//") && !input.ReturnUrl.StartsWith("/\\")) { info.ResultSign = ResultSign.Successful; info.Message = input.ReturnUrl; } //写入日志 WriteLoginLog(principalUser.LoginId); } return(Json(info)); } catch (Exception ex) { operateStatus.Message = ex.Message; return(Json(operateStatus)); } }
/// <summary> /// 构造函数 /// </summary> /// <param name="exception">错误信息</param> public ExceptionLogHandler(Exception exception) : base("ExceptionLogToDatabase") { PrincipalUser principalUser = new PrincipalUser { Name = "匿名用户", UserId = Guid.Empty }; var current = HttpContext.Current; if (current != null) { principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); } if (principalUser == null) { principalUser = new PrincipalUser() { Name = "匿名用户", UserId = Guid.Empty }; } log = new ExceptionLog { CreateTime = DateTime.Now, Message = exception.Message, StackTrace = exception.StackTrace, ExceptionType = exception.GetType().FullName, CreateUserCode = principalUser.Code, CreateUserName = principalUser.Name, ServerHost = String.Format("{0}【{1}】", IpBrowserUtil.GetServerHost(), IpBrowserUtil.GetServerHostIp()), ClientHost = String.Format("{0}", IpBrowserUtil.GetClientIp()), Runtime = "Web" }; //获取服务器信息 var request = HttpContext.Current.Request; log.RequestUrl = string.Format("{0} ", request.Url); log.HttpMethod = request.HttpMethod; log.UserAgent = request.UserAgent; var inputStream = request.InputStream; var streamReader = new StreamReader(inputStream); var requestData = HttpUtility.UrlDecode(streamReader.ReadToEnd()); log.RequestData = requestData; log.InnerException = exception.InnerException != null?GetExceptionFullMessage(exception.InnerException) : ""; }
/// <summary> /// 重写Controller,此处可写入登录日志 /// </summary> /// <param name="requestContext">上下文对象</param> protected override void Initialize(RequestContext requestContext) { base.Initialize(requestContext); //从Cookie里面获取用户信息 CurrentUser = FormAuthenticationExtension.Current(SystemWeb.HttpContext.Current.Request); if (CurrentUser != null) { _operationLogHandler = new OperationLogHandler(Request) { log = { CreateUserCode = CurrentUser.Code, CreateUserName = CurrentUser.Name } }; } }
public async Task <RedirectResult> Logout() { //获取当前用户信息 var currentUser = FormAuthenticationExtension.Current(SystemWeb.HttpContext.Current.Request); if (currentUser != null) { var loginLog = await _loginLogLogic.GetByIdAsync(currentUser.LoginId); if (loginLog != null) { loginLog.LoginOutTime = DateTime.Now; var timeSpan = (TimeSpan)(loginLog.LoginOutTime - loginLog.LoginTime); loginLog.StandingTime = timeSpan.TotalHours; await _loginLogLogic.UpdateAsync(loginLog); } } FormAuthenticationExtension.SignOut(); return(Redirect("/Account/Login")); }
/// <summary> /// 构造函数 /// </summary> /// <param name="loginLogId">登录Id</param> public LoginLogHandler(Guid loginLogId) : base("LoginLogToDatabase") { PrincipalUser principalUser = new PrincipalUser { Name = "匿名用户", UserId = Guid.Empty }; var current = HttpContext.Current; if (current != null) { principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); } if (principalUser == null) { principalUser = new PrincipalUser() { Name = "匿名用户", UserId = Guid.Empty }; } var request = HttpContext.Current.Request; log = new LoginLog { LoginLogId = loginLogId, CreateUserId = principalUser.UserId, CreateUserCode = principalUser.Code ?? "", CreateUserName = principalUser.Name, ServerHost = String.Format("{0}【{1}】", IpBrowserUtil.GetServerHost(), IpBrowserUtil.GetServerHostIp()), ClientHost = String.Format("{0}", IpBrowserUtil.GetClientIp()), UserAgent = request.Browser.Browser + "【" + request.Browser.Version + "】", OsVersion = IpBrowserUtil.GetOsVersion(), LoginTime = DateTime.Now, IpAddressName = IpBrowserUtil.GetAddressByApi() }; //根据提供的api接口获取登录物理地址:http://whois.pconline.com.cn/ }
