/// <summary>
/// 验证授权
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
public Task Invoke(HttpContext httpContext)
{
var headers = httpContext.Request.Headers;
//验证是否包含Ahthorization请求头,如果不包含返回context进行下一个中间件
if (!headers.ContainsKey("Authorization"))
{
return(_next(httpContext));
}
var tokenStr = headers["Authorization"];
try {
string jwtStr = tokenStr.ToString().Substring("Bearer".Length).Trim();
//验证缓存中是否存在改jwt字符串
if (!RayPIMemoryCache.Exists(jwtStr))
{
return(httpContext.Response.WriteAsync("非法请求"));
}
TokenModel tm = (TokenModel)RayPIMemoryCache.Get(jwtStr);
//提取tokenModel中的Sub属性进行authorization认证
List <Claim> lc = new List <Claim>();
Claim c = new Claim(tm.Sub + "Type", tm.Sub);
lc.Add(c);
ClaimsIdentity identity = new ClaimsIdentity(lc);
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
httpContext.User = principal;
return(_next(httpContext));
} catch (Exception) {
return(httpContext.Response.WriteAsync("token验证异常"));
}
}
/// <summary>
/// 每次请求Action之前发生,,在行为方法执行前执行
/// </summary>
/// <param name="context"></param>
public override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
var _RouteValues = context.ActionDescriptor.RouteValues;
var _ControllerName = _RouteValues["controller"];
var _ActionName = _RouteValues["action"];
_logger.LogInformation($"AopWebActionFiter: {_ControllerName}Controller.{_ActionName}");
if (!Ignore)
{
return;
}
var _Controller = context.Controller as BaseController;
//如果没有忽略Session 检查
if (!_Controller.IgnoreSessionCheck)
{
var tokenStr = context.HttpContext.Request.Headers["Authorization"];
string jwtStr = tokenStr.ToString().Substring("Bearer ".Length).Trim();
var accountJson = RayPIMemoryCache.Get(jwtStr).ToString();
Account account = JsonConvert.DeserializeObject <Account>(accountJson);
if (account != null)
{
_Controller.CurrentAccount = account;
_logger.LogInformation($"User_Name={account.User.User_Name},IsSuper={account.IsSuperManage}");
}
else
{
var _LocationUrl = "www.sora.com";
var Alert = $@"<script type='text/javascript'>
alert('登录信息验证失败');
top.window.location='{_LocationUrl}';
</script>";
_logger.LogInformation($"用户信息获取失败,跳转页面:{_LocationUrl}");
context.Result = _Controller.Content(Alert, "text/html;charset=utf-8;");
}
}
}
/// <summary>
/// 验证授权
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
public async Task Invoke(HttpContext httpContext)
{
_logger.LogInformation("TokenAuth Begin");
//如果在验证成功后写 Next,后续中间件throw Exception都会被这个try catch捕获,所以Next不能写在try中
//写在最后又不能达到 验证失败 中断的效果,没有主动中断好难受
bool IsNext = false;
var headers = httpContext.Request.Headers;
//检测是否包含'Authorization'请求头,如果不包含返回context进行下一个中间件,用于访问不需要认证的API
if (!headers.ContainsKey("Authorization"))
{
headers.Add("Authorization", "Bearer 这里添加避免后面获取账号抛出异常");
IsNext = true;
}
else
{
var tokenStr = headers["Authorization"];
try
{
//验证缓存中是否存在该jwt字符串
string jwtStr = tokenStr.ToString().Substring("Bearer ".Length).Trim();
if (!RayPIMemoryCache.Exists(jwtStr))
{
_logger.LogInformation("非法请求");
await httpContext.Response.WriteAsync("非法请求");
}
else
{
_logger.LogInformation("刷新Token时间");
//TokenModel tm = ((TokenModel)RayPIMemoryCache.Get(jwtStr));
//Account account = JsonConvert.DeserializeObject<Account>(RayPIMemoryCache.Get(jwtStr).ToString());
var accountJson = RayPIMemoryCache.Get(jwtStr).ToString();
RayPIMemoryCache.AddMemoryCache(jwtStr, accountJson, new TimeSpan(0, 60, 0), new TimeSpan(12, 00, 0));
//提取tokenModel中的Sub属性进行authorize认证
//List<Claim> lc = new List<Claim>();
//Claim c = new Claim(account.User.User_Name + "Type", account.User.User_Name);
//lc.Add(c);
//ClaimsIdentity identity = new ClaimsIdentity(lc);
//ClaimsPrincipal principal = new ClaimsPrincipal(identity);
//httpContext.User = principal;
IsNext = true;
}
}
catch (Exception e)
{
_logger.LogError($"TokenAuth Exception:{e.Message}");
await httpContext.Response.WriteAsync("token验证异常");
}
}
_logger.LogInformation("TokenAuth End");
if (IsNext)
{
await _next(httpContext);
}
_logger.LogInformation("TokenAuth Back");
}
