/*public async Task<string> GetLogoutUrl(SystemLoginEndpoint endpoint, string strToken)
* {
* //验证JWT是否正确
* var jwtResult = _securityService.ValidateJWT(endpoint.SecretKey, strToken);
* if (!jwtResult.ValidateResult.Result)
* {
* var fragment = new TextFragment()
* {
* Code = TextCodes.SystemLoginEndpointTokenValidateError,
* DefaultFormatting = "名称为{0}的系统登录终结点验证令牌字符串{1}失败,失败原因{2}",
* ReplaceParameters = new List<object>() { endpoint.Name, strToken, jwtResult.ValidateResult.Description }
* };
*
* //验证未通过,抛出异常
* throw new UtilityException((int)Errors.SystemLoginEndpointTokenValidateError,fragment);
* }
*
* //从JWT字符串中获取令牌相关信息
* Dictionary<string, string> jwtInfo = jwtResult.Playload;
* //查找验证终结点名称
* if (!jwtInfo.TryGetValue("AuthorizationName", out string strAuthorizationName))
* {
* var fragment = new TextFragment()
* {
* Code = TextCodes.NotFoundInfoInSystemLoginEndpointTokenByName,
* DefaultFormatting = "名称为{0}的系统登录终结点验证令牌字符串{1}中,找不到名称为{2}的信息",
* ReplaceParameters = new List<object>() { endpoint.Name, strToken, "AuthorizationName" }
* };
*
* throw new UtilityException((int)Errors.NotFoundInfoInSystemLoginEndpointTokenByName, fragment);
* }
* //查找用户信息键值对
* if (!jwtInfo.TryGetValue("UserInfoAttributes", out string strUserInfoAttributes))
* {
* var fragment = new TextFragment()
* {
* Code = TextCodes.NotFoundInfoInSystemLoginEndpointTokenByName,
* DefaultFormatting = "名称为{0}的系统登录终结点验证令牌字符串{1}中,找不到名称为{2}的信息",
* ReplaceParameters = new List<object>() { endpoint.Name, strToken, "UserInfoAttributes" }
* };
*
* throw new UtilityException((int)Errors.NotFoundInfoInSystemLoginEndpointTokenByName, fragment);
* }
*
*
* //查询出该登录终结点关联的验证终结点中相同名称的验证终结点
* //调用验证终结点的获取登出url方法
* var authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, strAuthorizationName);
* if (authorizationEndpoint == null)
* {
* var fragment = new TextFragment()
* {
* Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointByName,
* DefaultFormatting = "名称为{0}的系统登录终结点中,找不到名称为{1}的关联认证终结点",
* ReplaceParameters = new List<object>() { endpoint.Name, strAuthorizationName }
* };
*
* throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, fragment);
* }
*
* var userInfoAttributes=JsonSerializerHelper.Deserialize<Dictionary<string, string>>(strUserInfoAttributes);
* if (userInfoAttributes==null)
* {
* userInfoAttributes = new Dictionary<string, string>();
* }
*
* return await authorizationEndpoint.GetLogoutUrl(userInfoAttributes);
* }
*/
public async Task <string> GetCommonToken(SystemLoginEndpoint endpoint, string authorizationName, string userName, string password)
{
//找到关联的验证终结点
var authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, authorizationName);
if (authorizationEndpoint == null)
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointByName,
DefaultFormatting = "名称为{0}的系统登录终结点中,找不到名称为{1}的关联认证终结点",
ReplaceParameters = new List <object>()
{
endpoint.Name, authorizationName
}
};
throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, fragment);
}
var authResult = await authorizationEndpoint.GetSystemTokenByPassword(endpoint, userName, password);
var commonToken = new CommonToken()
{
SystemName = endpoint.Name,
AuthorizationName = authorizationName,
UserInfoAttributes = authResult.Attributes
};
//生成通用令牌的JWT字符串
var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>()
{
{ "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) }
}, endpoint.ExpireSecond);
return(strCommonToken);
}
public async Task <string> GetCommonToken(SystemLoginEndpoint endpoint, HttpRequest request)
{
//从request的query中获取authname
if (!request.Query.TryGetValue("authname", out StringValues strAuthName))
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundAuthNameQuerystringInAuthRedirectUrl,
DefaultFormatting = "名称为{0}的系统登录终结点的第三方认证系统回调请求处理中,回调请求的Url中不包含authname参数,回调请求的Url为{1}",