/// <summary> /// 构造函数 /// </summary> public SqlLogHandler(string operateSql, DateTime endDateTime, double elapsedTime, string parameter ) : base("SqlLogToDatabase") { PrincipalUser principalUser = new PrincipalUser { Name = "匿名用户", UserId = Guid.Empty }; var current = HttpContext.Current; if (current != null) { principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); } if (principalUser == null) { principalUser = new PrincipalUser() { Name = "匿名用户", UserId = Guid.Empty }; } log = new SqlLog { SqlLogId = CombUtil.NewComb(), CreateTime = DateTime.Now, CreateUserId = principalUser.UserId, CreateUserCode = principalUser.Code, CreateUserName = principalUser.Name, OperateSql = operateSql, ElapsedTime = elapsedTime, EndDateTime = endDateTime, Parameter = parameter }; }
/// <summary> /// 构造函数 /// </summary> public DataLogHandler(byte operateType, string operateTable, string operateData = null, string operateAfterData = null) : base("DataLogToDatabase") { PrincipalUser principalUser = new PrincipalUser { Name = "匿名用户", UserId = Guid.Empty }; var current = HttpContext.Current; if (current != null) { principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); } if (principalUser == null) { principalUser = new PrincipalUser() { Name = "匿名用户", UserId = Guid.Empty }; } log = new DataLog() { OperateType = operateType, OperateTable = operateTable, OperateData = operateData, OperateAfterData = operateAfterData, CreateTime = DateTime.Now, CreateUserId = principalUser.UserId, CreateUserCode = principalUser.Code, CreateUserName = principalUser.Name, DataLogId = CombUtil.NewComb() }; }
/// <summary> /// 执行方法前进入该重置方法 /// 1、一个帐号只能在一个地方登录 /// 2、权限验证 /// </summary> /// <param name="filterContext"></param> public override void OnActionExecuting(ActionExecutingContext filterContext) { //获取当前登录人员信息 PrincipalUser currentUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); #region 是否具有忽略验证特性 //是否具有忽略特性:若有忽略特性则不进行其他的验证 if (filterContext.ActionDescriptor.IsDefined(typeof(IgnoreAttribute), false)) { return; } #endregion #region 一个帐号只能在一个浏览器登录 if (GlobalParams.Get("loginOnce").ToString() == "是") { //如果当前登录人员信息不为空 if (currentUser != null) { //检查对应登录状态缓存是否为空 if (HttpRuntime.Cache[currentUser.Code] != null) { if (filterContext.HttpContext.Session != null && HttpRuntime.Cache[currentUser.Code].ToString() != filterContext.HttpContext.Session.SessionID) { //清空Session filterContext.HttpContext.Session.Remove(currentUser.Code); //清空Cookie FormAuthenticationExtension.SignOut(); //跳转强制下线界面 ErrorRedirect(filterContext, "/Error/HaveLogin"); } } //否则重新赋值Cache else { if (filterContext.HttpContext.Session != null) { filterContext.HttpContext.Session[currentUser.Code] = currentUser.UserId; HttpRuntime.Cache[currentUser.Code] = filterContext.HttpContext.Session.SessionID; } } } } #endregion #region 用户是否登录 PrincipalUser principalUser = FormAuthenticationExtension.Current(HttpContext.Current.Request); if (principalUser == null) { ErrorRedirect(filterContext, "/Error/ReturnToLogin"); return; } #endregion #region 是否具有HttpPost/HttpGet请求验证 var isAjaxRequest = filterContext.HttpContext.Request.IsAjaxRequest(); #endregion #region 验证该方法是否需要进行权限验证 //todo:1、获取用户信息。2、从缓存中获取该用户权限,若没有数据则从数据库中重新拉取(有可能缓存失效),再将权限数据填充到缓存中。 //配置的当前系统代码 string appCode = ConfigurationManager.AppSettings["AppCode"]; //区域 string area = string.Empty; //控制器 string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; //方法 string action = filterContext.ActionDescriptor.ActionName; var routeData = filterContext.RequestContext.RouteData; if (routeData.DataTokens["area"] != null) { area = routeData.DataTokens["area"].ToString(); } //调用Api接口查看是否具有该权限 string apiUrl = ConfigurationManager.AppSettings["SolutionApiUrl"]; //是否为Ajax请求,若是Ajax请求则不进行界面验证(此处只验证视图) if (!isAjaxRequest) { if (currentUser != null) { //string request = RequestUtil.SendPostRequest(apiUrl + "api/System/Permission/GetSystemPermissionsMvcRote", //"UserId=" + currentUser.UserId + "&AppCode=" + appCode + "&Area=" + area + "&Controller=" + controller + "&Action=" + action); //OperateStatus operateStatus = request.Deserialize<OperateStatus>(); //if (operateStatus.ResultSign == ResultSign.Error) //{ // //ErrorRedirect(filterContext, "/Error/Warn"); //} } } #endregion }