Esempio n. 1
0
 protected override System.Threading.Tasks.Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
 {
     try
     {
         IEnumerable <string> AppIDs;
         if (!request.Headers.TryGetValues("appid", out AppIDs))
         {
             return(base.SendAsync(request, cancellationToken));
         }
         IEnumerable <string> Secrets;
         if (!request.Headers.TryGetValues("secret", out Secrets))
         {
             return(base.SendAsync(request, cancellationToken));
         }
         IEnumerable <string> Timestamps;
         if (!request.Headers.TryGetValues("timestamp", out Timestamps))//20150528093456
         {
             return(base.SendAsync(request, cancellationToken));
         }
         if (AppIDs == null || Secrets == null || Timestamps == null || string.IsNullOrWhiteSpace(AppIDs.FirstOrDefault()) || string.IsNullOrWhiteSpace(Secrets.FirstOrDefault()) || string.IsNullOrWhiteSpace(Timestamps.FirstOrDefault()))
         {
             return(base.SendAsync(request, cancellationToken));
         }
         DateTime dt;
         if (!DateTime.TryParseExact(Timestamps.FirstOrDefault(), "yyyyMMddHHmmss", null, System.Globalization.DateTimeStyles.None, out dt))
         {
             return(base.SendAsync(request, cancellationToken));
         }
         var ExpiredTime = 6600;                                                        //ConfigurationManager.AppSettings["ExpiredTime"].ToString();//权限过期时间
         if (Math.Abs((DateTime.Now - dt).TotalMinutes) > Convert.ToInt32(ExpiredTime)) //前后时间相差不能超过15分钟
         {
             return(base.SendAsync(request, cancellationToken));
         }
         string appid = AppIDs.FirstOrDefault();
         string sec   = FindSecret(appid);//获取明文secret
         if (string.IsNullOrWhiteSpace(sec))
         {
             return(base.SendAsync(request, cancellationToken));
         }
         string secret = string.Format("{0}{1}{2}", appid, sec, Timestamps.FirstOrDefault());
         secret = GetSwcMD5(secret);//md5加密(大写)
         if (secret != Secrets.FirstOrDefault())
         {
             return(base.SendAsync(request, cancellationToken));
         }
         if (!string.IsNullOrWhiteSpace(appid))//set user
         {
             IPrincipal principalIns = new GenericPrincipal(new GenericIdentity(appid), null);
             SetPrincipal(principalIns);
         }
         Boolean flag = HttpContext.Current.User.Identity.IsAuthenticated;
         return(base.SendAsync(request, cancellationToken));
     }
     catch
     {
         return(base.SendAsync(request, cancellationToken));
     }
 }
Esempio n. 2
0
        ///// <summary>
        ///// 是否不过滤
        ///// </summary>
        ///// <param name="dic"></param>
        ///// <returns></returns>
        //private bool IsUnAuthentication(IDictionary<string, object> dic)
        //{
        //    object controller;
        //    if (!dic.TryGetValue("controller", out controller))
        //        return false;
        //    object action;
        //    if (!dic.TryGetValue("action", out action))
        //        return false;
        //    IList<string> unActions;
        //    if (!_auth.UnFilter.TryGetValue(controller.ToString(), out unActions))
        //        return false;
        //    if (unActions == null || unActions.Count <= 0)
        //        return false;
        //    return unActions.Contains(action.ToString());
        //}
        ///// <summary>
        ///// 无权查看信息
        ///// </summary>
        ///// <returns></returns>
        //public static System.Threading.Tasks.Task<HttpResponseMessage> ReturnError()
        //{
        //    var response = new HttpResponseMessage(HttpStatusCode.OK)
        //    {
        //        Content = new StringContent("资格不够,拒绝应答!")
        //    };
        //    var tsc = new TaskCompletionSource<HttpResponseMessage>();
        //    tsc.SetResult(response);
        //    return tsc.Task;
        //}



        protected override System.Threading.Tasks.Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
        {
            //var routeData = request.GetRouteData().Values;
            //if (IsUnAuthentication(routeData))//如果不用过滤
            //    return base.SendAsync(request, cancellationToken);
            try
            {
                IEnumerable <string> AppIDs;
                if (!request.Headers.TryGetValues("appid", out AppIDs))
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                IEnumerable <string> Secrets;
                if (!request.Headers.TryGetValues("secret", out Secrets))
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                IEnumerable <string> Timestamps;
                if (!request.Headers.TryGetValues("timestamp", out Timestamps))//20150528093456
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                if (AppIDs == null || Secrets == null || Timestamps == null || string.IsNullOrWhiteSpace(AppIDs.FirstOrDefault()) || string.IsNullOrWhiteSpace(Secrets.FirstOrDefault()) || string.IsNullOrWhiteSpace(Timestamps.FirstOrDefault()))
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                DateTime dt;
                if (!DateTime.TryParseExact(Timestamps.FirstOrDefault(), "yyyyMMddHHmmss", null, System.Globalization.DateTimeStyles.None, out dt))
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                var ExpiredTime = System.Configuration.ConfigurationSettings.AppSettings["ExpiredTime"].ToString(); //权限过期时间
                if (Math.Abs((DateTime.Now.ToUniversalTime() - dt).TotalMinutes) > Convert.ToInt32(ExpiredTime))    //前后时间相差不能超过15分钟
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                string appid = AppIDs.FirstOrDefault();
                string sec   = FindSecret(appid);//获取明文secret
                if (string.IsNullOrWhiteSpace(sec))
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                string secret = string.Format("{0}{1}{2}", appid, sec, Timestamps.FirstOrDefault());
                secret = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(secret, "MD5");//md5加密(大写)
                if (secret != Secrets.FirstOrDefault())
                {
                    return(base.SendAsync(request, cancellationToken));
                }

                //var appid = "123";

                if (!string.IsNullOrWhiteSpace(appid))//set user
                {
                    Thread.CurrentPrincipal = HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(appid), null);
                }
                return(base.SendAsync(request, cancellationToken));
            }
            catch (Exception ex)
            {
                Logs.Error(ex);
                return(base.SendAsync(request, cancellationToken));
            }
        }