/// <summary>
/// 操作授权验证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public static VerifyAuthorizationResult Authentication(AuthorizationFilterContext context)
{
if (context == null)
{
return(VerifyAuthorizationResult.ChallengeResult());
}
#region 操作信息
string controllerName = context.RouteData.Values["controller"].ToString().ToUpper();
string actionName = context.RouteData.Values["action"].ToString().ToUpper();
string methodName = context.HttpContext.Request.Method;
AuthorityOperationCmdDto operation = new AuthorityOperationCmdDto()
{
ControllerCode = controllerName,
ActionCode = actionName
};
#endregion
//登陆用户
var loginUser = IdentityManager.GetLoginUser();
if (loginUser == null)
{
return(VerifyAuthorizationResult.ChallengeResult());
}
var allowAccess = Authorization(loginUser, operation);
return(allowAccess ? VerifyAuthorizationResult.SuccessResult() : VerifyAuthorizationResult.ForbidResult());
}
public static async Task <AuthorizeVerifyResult> AuthenticationAsync(AuthorizationFilterContext context)
{
if (context == null)
{
return(AuthorizeVerifyResult.ChallengeResult());
}
#region 操作信息
string controllerName = context.RouteData.Values["controller"].ToString().ToUpper();
string actionName = context.RouteData.Values["action"].ToString().ToUpper();
string methodName = context.HttpContext.Request.Method;
AuthorityOperationCmdDto operation = new AuthorityOperationCmdDto()
{
ControllerCode = controllerName,
ActionCode = actionName
};
#endregion
//登陆用户
var loginUser = GetLoginUser();
if (loginUser == null)
{
return(AuthorizeVerifyResult.ChallengeResult());
}
var allowAccess = await AuthorizationAsync(loginUser, operation).ConfigureAwait(false);
return(allowAccess ? AuthorizeVerifyResult.SuccessResult() : AuthorizeVerifyResult.ForbidResult());
}
/// <summary>
/// 授权验证
/// </summary>
/// <param name="request">认证授权信息</param>
/// <returns></returns>
public static async Task <AuthorizeVerifyResult> AuthenticationAsync(AuthorizeVerifyRequest request)
{
if (request == null)
{
return(AuthorizeVerifyResult.ForbidResult());
}
var operation = new AuthorityOperationCmdDto()
{
ActionCode = request.ActionCode,
ControllerCode = request.ControllerCode
};
var user = AuthenticationUser <long> .GetUserFromClaims(request.Claims?.Select(c => new Claim(c.Key, c.Value)).ToList());
var allowAccess = await AuthorizationAsync(user, operation).ConfigureAwait(false);
return(new AuthorizeVerifyResult()
{
VerifyValue = allowAccess ? AuthorizeVerifyValue.Success : AuthorizeVerifyValue.Forbid
});
}
/// <summary>
/// 授权验证
/// </summary>
/// <param name="request">认证授权信息</param>
/// <returns></returns>
public static VerifyAuthorizationResult Authentication(VerifyAuthorizationOption request)
{
if (request == null)
{
return(VerifyAuthorizationResult.ForbidResult());
}
var operation = new AuthorityOperationCmdDto()
{
ActionCode = request.ActionCode,
ControllerCode = request.ControllerCode
};
var user = AuthenticationUser <long> .GetUserFromClaims(request.Claims?.Select(c => new Claim(c.Key, c.Value)).ToList());
var allowAccess = Authorization(user, operation);
return(new VerifyAuthorizationResult()
{
Status = allowAccess ? AuthorizationVerificationStatus.Success : AuthorizationVerificationStatus.Forbid
});
}
/// <summary>
/// 授权验证
/// </summary>
/// <param name="operation">授权操作</param>
/// <returns></returns>
public static async Task <bool> AuthorizationAsync(AuthenticationUser <long> user, AuthorityOperationCmdDto operation)
{
if (operation == null || user == null)
{
return(false);
}
AuthenticationCmdDto authInfo = new AuthenticationCmdDto()
{
Operation = operation,
User = new AdminUserCmdDto()
{
UserType = UserType.管理账户,
SysNo = user.Id
}
};
return(await Task.Run(() =>
{
return operation.Instance <IAuthService>().Authentication(authInfo);
}).ConfigureAwait(false));
}
/// <summary>
/// 授权验证
/// </summary>
/// <param name="operation">授权操作</param>
/// <returns></returns>
public static async Task <bool> AuthorizationAsync(AuthenticationUser <long> user, AuthorityOperationCmdDto operation)
{
if (operation == null || user == null)
{
return(false);
}
if (user.IsAdmin)
{
return(true);
}
operation.ControllerCode = operation.ControllerCode?.ToUpper() ?? string.Empty;
operation.ActionCode = operation.ActionCode?.ToUpper() ?? string.Empty;
#region 授权操作判断
string operationValue = $"{operation.ControllerCode}/{operation.ActionCode}";
var operationCacheKey = CacheUtil.GetOperationCacheKey(operationValue);
var nowOperation = CacheManager.GetData <AuthorityOperationDto>(operationCacheKey);
if (nowOperation == null || nowOperation.Status == AuthorityOperationStatus.关闭)
{
return(false);
}
if (nowOperation.AuthorizeType == AuthorityOperationAuthorizeType.无限制)
{
return(true);
}
#endregion
#region 授权操作分组判断
var groupKey = nowOperation.Group?.SysNo.ToString() ?? string.Empty;
if (groupKey.IsNullOrEmpty())
{
return(false);
}
var groupCacheKey = CacheUtil.GetOperationGroupCacheKey(groupKey);
var nowGroup = CacheManager.GetData <AuthorityOperationGroupDto>(groupCacheKey);
if (nowGroup == null || nowGroup.Status == AuthorityOperationGroupStatus.关闭)
{
return(false);
}
while (nowGroup.Level > 1)
{
var parentGroupKey = nowGroup.Parent?.SysNo.ToString() ?? string.Empty;
if (parentGroupKey.IsNullOrEmpty())
{
return(false);
}
var parentGroupCacheKey = CacheUtil.GetOperationGroupCacheKey(parentGroupKey);
var nowParentGroup = CacheManager.GetData <AuthorityOperationGroupDto>(parentGroupCacheKey);
nowGroup = nowParentGroup;
if (nowGroup == null || nowGroup.Status == AuthorityOperationGroupStatus.关闭)
{
return(false);
}
}
#endregion
var cacheKey = CacheUtil.GetUserAuthOperationCacheKey(user.Id.ToString());
var existResult = CacheManager.Set.Contains(new SetContainsOption()
{
Key = cacheKey,
Value = operationValue
})?.Responses ?? new List <SetContainsResponse>(0);
var hasOperation = existResult.IsNullOrEmpty() ? false : (existResult.FirstOrDefault()?.ContainsValue ?? false);
if (!hasOperation)
{
return(false);
}
return(await Task.FromResult(true));
}
/// <summary>
/// 授权验证
/// </summary>
/// <param name="operation">授权操作</param>
/// <returns></returns>
public static bool Authorization(AuthenticationUser <long> user, AuthorityOperationCmdDto operation)
{
//TODO:默认不做授权认证
return(true);
}