protected override bool IsAuthorized(HttpActionContext actionContext) { var claims = ClaimsPrincipal.Current.Claims; if (!claims.Any()) { return(false); } Claim claim = claims.Where(o => o.Type == ClaimTypes.System).FirstOrDefault(); if (claim == null) { return(false); } //[TokenAuthorize(Users = "Admin")] if (!string.IsNullOrEmpty(Users)) { //TODO } //[TokenAuthorize(Roles = "Edit")] if (string.IsNullOrEmpty(Roles)) { //TODO } if (EnumHelper.ToEnum <SiteType>(claim.Value) == SiteType.Admin) { AdminNavigationHelper helper = new AdminNavigationHelper(); if (!helper.IsValidAjaxRequest(actionContext.Request.RequestUri.AbsolutePath)) { _IsNoPermissionToAccess = true; return(false); } } return(base.IsAuthorized(actionContext)); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { if (!httpContext.Request.RequestContext.RouteData.DataTokens.Keys.Contains("area")) { return(true); } _Area = httpContext.Request.RequestContext.RouteData.DataTokens["area"].ToString(); SessionHelper session = TypeHelper.GetInstance <SessionHelper>(_Area); if (session == null) { return(true); } _LoginUri = session.LoginUri; if (session.IsNullSession()) { return(false); } if (httpContext.Request.IsAjaxRequest()) { if (_Area == SiteType.Admin.ToString()) { AdminNavigationHelper helper = new AdminNavigationHelper(); if (!helper.IsValidAjaxRequest(httpContext.Request.Url.AbsolutePath)) { _IsNoPermissionToAccess = true; return(false); } } } return(true); }
public async Task <ActionResult> Login(string returnURL, LoginModel loginModel) { loginModel.Password = EncryptHelper.Encrypt(loginModel.Password); AdminUser user = await _helper.GetAsync(loginModel); if (user == null) { return(Faild("您输入的用户名或密码错误。")); } TokenModel model = ApiHelper.Instance.GetToken(loginModel); if (model == null) { return(Faild("获取Token失败,请稍候重试。")); } CookieHelper.SetTokenCookie(model); _helper.SetSession(user); AdminNavigationHelper navigatoinHelper = new AdminNavigationHelper(); string strResult = navigatoinHelper.GetFirstPageUrl(SiteType.Admin, user.GroupId); if (!string.IsNullOrEmpty(returnURL) && returnURL != "null") { returnURL = HttpUtility.UrlDecode(returnURL); if (HttpHelper.IsLocalUrl(returnURL)) { strResult = returnURL; } } return(Success(strResult)); }