public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { //判断是否匿名访问的接口或控制器 if (!context.ActionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(false).Any() && !context.ActionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(false).Any()) { string token = ""; //从url中获取token var qs = context.Request.GetQueryNameValuePairs().ToDictionary(i => i.Key, i => i.Value); if (qs.ContainsKey("token")) { token = qs["token"]; } else { var httpContext = context.Request.GetHttpContext(); token = httpContext.Request["token"]; } if (string.IsNullOrWhiteSpace(token) || Regex.Matches(token, @"\.").Count != 4) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } //解析token荷载部分 JwePayload payload = null; try { payload = JweProvider.Decode(token, JwtCommon.SignKey); } catch (Exception e) { LogProvider.Error.Error(e, "解析jwepayload失败"); } if (payload == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } //判断是否过期 if (payload.IsExpires()) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var user = await InjectionContainer.Resolve <IUserStorage>().GetAsync(payload.uid); if (user == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } //保存user context.Request.Properties.Add(HttpPropertyKeys.AuthorizedUser, user); //保存jwe payload context.Request.Properties.Add(HttpPropertyKeys.JwePayload, payload); } }
public async Task <IHttpActionResult> LoginAsync(User json) { if (json == null) { throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType); } string vcode = ""; if (!CacheProvider.TryGet("vcode." + json.sid, out vcode) || vcode != json.vcode) { throw new BadRequestException(ResultCode.ArgumentException, "验证码错误"); } if (string.IsNullOrEmpty(json.username)) { throw new BadRequestException(ResultCode.ArgumentException, "登录用户名不能为空"); } if (string.IsNullOrEmpty(json.password)) { throw new BadRequestException(ResultCode.ArgumentException, "登录密码不能为空"); } string password = HashAlgorithmProvider.ComputeHash("MD5", json.password, true); var user = await this.m_UserStorage.GetAsync(json.username); if (user == null || user.password != password) { throw new BadRequestException(ResultCode.ArgumentException, "用户名或密码错误"); } if (user.status != 1) { throw new BadRequestException(ResultCode.ArgumentException, "用户已禁用,请联系管理员"); } //remove validate code CacheProvider.Remove("vcode." + json.sid); var data = new { user.username, user.nickname, access_token = JweProvider.Encode(JwtCommon.SignKey, user.id, JwtCommon.ExpireInMinutes), expires = DateTimeUtil.GetTimestamp(DateTime.Now.AddHours(2)) }; return(Json(JsonApiResult.Ok(data))); }