public IActionResult AuthMappingToDo(AuthMappingRequestModel requestModel)
{
#region 检查 app key
//#TODO,需要根据来源域名、AppKey一起验证
var siteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.AppKey == requestModel.AppKey);
if (siteConfig == null)
{
return(Redirect(requestModel.TargetUrl));
}
#endregion
var userId = loginHelper.GetUserId(HttpContext);
var authMappingUrl = $"{siteConfig.AuthMapping}?SiteToken={siteConfig.SiteToken}&SsoUserId={userId}&TargetUrl={System.Net.WebUtility.UrlEncode(requestModel.TargetUrl)}";
return(Redirect(authMappingUrl));
}
/// <summary>
/// 授权接入 SSO
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public IActionResult AuthMapping(AuthMappingRequestModel data)
{
#region 验证SiteToken
if (ssoConfigs.SiteToken != data.SiteToken)
{
return(View(data));
}
#endregion
#region 向 Server 做回调验证,谨防伪造
var callBackRequest = new AuthMappingCallBackRequestModel()
{
AppKey = ssoConfigs.AppKey,
SsoUserId = data.SsoUserId
};
var postData = JsonConvert.SerializeObject(callBackRequest);
var resrponseStr = httpPostHelper.Send(ssoConfigs.AuthMappingCallBack, postData);
var reswponseObject = JsonConvert.DeserializeObject <AuthMappingCallBackResponseModel>(resrponseStr);
if (reswponseObject == null || !reswponseObject.Success)
{
//TODO
//若未登录,则跳转到登录页
//若已登录,则跳转到授权接入页
return(Redirect(data.TargetUrl));
}
#endregion
#region 新增UserMapping记录
int userId = loginHelper.GetUserId(HttpContext);
if (userId > 0)
{
UserMapping userMapping = new UserMapping()
{
UserId = userId,
SsoUserId = data.SsoUserId
};
siteContext.UserMapping.Add(userMapping);
siteContext.SaveChanges();
return(RedirectToAction("RedirectToSite", new { TargetUrl = data.TargetUrl }));
}
else
{
return(View(data));
}
#endregion
}
public IActionResult AuthMapping(AuthMappingRequestModel requestModel)
{
return(View(requestModel ?? new AuthMappingRequestModel()));
}
