Esempio n. 1
0
        public static void RequireAuthorization()
        {
            if (HttpContext.Current == null)
            {
                return;
            }

            var request = HttpContext.Current.Request;
            var uri     = request.Url;

            if (!IsAuthenticated)
            {
                AutoSignOn(
                    () =>
                {
                    var sessionCookie = HttpContext.Current.Request.Cookies["sid"];
                    return(sessionCookie == null ? null : sessionCookie.Value);
                },
                    () =>
                {
                    TransferSignOnInfo tso = null;

                    var fromUri = request.UrlReferrer;
                    if (fromUri != null && fromUri.BaseUrl() != uri.BaseUrl())
                    {
                        tso = new TransferSignOnInfo()
                        {
                            ClientId      = AuthHelper.CurrentClient.ClientId,
                            DeviceId      = request.UserHostAddress,
                            DeviceInfo    = request.UserAgent,
                            SessionId     = HttpContext.Current.Session.SessionID,
                            FromClientId  = request.QueryString["fcid"],
                            FromSessionId = request.QueryString["sid"]
                        };
                    }
                    return(tso);
                });
            }

            if (IsAuthenticated)
            {
                // 用户已经登录,判断权限
                if (AuthHelper.CurrentSession.CanAccess(AuthHelper.CurrentClient.ClientId, uri.LocalPath, PermissionType.Operation))
                {
                    return;
                }
            }

            HttpContext.Current.Response.Redirect("~/Account/SignOn?redirect=" + HttpUtility.UrlEncode(request.RawUrl));
        }
Esempio n. 2
0
        public IServerResponse TransferSignOn(TransferSignOnInfo transferSignOnInfo)
        {
            Assert.IsNotNull(transferSignOnInfo);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.ClientId);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.SessionId);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.FromClientId);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.FromSessionId);

            IServerResponse <Session> response = serverProvider.TransferSignOn(transferSignOnInfo);

            if (response.Status == ResponseStatus.Success && response.Data != null)
            {
                SaveSession(response.Data);
            }
            return(response);
        }
Esempio n. 3
0
        public IServerResponse TransferSignOn(TransferSignOnInfo transferSignOnInfo)
        {
            Assert.IsNotNull(transferSignOnInfo);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.ClientId);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.SessionId);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.FromClientId);
            Assert.IsStringNotNullOrEmpty(transferSignOnInfo.FromSessionId);

            IServerResponse <Session> response = null;

            var chanel = CreateChannel();

            chanel.Call(p =>
            {
                response = p.TransferSignOn(transferSignOnInfo);
                if (response.Status == ResponseStatus.Success && response.Data != null)
                {
                    SaveSession(response.Data);
                }
            });

            return(response);
        }
Esempio n. 4
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
                actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
            {
                return;
            }

            var uri = actionContext.Request.RequestUri;

            if (!AuthHelper.IsAuthenticated)
            {
                AuthHelper.AutoSignOn(
                    () =>
                {
                    string authInfo = null;
                    if (actionContext.Request.Headers.Authorization != null)
                    {
                        authInfo = actionContext.Request.Headers.Authorization.Parameter;
                    }

                    if (string.IsNullOrEmpty(authInfo))
                    {
                        var sessionCookie = actionContext.Request.Headers.GetCookies().FirstOrDefault().Cookies.FirstOrDefault(o => o.Name == "sid");
                        if (sessionCookie != null)
                        {
                            authInfo = sessionCookie.Value.Replace(" ", "+");
                        }
                    }
                    return(authInfo);
                },
                    () =>
                {
                    TransferSignOnInfo tso = null;
                    var fromUri            = actionContext.Request.Headers.Referrer;
                    if (fromUri != null && fromUri.BaseUrl() != uri.BaseUrl())
                    {
                        var cookies     = actionContext.Request.Headers.GetCookies();
                        var queryString = actionContext.Request.GetQueryNameValuePairs();
                        var fc          = queryString.FirstOrDefault(o => o.Key == "fcid");
                        var sid         = queryString.FirstOrDefault(o => o.Key == "sid");
                        tso             = new TransferSignOnInfo()
                        {
                            ClientId      = AuthHelper.CurrentClient.ClientId,
                            DeviceId      = actionContext.Request.Headers.Host,
                            DeviceInfo    = actionContext.Request.Headers.UserAgent.First().Product.Name,
                            SessionId     = Thread.CurrentThread.ManagedThreadId.ToString(),
                            FromClientId  = fc.Value,
                            FromSessionId = sid.Value
                        };
                    }
                    return(tso);
                });
            }

