public IHttpActionResult Token([FromBody] LoginModel loginModel) { if (!ModelState.IsValid || loginModel == null) { return(BadRequest(ModelState)); } // =========================================================== // 验证用户登录信息 // =========================================================== var currentUser = _accountService.Get(loginModel.UserName, loginModel.Password); if (currentUser == null) { return(BadRequest("用户验证失败,请检查您的密码是否正确")); } // =========================================================== // 验证通过 // =========================================================== var expires = DateTime.Now.AddSeconds(60 * 60 * 24); var profile = _userProfileProvider.Get(currentUser.Id); return(Ok(new TokenModel { AccessToken = SecurityUtils.CreateToken(profile, expires), UserId = currentUser.Id, UserName = loginModel.UserName, Expires = expires })); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { /**====================================================================== * 检查是否支持 * ========================================================================*/ if (IsPass(request)) { return(base.SendAsync(request, cancellationToken)); } /**====================================================================== * AccessToken处理 * ========================================================================*/ if (!request.Headers.Contains(HeadConfig.Token)) { return(CreateErrorResponse(request, string.Format("HttpHeader {0}不存在", HeadConfig.Token))); } string accessToken = request.Headers.GetValues(HeadConfig.Token).FirstOrDefault(); if (string.IsNullOrWhiteSpace(accessToken)) { return(CreateErrorResponse(request, string.Format("HttpHeader {0} 的值为空", HeadConfig.Token))); } AccessTokenIdentity <int> token = SecurityUtils.GetAccessToken <int>(accessToken); if (token == null) { return(CreateErrorResponse(request, "Token验证失败")); } if (token.Expires.CompareTo(DateTime.Now) < 0) { return(CreateErrorResponse(request, "Token已经过期")); } // 兼容老的用户系统设置用户Id request.Properties.Add(AccessTokenConst.UseridPropertiesName, token.UserId); // ToFix BaseRepostiory Bug HttpContext.Current.Items[AccessTokenConst.UseridPropertiesName] = token.UserId; // 获取用户信息 var userProfile = _userProfileProvider.Get(token.UserId); //保存UserProfile request.Properties.Add(AccessTokenConst.UserProfilePropertiesName, userProfile); SetUserPrincipal(userProfile, token.Expires); return(base.SendAsync(request, cancellationToken)); }