/// <summary> /// 跳过授权验证 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> private bool SkipValidateAuthorize(HttpActionContext actionContext) { string ip = Utils.GetClientIp(); return(actionContext.ActionDescriptor.GetCustomAttributes <IgnoreAuthorizeAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <IgnoreAuthorizeAttribute>().Any() || WhiteListHelper.IsWhiteIp(ip)); }
/// <summary> /// 验证内部接口访问权限 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> private bool ValidateInnerService(HttpActionContext actionContext) { string ip = Utils.GetClientIp(); if (actionContext.ActionDescriptor.GetCustomAttributes <InnerServiceAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <InnerServiceAttribute>().Any()) { return(WhiteListHelper.IsWhiteIp(ip)); } return(false); }
public Task Invoke(HttpContext httpContext) { if (!WhiteListHelper.IsPass(httpContext)) { HttpRequest request = httpContext.Request; //UserInfoHelper userhelp = new UserInfoHelper(); if (request.Headers.TryGetValue("X-Token", out var apiKeyHeaderValues)) { string[] StrArr = apiKeyHeaderValues.ToString().Split('.'); string Second = Base64UrlEncoder.Decode(StrArr[1]); JObject JSecond = JObject.Parse(Second); var str = JSecond.Value <string>("sub"); string userdomain = JObject.Parse(str).Value <string>("usercode"); //if (userhelp.GetUserInfo(userdomain, out string json)) //{ // if (!httpContext.Session.TryGetValue(userdomain, out byte[] data)) // { // httpContext.Session.SetString(userdomain, json); // } // // var content = httpContext.Session.GetString(apiKeyHeaderValues.ToString()); //} //else //{ // httpContext.Response.ContentType = "application/json"; // httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized; // var a = new // { // success = false, // msg = "此用户不存在!", // cause = "此用户不存在" // }; // httpContext.Response.WriteAsync(JsonConvert.SerializeObject(a)); // return Task.FromResult(0); //} } else { httpContext.Response.ContentType = "application/json"; httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized; var a = new { success = false, msg = "此请求未包含JWT令牌,禁止访问!!", cause = "此请求未包含JWT令牌,禁止访问!" }; httpContext.Response.WriteAsync(JsonConvert.SerializeObject(a)); return(Task.FromResult(0)); } } return(_next(httpContext)); }