ReplaceParameters = new List <object>()
{
endpoint.Name, request.Path.Value
}
};
throw new UtilityException((int)Errors.NotFoundAuthNameQuerystringInAuthRedirectUrl, fragment);
}
//根据authname获取登录终结点下面关联的验证终结点
AuthorizationEndpoint authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, strAuthName[0]);
if (authorizationEndpoint == null)
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback,
DefaultFormatting = "名称为{0}的系统登录终结点中,找不到可以处理从第三方认证系统回调请求的关联认证终结点,请求url为{1}",
ReplaceParameters = new List <object>()
{
endpoint.Name, request.Path.Value
}
};
throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback, fragment);
}
//调用验证终结点的方法,获取实际的重定向地址
string redirectUrl = await authorizationEndpoint.GetRealRedirectUrl(request);
//验证客户端重定向地址
await validateClientRedirectUrl(endpoint, redirectUrl);
//调用验证终结点的方法,获取第三方登陆系统处理后产生的键值对
var authResult = await authorizationEndpoint.GetSystemAttributes(endpoint, request);
//生成最终要重定向回接入方的Url
var commonToken = new CommonToken()
{
SystemName = endpoint.Name,
AuthorizationName = authorizationEndpoint.Name,
UserInfoAttributes = authResult.Attributes
};
//生成通用令牌的JWT字符串
var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>()
{
{ "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) }
}, endpoint.ExpireSecond);
//生成重定向回接入方系统的地址
var strReturnUrl = QueryHelpers.AddQueryString(redirectUrl, authResult.AdditionalRedirectUrlQueryAttributes);
strReturnUrl = QueryHelpers.AddQueryString(strReturnUrl, "commontoken", strCommonToken);
return(strReturnUrl);
}
/// <summary>
/// 获取通用令牌
/// 返回结果有两种情况
/// 1,直接获取通用令牌,返回重定向回接入方系统的地址,该地址包含通用令牌的字符串信息
/// 2,需要重定向到第三方认证系统,返回第三方认证系统的地址
/// </summary>
/// <param name="endpoint"></param>
/// <param name="authorizationName">验证终结点名称</param>
/// <param name="returnUrl">接入方系统的重定向地址</param>
/// <returns>获取通用令牌动作的结果</returns>
public async Task <GetCommonTokenResult> GetCommonToken(SystemLoginEndpoint endpoint, string authorizationName, string returnUrl)
{
//验证客户端重定向地址
await validateClientRedirectUrl(endpoint, returnUrl);
//找到关联的验证终结点
var authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, authorizationName);
if (authorizationEndpoint == null)
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointByName,
DefaultFormatting = "名称为{0}的系统登录终结点中,找不到名称为{1}的关联认证终结点",
ReplaceParameters = new List <object>()
{
endpoint.Name, authorizationName
}
};
throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, fragment);
}
//生成验证中心重定向地址
var sysUrl = GenerateSystemLoginUrl(endpoint, authorizationEndpoint);
//var serviceReturnUrl = $"{endpoint.BaseUrl}?returnurl={WebUtility.UrlEncode(returnUrl)}";
//调用认证终结点的获取系统令牌的方法
var authResult = await authorizationEndpoint.GetSystemToken(endpoint, sysUrl, returnUrl);
//从接入方系统的returnUrl上面获取Querystring的键值对
//从请求中获取querystring,将它转成键值对
Dictionary <string, string> returnUrlKV = new Dictionary <string, string>();
Uri returnUrlUri = new Uri(returnUrl);
var dictKV = QueryHelpers.ParseQuery(returnUrlUri.Query);
foreach (var item in dictKV)
{
returnUrlKV.Add(item.Key, item.Value[0]);
}
GetCommonTokenResult result = new GetCommonTokenResult();
if (authResult.Direct)
{
//组装结果
result.Direct = true;
var commonToken = new CommonToken()
{
SystemName = endpoint.Name,
AuthorizationName = authorizationName,
UserInfoAttributes = authResult.TokenResult.Attributes
};
//生成通用令牌的JWT字符串
var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>()
{
{ "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) }
}, endpoint.ExpireSecond);
//生成重定向回接入方系统的地址
var strReturnUrl = QueryHelpers.AddQueryString(returnUrl, authResult.TokenResult.AdditionalRedirectUrlQueryAttributes);
strReturnUrl = QueryHelpers.AddQueryString(strReturnUrl, "commontoken", strCommonToken);
result.CommonTokenRedirectUrl = strReturnUrl;
}
else
{
result.Direct = false;
result.RedirectUrl = authResult.RedirectUrl;
}
return(result);
}
