/// <summary>
///
/// </summary>
/// <param name="username">用户名</param>
/// <param name="outTime">过期时间</param>
public MaUserTicket(string username, int outTime)
{
m_username = username;
m_timeout = outTime;
m_expiration = DateTime.Now.AddMinutes((double)outTime);
m_ip = MaWebUtility.GetIP();
}
/// <summary>
/// 获取模板保存路径
/// </summary>
/// <param name="name"></param>
/// <returns></returns>
public virtual string GetTemplateSavePath(string name)
{
string _templatePath = name;
if (!m_templateList.TryGetValue(name, out _templatePath))
{
_templatePath = name;
}
//网络路径
if (_templatePath.IndexOf("\\\\") == 0)
{
if (System.IO.File.Exists(_templatePath))
{
return(_templatePath);
}
}
//路径加载
if (_templatePath.IndexOf(":") < 0)
{
//获得皮肤路径
string _skinPath = MaWebUtility.GetMapPath(TemplatePath + _templatePath, true);
//获得站点路径
string _sitePath = MaWebUtility.GetMapPath(_templatePath, true);
_templatePath = _sitePath;
if (System.IO.File.Exists(_skinPath))
{//优先皮肤路径
_templatePath = _skinPath;
}
}
return(_templatePath);
}
/// <summary>
///
/// </summary>
/// <param name="username">用户名</param>
/// <param name="outTime">过期时间</param>
/// <param name="slidingExpiration">是否启用可调过期时间</param>
/// <param name="createPersistentCookie">是否创建持久cookie</param>
public MaUserTicket(string username, int outTime, bool slidingExpiration, bool createPersistentCookie)
{
m_username = username;
m_timeout = outTime;
m_expiration = DateTime.Now.AddMinutes((double)outTime);
m_slidingExpiration = slidingExpiration;
m_createPersistentCookie = createPersistentCookie;
m_ip = MaWebUtility.GetIP();
}
private void OnAuthenticate(HttpContext context)
{
if (context.User == null)
{//用户是否认证
MaUserTicket _ticket = MaSecurityHelper.GetTicketFormCookie();
if (_ticket != null)
{
if (!_ticket.Expired)
{
#region 票证有效进行延期
if (!string.IsNullOrEmpty(_ticket.Username))
{
bool _isDefer = false;
if (MaSecurityConfig.Instance.ValidateIP)
{ //需要验证IP
if (_ticket.Ip != MaWebUtility.GetIP())
{ //ip验证不通过,退出登录
MaSecurityHelper.SignOut();
return;
}
else
{
_isDefer = true;
}
}
//设置用户
Type type = System.Web.Compilation.BuildManager.GetType(MaSecurityConfig.Instance.MaPrincipalType, false, false);
context.User = Activator.CreateInstance(type, new object[] { _ticket.Username }) as MaPrincipal;
//更新过期时间
if (_isDefer && _ticket.SlidingExpiration)
{
//更新cookie
HttpContext.Current.Response.Cookies.Add(MaSecurityHelper.GetAuthCookie(_ticket));
}
}
#endregion
}
else
{
//登录超时
}
}
}
else
{
//已有用户信息
}
}
void DeletePage()
{
if (System.IO.File.Exists(MaUrl.Current.SavePath))
{
if (MaWebUtility.IPAuthentication())
{
//删除页面,安全Ip
System.IO.File.Delete(MaUrl.Current.SavePath);
HttpContext.Current.Response.Write("删除成功!" + m_requestViewInfo);
HttpContext.Current.Response.End();
}
else
{
HttpContext.Current.Response.StatusCode = 505;
HttpContext.Current.Response.End();
}
}
HttpContext.Current.Response.Write("没有此文件!");
HttpContext.Current.Response.End();
}
void UpdatePage()
{
if (MaWebUtility.IPAuthentication())
{
if (System.IO.File.Exists(MaUrl.Current.SavePath))
{
//删除页面,安全Ip
System.IO.File.Delete(MaUrl.Current.SavePath);
}
HttpResponse.RemoveOutputCacheItem(MaUrl.Current.AbsolutePath + "l");
HttpContext.Current.Response.Charset = "UTF-8";
HttpContext.Current.Response.ContentType = "text/html;charset=utf-8";
HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.UTF8;
