Esempio n. 1
0
 public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
 {
     //不管是否设置检查权限,都必须是已认证身份,否则返回401
     if (context.HttpContext.User.IsNull() || context.HttpContext.User.Claims.IsNullOrEmpty())
     {
         context.Result = _401or403(context.HttpContext, 401);
     }
     if (!context.HttpContext.User.IsCissyAuthenticated())
     {
         context.Result = _401or403(context.HttpContext, 401);
     }
     if (this.CissyAuthority.IsNotNull() && this.CissyAuthority.Power != 0)
     {
         AuthorityContext ac = context.HttpContext.GetAuthorityContext();
         if (ac.IsNotNull())
         {
             var AskScopeAuthority = ac.AskScopeAuthority;
             if (AskScopeAuthority.IsNotNullAndEmpty())
             {
                 if (AskScopeAuthority.TryGetValue(this.CissyAuthority.PermitId, out int k))
                 {
                     if (k.Contains(this.CissyAuthority.Power))
                     {
                         ac.OK = true;
                     }
                 }
             }
         }
         else
         {
             context.Result = _401or403(context.HttpContext, 401);
         }
     }
     await Task.CompletedTask;
 }
Esempio n. 2
0
        public static AuthorityContext GetAuthorityContext(this HttpContext httpContext)
        {
            AuthorityContext context = default;

            if (httpContext.Items.TryGetValue(AuthorityContext.AuthorityContextKey, out object ac))
            {
                context = ac as AuthorityContext;
            }
            return(context);
        }
Esempio n. 3
0
        public async Task InvokeAsync(HttpContext context)
        {
            string token = string.Empty;

            if (Option.AuthenticationType == AuthenticationTypes.Cookie)
            {
                token = context.Request.Cookies[AuthenticationHelper.BuildCookieName(Option.Scheme)];
            }
            else if (Option.AuthenticationType == AuthenticationTypes.Token)
            {
                string tokenAuthentication = context.Request.Headers["Authorization"];
                if (tokenAuthentication != null && tokenAuthentication.Contains(Option.Scheme))
                {
                    token = tokenAuthentication.Trim().Split(" ")[1];
                }
            }
            if (token.IsNotNullAndEmpty())
            {
                DefaultJwtPrincipalBuilder builder = new DefaultJwtPrincipalBuilder(this.AppConfig.AuthSecret);
                var claimsPrincipal = builder.GetPrincipal(Option.Scheme, token);
                if (claimsPrincipal.IsNotNull())
                {
                    context.User = claimsPrincipal;
                    AuthorityContext ac = new AuthorityContext();
                    ac.User = claimsPrincipal;
                    var cl = claimsPrincipal.Claims.FirstOrDefault(m => m.Type == CissyClaimTypes.Permits);
                    if (cl.IsNotNull())//开始构建权限上下文
                    {
                        //step1,收集当前身份具有的权限集
                        string[] vs = cl.Value.Split(AuthoritySeparators.Top, StringSplitOptions.RemoveEmptyEntries);
                        foreach (string v in vs)
                        {
                            string[] ms = v.Split(AuthoritySeparators.FirstLevel);
                            if (!ac.AuthorityScopes.TryGetValue(ms[0], out Dictionary <int, int> dic))
                            {
                                dic = new Dictionary <int, int>();
                                ac.AuthorityScopes[ms[0]] = dic;
                            }
                            dic[int.Parse(ms[1])] = int.Parse(ms[2]);
                        }
                        //step2,搜索权限请求范围
                        var scope = _getAuthorityScope(context);
                        scope       = scope.IsNullOrEmpty() ? AuthoritySeparators.DefaultScope : scope.Trim();
                        ac.AskScope = scope;
                    }
                    context.Items[AuthorityContext.AuthorityContextKey] = ac;
                }
            }
            await _next.Invoke(context);
        }