/// <summary> /// 跳转到第三方地网站 /// </summary> /// <param name="data"></param> /// <returns></returns> public IActionResult RedirectToSite(RedirectToSiteRequestModel data) { #region 验证跳转地址 Uri TargetUrl = new Uri(data.TargetUrl); var tagerHost = TargetUrl.Authority.ToUpper(); //#TODO 后续需要将 SiteConfig 缓存起来,不要每次查询 var tagerSiteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.Host == tagerHost); if (tagerSiteConfig == null) { //#TODO 将错误码以及错误信息通过URL传递给 client return(Redirect(data.TargetUrl)); } #endregion #region 验证UserToken var user = siteContext.User.FirstOrDefault(x => x.Id == loginHelper.GetUserId(HttpContext)); if (user == null) { //#TODO 将错误码以及错误信息通过URL传递给 client return(Redirect(data.TargetUrl)); } //if(user.Active && user.UserToken.HasValue && user.UserToken.ToString()==data.UserToken && user.ExpiredTime>DateTime.Now) if (user.Active && user.UserToken.HasValue && user.ExpiredTime > DateTime.Now) { //重定向到 target client 写入 session var url = $"{tagerSiteConfig.WriteSession}?SsoUserId={user.Id}&UserToken={user.UserToken}&SiteToken={tagerSiteConfig.SiteToken}&TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}"; return(Redirect(url)); } #endregion return(Redirect(data.TargetUrl)); }
/// <summary> /// 请求登录第三方系统 /// </summary> /// <returns></returns> public IActionResult RedirectToSite(RedirectToSiteRequestModel data) { /* * 1.检查用户是否登录 * 2.检查是否存在SSO中的UserToken * 若不存在,则请求 sso Authentication/AuthRedirectToSite 获取UserToken * 3.判断UserToken * 若不存在,则返回认证失败 * 若存在,则重定向到 sso Authentication/RedirectToSite * */ //1.检查用户是否登录 if (!loginHelper.IsLogin(HttpContext)) { return(Redirect(ssoConfigs.AuthFail)); } var userIdClaim = HttpContext.User.Claims.FirstOrDefault(x => x.Type == SessionConstants.UserIdScheme); var userTokenClaim = HttpContext.User.Claims.FirstOrDefault(x => x.Type == SessionConstants.UserTokenScheme); var userId = userIdClaim == null ? "" : userIdClaim.Value; var userToken = userTokenClaim == null ? "" : userTokenClaim.Value; var mapping = siteContext.UserMapping.FirstOrDefault(x => x.UserId == int.Parse(userId)); var ssoUserId = mapping == null ? 0 : mapping.SsoUserId; //检查 userId if (string.IsNullOrWhiteSpace(userId)) { return(Redirect(ssoConfigs.AuthFail)); } //2.检查 UserToken if (string.IsNullOrWhiteSpace(userToken)) { var siteToken = ssoConfigs.SiteToken; var requestModel = new AuthRedirectToSiteRequesModel() { UserId = int.Parse(userId), SsoUserId = ssoUserId, TargetUrl = data.TargetUrl, FailUrl = ssoConfigs.AuthFail }; var responseStr = httpPostHelper.Send(ssoConfigs.AuthRedirectToSite, JsonConvert.SerializeObject(requestModel)); var responseObject = JsonConvert.DeserializeObject <AuthRedirectToSiteResponseModel>(responseStr); if (responseObject == null || !responseObject.Success || string.IsNullOrWhiteSpace(responseObject.UserToken)) { return(Redirect(ssoConfigs.AuthFail)); } userToken = responseObject.UserToken; } string url = $"{ssoConfigs.RedirectToSite}?AppKey={ssoConfigs.AppKey}&UserToken={userToken}&UserId={userId}&SsoUserId={ssoUserId}&TargetUrl={data.TargetUrl}&FailUrl={ssoConfigs.AuthFail}"; return(Redirect(url)); }
/// <summary> /// /// </summary> /// <param name="data"></param> /// <returns></returns> public IActionResult RedirectToSite(RedirectToSiteRequestModel data) { /* * 1.验证 AppKey * 2.验证用户 token * 3.重定向到被接入系统的 AuthSession 写入登录用户信息 * 注意:步骤1、2验证失败的,则表示认证失败 **/ #region 验证 AppKey //#TODO 后续需要将 SiteConfig 缓存起来,不要每次查询 var siteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.AppKey == data.AppKey); if (siteConfig == null) { //#TODO 将错误码以及错误信息通过URL传递给 client return(Redirect(data.FailUrl)); } #endregion #region 验证跳转地址 Uri TargetUrl = new Uri(data.TargetUrl); var tagerHost = TargetUrl.Authority.ToUpper(); //#TODO 后续需要将 SiteConfig 缓存起来,不要每次查询 var tagerSiteConfig = siteContext.SiteConfig.FirstOrDefault(x => x.Host == tagerHost); if (tagerSiteConfig == null) { //#TODO 将错误码以及错误信息通过URL传递给 client return(Redirect(data.FailUrl)); } #endregion #region 验证 UserToken UserMapping userMapping = data.SsoUserId > 0 ? siteContext.UserMapping.FirstOrDefault(x => x.SsoUserId == data.SsoUserId && (x.SourceSiteConfigId == siteConfig.Id || x.SourceSiteConfigId == tagerSiteConfig.Id)) : siteContext.UserMapping.FirstOrDefault(x => x.UserId == data.UserId && x.SourceSiteConfigId == siteConfig.Id); if (userMapping == null || userMapping.Token.ToString() != data.UserToken) { //#TODO 将错误码以及错误信息通过URL传递给 client return(Redirect(data.FailUrl)); } #endregion int userId = userMapping.SourceSiteConfigId == tagerSiteConfig.Id ? userMapping.UserId : 0; int otherUserId = userMapping.SourceSiteConfigId == tagerSiteConfig.Id ? 0 : userMapping.UserId; //重定向到被接入 client 写入 session var url = $"{tagerSiteConfig.AuthSession}?SiteToken={tagerSiteConfig.SiteToken}&UserId={userId}&OtherUserId={otherUserId}&SsoUserId={userMapping.SsoUserId}&UserToken={userMapping.Token}&TargetUrl={data.TargetUrl}&FailUrl={data.FailUrl}"; return(Redirect(url)); }
public IActionResult RedirectToSite(RedirectToSiteRequestModel data) { #region 未登录,直接跳转到 sso ,由Sso跳转到登录页,登录后转向到 return url if (!loginHelper.IsLogin(HttpContext)) { return(Redirect($"{ssoConfigs.RedirectToSite}?TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}")); } #endregion int userId = loginHelper.GetUserId(HttpContext); string userToken = loginHelper.GetUserToken(HttpContext); #region 检查是否已关联到 SSO 系统,没关联到,则连接到 SSO 做关联认证 var mapping = siteContext.UserMapping.FirstOrDefault(x => x.UserId == userId); if (mapping == null) { var authMappingUrl = $"{ssoConfigs.AuthMapping}?AppKey={ssoConfigs.AppKey}&UserId={userId}&TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}"; return(Redirect(authMappingUrl)); } #endregion string url = $"{ssoConfigs.RedirectToSite}?TargetUrl={System.Net.WebUtility.UrlEncode(data.TargetUrl)}"; return(Redirect(url)); }