HttpContext.Current.Response.Write("页面更新成功!" + m_requestViewInfo);
HttpContext.Current.Response.End();
}
else
{
HttpContext.Current.Response.StatusCode = 505;
HttpContext.Current.Response.End();
}
}
void NullPage()
{
if (System.IO.File.Exists(MaUrl.Current.SavePath))
{
if (MaWebUtility.IPAuthentication())
{
//清空页面,安全Ip
System.IO.File.Delete(MaUrl.Current.SavePath);
System.IO.File.WriteAllText(MaUrl.Current.SavePath, "");
HttpContext.Current.Response.Write("清空页面成功!" + m_requestViewInfo);
HttpContext.Current.Response.End();
}
else
{
HttpContext.Current.Response.StatusCode = 505;
HttpContext.Current.Response.End();
}
}
else
{
HttpContext.Current.Response.Write("没有原始文件!" + m_requestViewInfo);
HttpContext.Current.Response.End();
}
}
void context_PostAuthorizeRequest(object sender, EventArgs e)
{
//在当前请求的用户已获授权时发生。
if (MaUrl.Current.RequestType == MaRequestType.HTM)
{
#region 访问静态文件
if (MaUrl.Current.RequestFilePathExtension == ".htm")
{
if (!System.IO.File.Exists(MaUrl.Current.SavePath))
{
//静态文件不存在,重写URL
HttpContext.Current.RewritePath(MaUrl.Current.AbsolutePath + "l", true);
}
}
#endregion
if (MaUrl.Current.RequestView != MaRequestView.Put)
{
//进行安全认证
if (!MaWebUtility.IPAuthentication())
{
HttpContext.Current.Response.Redirect("/index.html?command_error=true");
HttpContext.Current.Response.End();
}
else
{
switch (MaUrl.Current.RequestView)
{
case MaRequestView.Put:
{
//HtmxFilter中实现
}
break;
case MaRequestView.Edit:
break;
case MaRequestView.Update:
UpdatePage();
break;
case MaRequestView.Delete:
DeletePage();
break;
case MaRequestView.Save:
{
//HtmxFilter中实现
}
break;
case MaRequestView.Null:
NullPage();
break;
case MaRequestView.Cache:
CachePage();
break;
default:
break;
}
}
}
}
}
void application_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;
MaUrl _url = MaUrl.Current;
if (_url.AbsolutePath == "/")
{
return;
}
//获得认证用户信息
OnAuthenticate(context);
if ((context.User == null) && (MaSecurityConfig.Instance.LoginUrl != _url.AbsolutePath))
{
//开放域名跳过
foreach (var item in MaSecurityConfig.Instance.OpenDoamin)
{
if (_url.Domain.Domain == item)
{
goto URLCHECK;
}
}
//开放跳过
foreach (var item in MaSecurityConfig.Instance.OpenPath)
{
if (_url.AbsolutePath.IndexOf(item) == 0)
{
goto URLCHECK;
}
}
//授权目录,跳转登陆页面
foreach (var item in MaSecurityConfig.Instance.AuthorizationPath)
{
if (_url.AbsolutePath.IndexOf(item) == 0)
{
#region 授权页面,未经授权的处理方式
switch (MaSecurityConfig.Instance.StopType)
{
case StopBrowseType.Redirect:
{
string _loginPage = MaSecurityConfig.Instance.LoginUrl + "?ReturnUrl=" + MaWebUtility.UrlEncode(_url.ToString());
context.Response.Redirect(_loginPage, true);
}
break;
case StopBrowseType.Stop:
{
context.Response.Clear();
context.Response.End();
}
break;
case StopBrowseType.Exception:
{
throw new Exception("未经授权,禁止访问:" + MaSecurityConfig.Instance.StopInfo);
}
case StopBrowseType.Info:
{
context.Response.Clear();
context.Response.Write(MaSecurityConfig.Instance.StopInfo);
context.Response.End();
}
break;
default:
{
string _loginPage = MaSecurityConfig.Instance.LoginUrl + "?ReturnUrl=" + MaWebUtility.UrlEncode(_url.ToString());
context.Response.Redirect(_loginPage, true);
}
break;
}
#endregion
}
}
}
URLCHECK:
//进行URL检测
MaPrincipal _principal = context.User as MaPrincipal;
if (_principal != null)
{
if (!_principal.IsBrowseUrl(_url))
{
throw new Exception("你没有浏览该页面的权限,请与管理员联系");
}
}
}