public static void Logout() { NTPCLibrary.OpenID openId = new NTPCLibrary.OpenID(); openId.Logout(); Util.CleanCookie(Util.OPENID_THIS_WEBSITE_COOKIE); Util.CleanCookie(Util.OPENID_SELECT_USER_COOKIE); Util.CleanCookie(Util.OPENID_ROLE_COOKIE); }
public static void Login() { NTPCLibrary.OpenID openId = new NTPCLibrary.OpenID(); if (!openId.IsAuthenticated) { openId.Login(); } else { Util.SetCookie(Util.OPENID_THIS_WEBSITE_COOKIE, "true"); } }
public static void MultiLogin() { NTPCLibrary.OpenID openId = new NTPCLibrary.OpenID(); if (!openId.IsAuthenticated) { openId.Login(); } else { if (Util.GetCookie(Util.OPENID_SELECT_USER_COOKIE) == string.Empty) { Util.SetCookie(Util.OPENID_THIS_WEBSITE_COOKIE, "true"); //多學校、多角色權限判斷 LoginMultiView(openId.User); } } }
public static void ExtensionLogin(string[] roleUser) { NTPCLibrary.OpenID openId = new NTPCLibrary.OpenID(); if (!openId.IsAuthenticated) { openId.Login(); } else { if (Util.GetCookie(Util.OPENID_ROLE_COOKIE) == string.Empty) { Util.SetCookie(Util.OPENID_THIS_WEBSITE_COOKIE, "true"); //擴充權限判斷 LoginExtensionView(openId.User, roleUser); } } }
/// <summary> /// OpenID基本授權判斷:OpenID登入者是否符合[Authorize]指定Users、Roles或Schools授權 /// <para>優點:無耦合,限定的Users、Roles、Schools,只要[任一]符合即可登入</para> /// <para>缺點:要判斷使用者用[選取]哪一個角色登入,則無法判斷</para> /// </summary> /// <param name="page">目前的Page,加入this即可</param> public static bool IsAuthorized(object page) { OpenID openId = new OpenID(); bool isAuth = true; string Users = string.Empty; string Roles = string.Empty; string Schools = string.Empty; //取得Users、Roles、Schools AuthorizeAttribute auth = null; var attrs = page.GetType().GetCustomAttributes(typeof(AuthorizeAttribute), true); foreach (var attribute in attrs) { if (attribute is AuthorizeAttribute) { auth = attribute as AuthorizeAttribute; Users = TrimAll(auth.Users); Roles = TrimAll(auth.Roles); Schools = TrimAll(auth.Schools); } } //●1.基本OpenID驗證:只傳[Authorize] if (auth != null && Users == string.Empty && Roles == string.Empty) { if (!openId.IsAuthenticated) { return false; } } //●2.Users驗證:傳[Authorize(Users:"使用者帳號")] if (Users != string.Empty) { if (openId.IsAuthenticated) { string[] usersArray = Users.Split(','); if (usersArray.Contains(openId.User.Identity)) { return true; } else { isAuth = false; } } else { isAuth = false; } } //●3.Roles驗證:傳[Authorize(Roles:"角色名稱")] if (Roles != string.Empty) { if (openId.IsAuthenticated) { string[] rolesArray = Roles.Split(','); if (openId.User.Departments.Where(s => rolesArray.Intersect(s.Groups).Count() > 0).Count() > 0) { return true; } else { isAuth = false; } } else { isAuth = false; } } //●4.Schools驗證:傳[Authorize(Schools:"學校代碼")] if (Schools != string.Empty) { if (openId.IsAuthenticated) { string[] schoolsArray = Schools.Split(','); if (openId.User.Departments.Where(s => schoolsArray.Contains(s.ID)).Count() > 0) { return true; } else { isAuth = false; } } else { isAuth = false; } } //●5.若以上沒有任何一個權限被滿足,就是無訪問權限 if (!isAuth) { return false; } else { return true; } }
/// <summary> /// OpenID擴充授權判斷:OpenID登入後,可額外擴充OpenID所沒有的角色。擴充角色是從資料庫RoleUser資料表讀取 /// <para></para> /// <para>優點:可擴充OpenID沒有的Role角色權限。(額外擴充的Role角色要從COOKIE讀取)</para> /// <para>缺點:需耦合資料庫、Util.cs、LoginMultiViewExtension.aspx</para> /// </summary> /// <param name="page">目前的Page,加入this即可</param> public static bool IsExtensionAuthorized(object page) { OpenID openId = new OpenID(); bool isAuth = true; string Roles = string.Empty; //取得Roles AuthorizeExtensionAttribute auth = null; var attrs = page.GetType().GetCustomAttributes(typeof(AuthorizeExtensionAttribute), true); foreach (var attribute in attrs) { if (attribute is AuthorizeExtensionAttribute) { auth = attribute as AuthorizeExtensionAttribute; Roles = TrimAll(auth.Roles); } } //Roles驗證:傳[AuthorizeExtension(Roles:"角色名稱")] if (Roles != string.Empty) { if (openId.IsAuthenticated) { string[] rolesArray = Roles.Split(','); //1)自訂擴充角色(資料庫RoleUser) int role_id = Util.GetCookie(Util.OPENID_ROLE_COOKIE) != string.Empty ? Convert.ToInt16(Util.GetCookie(Util.OPENID_ROLE_COOKIE)) : 0; if (role_id != 0) { if (rolesArray.Contains(Util.角色名稱((Util.角色權限)role_id))) { return true; } else { isAuth = false; } } else { isAuth = false; } } else { isAuth = false; } } else { return true; } //若以上沒有任何一個權限被滿足,就是無訪問權限 if (!isAuth) { return false; } else { return true; } }