/// <summary>
/// 跳转到第三方地网站
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public IActionResult RedirectToSite(RedirectToSiteRequestModel data)
{
#region 验证跳转地址
Uri TargetUrl = new Uri(data.TargetUrl);
var tagerHost = TargetUrl.Authority.ToUpper();
//#TODO 后续需要将 SiteConfig 缓存起来,不要每次查询
var tagerSiteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.Host == tagerHost);
if (tagerSiteConfig == null)
{
//#TODO 将错误码以及错误信息通过URL传递给 client
return(Redirect(data.TargetUrl));
}
#endregion
#region 验证UserToken
var user = siteContext.User.FirstOrDefault(x => x.Id == loginHelper.GetUserId(HttpContext));
if (user == null)
{
//#TODO 将错误码以及错误信息通过URL传递给 client
return(Redirect(data.TargetUrl));
}
//if(user.Active && user.UserToken.HasValue && user.UserToken.ToString()==data.UserToken && user.ExpiredTime>DateTime.Now)
if (user.Active && user.UserToken.HasValue && user.ExpiredTime > DateTime.Now)
{
//重定向到 target client 写入 session
var url = $"{tagerSiteConfig.WriteSession}?SsoUserId={user.Id}&UserToken={user.UserToken}&SiteToken={tagerSiteConfig.SiteToken}&TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}";
return(Redirect(url));
}
#endregion
return(Redirect(data.TargetUrl));
}
/// <summary>
/// 请求登录第三方系统
/// </summary>
/// <returns></returns>
public IActionResult RedirectToSite(RedirectToSiteRequestModel data)
{
/*
* 1.检查用户是否登录
* 2.检查是否存在SSO中的UserToken
* 若不存在,则请求 sso Authentication/AuthRedirectToSite 获取UserToken
* 3.判断UserToken
* 若不存在,则返回认证失败
* 若存在,则重定向到 sso Authentication/RedirectToSite
* */
//1.检查用户是否登录
if (!loginHelper.IsLogin(HttpContext))
{
return(Redirect(ssoConfigs.AuthFail));
}
var userIdClaim = HttpContext.User.Claims.FirstOrDefault(x => x.Type == SessionConstants.UserIdScheme);
var userTokenClaim = HttpContext.User.Claims.FirstOrDefault(x => x.Type == SessionConstants.UserTokenScheme);
var userId = userIdClaim == null ? "" : userIdClaim.Value;
var userToken = userTokenClaim == null ? "" : userTokenClaim.Value;
var mapping = siteContext.UserMapping.FirstOrDefault(x => x.UserId == int.Parse(userId));
var ssoUserId = mapping == null ? 0 : mapping.SsoUserId;
//检查 userId
if (string.IsNullOrWhiteSpace(userId))
{
return(Redirect(ssoConfigs.AuthFail));
}
//2.检查 UserToken
if (string.IsNullOrWhiteSpace(userToken))
{
var siteToken = ssoConfigs.SiteToken;
var requestModel = new AuthRedirectToSiteRequesModel()
{
UserId = int.Parse(userId),
SsoUserId = ssoUserId,
TargetUrl = data.TargetUrl,
FailUrl = ssoConfigs.AuthFail
};
var responseStr = httpPostHelper.Send(ssoConfigs.AuthRedirectToSite, JsonConvert.SerializeObject(requestModel));
var responseObject = JsonConvert.DeserializeObject <AuthRedirectToSiteResponseModel>(responseStr);
if (responseObject == null || !responseObject.Success || string.IsNullOrWhiteSpace(responseObject.UserToken))
{
return(Redirect(ssoConfigs.AuthFail));
}
userToken = responseObject.UserToken;
}
string url = $"{ssoConfigs.RedirectToSite}?AppKey={ssoConfigs.AppKey}&UserToken={userToken}&UserId={userId}&SsoUserId={ssoUserId}&TargetUrl={data.TargetUrl}&FailUrl={ssoConfigs.AuthFail}";
return(Redirect(url));
}
/// <summary>
///
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public IActionResult RedirectToSite(RedirectToSiteRequestModel data)
{
/*
* 1.验证 AppKey
* 2.验证用户 token
* 3.重定向到被接入系统的 AuthSession 写入登录用户信息
* 注意:步骤1、2验证失败的,则表示认证失败
**/
#region 验证 AppKey
//#TODO 后续需要将 SiteConfig 缓存起来,不要每次查询
var siteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.AppKey == data.AppKey);
if (siteConfig == null)
{
//#TODO 将错误码以及错误信息通过URL传递给 client
return(Redirect(data.FailUrl));
}
#endregion
#region 验证跳转地址
Uri TargetUrl = new Uri(data.TargetUrl);
var tagerHost = TargetUrl.Authority.ToUpper();
//#TODO 后续需要将 SiteConfig 缓存起来,不要每次查询
var tagerSiteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.Host == tagerHost);
if (tagerSiteConfig == null)
{
//#TODO 将错误码以及错误信息通过URL传递给 client
return(Redirect(data.FailUrl));
}
#endregion
#region 验证 UserToken
UserMapping userMapping = data.SsoUserId > 0 ? siteContext.UserMapping.FirstOrDefault(x => x.SsoUserId == data.SsoUserId && (x.SourceSiteConfigId == siteConfig.Id || x.SourceSiteConfigId == tagerSiteConfig.Id))
: siteContext.UserMapping.FirstOrDefault(x => x.UserId == data.UserId && x.SourceSiteConfigId == siteConfig.Id);
if (userMapping == null || userMapping.Token.ToString() != data.UserToken)
{
//#TODO 将错误码以及错误信息通过URL传递给 client
return(Redirect(data.FailUrl));
}
#endregion
int userId = userMapping.SourceSiteConfigId == tagerSiteConfig.Id ? userMapping.UserId : 0;
int otherUserId = userMapping.SourceSiteConfigId == tagerSiteConfig.Id ? 0 : userMapping.UserId;
//重定向到被接入 client 写入 session
var url = $"{tagerSiteConfig.AuthSession}?SiteToken={tagerSiteConfig.SiteToken}&UserId={userId}&OtherUserId={otherUserId}&SsoUserId={userMapping.SsoUserId}&UserToken={userMapping.Token}&TargetUrl={data.TargetUrl}&FailUrl={data.FailUrl}";
return(Redirect(url));
}
public IActionResult RedirectToSite(RedirectToSiteRequestModel data)
{
#region 未登录,直接跳转到 sso ,由Sso跳转到登录页,登录后转向到 return url
if (!loginHelper.IsLogin(HttpContext))
{
return(Redirect($"{ssoConfigs.RedirectToSite}?TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}"));
}
#endregion
int userId = loginHelper.GetUserId(HttpContext);
string userToken = loginHelper.GetUserToken(HttpContext);
#region 检查是否已关联到 SSO 系统,没关联到,则连接到 SSO 做关联认证
var mapping = siteContext.UserMapping.FirstOrDefault(x => x.UserId == userId);
if (mapping == null)
{
var authMappingUrl = $"{ssoConfigs.AuthMapping}?AppKey={ssoConfigs.AppKey}&UserId={userId}&TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}";
return(Redirect(authMappingUrl));
}
#endregion
string url = $"{ssoConfigs.RedirectToSite}?TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}";
return(Redirect(url));
}