            if (AuthHelper.IsAuthenticated)
            {
                // 用户已经登录,判断权限
                if (AuthHelper.CurrentSession.CanAccess(AuthHelper.CurrentClient.ClientId, uri.AbsoluteUri, PermissionType.Operation))
                {
                    return;
                }
                actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "");
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Redirect);
                actionContext.Response.Headers.Location = new Uri("/Account/SignOn", UriKind.Relative);
            }
        }
Esempio n. 5
0
        public IServerResponse <Session> TransferSignOn(TransferSignOnInfo transferSignOnInfo)
        {
            ServerResponse <Session> response = new ServerResponse <Session>();
            var fromSession = repoServerSession.Query(o => o.CientId == transferSignOnInfo.FromClientId && o.SessionId == transferSignOnInfo.FromSessionId).FirstOrDefault();

            if (fromSession == null)
            {
                response.Status  = ResponseStatus.Failed;
                response.Message = DAF.SSO.Resources.Locale(o => o.UserSessionNotFound);
            }
            else
            {
                if (fromSession.AccessTokenExpiryTime <= DateTime.Now)
                {
                    response.Status  = ResponseStatus.Failed;
                    response.Message = DAF.SSO.Resources.Locale(o => o.UserSessionExpired);
                }
                else
                {
                    try
                    {
                        trans.BeginTransaction();
                        var serverSession = repoServerSession.Query(o => o.SessionId == transferSignOnInfo.SessionId && o.CientId == transferSignOnInfo.ClientId && o.DeviceId == transferSignOnInfo.DeviceId).FirstOrDefault();
                        if (serverSession == null)
                        {
                            serverSession = new ServerSession()
                            {
                                CientId               = transferSignOnInfo.ClientId,
                                SessionId             = transferSignOnInfo.SessionId,
                                FromCientId           = transferSignOnInfo.FromClientId,
                                DeviceId              = transferSignOnInfo.DeviceId,
                                DeviceInfo            = transferSignOnInfo.DeviceInfo,
                                UserId                = fromSession.UserId,
                                AccessToken           = randomGenerator.Generate(config.TokenAllowedChars, config.TokenLength),
                                LastAccessTime        = DateTime.Now,
                                AccessTokenExpiryTime = DateTime.Now.AddMinutes(config.SessionExpiredTimeOutMunites)
                            };
                            repoServerSession.Insert(serverSession);
                        }
                        else
                        {
                            if (serverSession.AccessTokenExpiryTime < DateTime.Now)
                            {
                                serverSession.AccessToken = randomGenerator.Generate(config.TokenAllowedChars, config.TokenLength);
                            }
                            serverSession.LastAccessTime        = DateTime.Now;
                            serverSession.AccessTokenExpiryTime = DateTime.Now.AddMinutes(config.SessionExpiredTimeOutMunites);

                            repoServerSession.Update(serverSession);
                        }
                        trans.Commit();
                        var client = GetClient(transferSignOnInfo.ClientId);
                        var obj    = repoUser.Query(o => o.UserId == serverSession.UserId).FirstOrDefault();
                        response.Data = GetClientSession(client, obj, serverSession);
                    }
                    catch (Exception ex)
                    {
                        trans.Rollback();
                        response.Status  = ResponseStatus.Failed;
                        response.Message = ex.Message;
                    }
                }
            }

            return(response);
        }
Esempio n. 6
0
 public IServerResponse <Session> TransferSignOn(TransferSignOnInfo transferSignOnInfo)
 {
     return(serverProvider.TransferSignOn(transferSignOnInfo));
 }