public override void OnActionExecuting(ActionExecutingContext context) { string ClientToken = string.Empty; string JseSessionId = CookiesOperation.GetCookies(context.HttpContext, "JSESSIONID"); if (context.HttpContext.Request.Method == "POST") { ClientToken = context.HttpContext.Request.Form["token"].ToString(); } else { ClientToken = context.HttpContext.Request.Query["token"].ToString(); } if (!string.IsNullOrEmpty(ClientToken) && !string.IsNullOrEmpty(JseSessionId)) { StackExchangeHelper stackExchangeHelper = new StackExchangeHelper(); //key值剩余时间 TimeSpan?KeyRemainTime = stackExchangeHelper.GetRemainTime(JseSessionId + AppConfig.TokenStr); if (KeyRemainTime != null) { string ServerToken = stackExchangeHelper.StringGet(JseSessionId + AppConfig.TokenStr); if (ClientToken == ServerToken) { //key值剩余分钟数 int RemainMinutes = Convert.ToInt32(((TimeSpan)KeyRemainTime).TotalMinutes); //如果key值即将过期,需要对Token进行延时 if (RemainMinutes < 5) { //服务端存储Token密钥 stackExchangeHelper.KeyExpire(JseSessionId + AppConfig.DESKeyStr, ExpiresTime.AddtionExpiresTime); //服务端存储Token stackExchangeHelper.KeyExpire(JseSessionId + AppConfig.TokenStr, ExpiresTime.AddtionExpiresTime); //服务端注册本次登陆的域名 stackExchangeHelper.KeyExpire(JseSessionId + AppConfig.DomainStr, ExpiresTime.AddtionExpiresTime); } } else { //token匹配错误 context.Result = new JsonResult(new ResponseModel(ResponseStatus.ErrorParameters, "Token错误!")); } } else { //服务端token已过期 context.Result = new JsonResult(new ResponseModel(ResponseStatus.Redirect, "Token过期!")); } } else { //缺少参数 context.Result = new JsonResult(new ResponseModel(ResponseStatus.Warnning, "缺少重要参数!")); } }
/// <summary> /// 用户登陆 /// </summary> /// <param name="Name">用户名</param> /// <param name="Password">密码</param> /// <param name="Context">HTTP请求上下文</param> /// <param name="Redirect">回调URL</param> /// <returns></returns> public ResponseModel Login(string Name, string Password, HttpContext Context, out string Redirect) { var User = _usersRepository.Get(new { Name = Name }, new List <string>() { "Id", "Name", "PassWord" }); Redirect = ""; if (User != null) { if (User.PassWord == Password) { StackExchangeHelper stackExchangeHelper = new StackExchangeHelper(); string JseSessionId = CookiesOperation.GetCookies(Context, "JSESSIONID"); string UA = Context.Request.Headers["User-Agent"].ToString(); string Key = Helper.GeneratorDesKey(); //获取回调的URL Redirect = ServiceHelper.GetRollBackUrl(Context); if (!string.IsNullOrEmpty(Redirect)) { //获取回调的URL的域名 string Domain = Helper.GetDomain(Redirect); //生成Token string Token = Helper.GeneratorToken(User.Id, UA, Key); //服务端存储Token密钥 stackExchangeHelper.StringSet(JseSessionId + AppConfig.DESKeyStr, Key, ExpiresTime.ServerExpiresTime); //服务端存储Token stackExchangeHelper.StringSet(JseSessionId + AppConfig.TokenStr, Token, ExpiresTime.ServerExpiresTime); //服务端注册本次登陆的域名,并设置过期时间 stackExchangeHelper.ListRightPush(JseSessionId + AppConfig.DomainStr, Domain); stackExchangeHelper.KeyExpire(JseSessionId + AppConfig.DomainStr, ExpiresTime.ServerExpiresTime); return(new ResponseModel(ResponseStatus.OK, "登陆成功!", new { token = Token, redirect = Redirect })); } else { return(new ResponseModel(ResponseStatus.Warnning, "未找到回调URL")); } } else { return(new ResponseModel(ResponseStatus.Warnning, "密码错误!")); } } else { return(new ResponseModel(ResponseStatus.Warnning, "未找到相应用户信息!")); } }
public override void OnActionExecuting(ActionExecutingContext context) { string JseSessionId = CookiesOperation.GetCookies(context.HttpContext, "JSESSIONID"); string Referrence = context.HttpContext.Request.Headers["Referer"].ToString(); if (string.IsNullOrEmpty(JseSessionId)) { //设置登陆标识 CookiesOperation.SetCookies(context.HttpContext, "JSESSIONID", Helper.GenerateGuid(), ExpiresTime.ServerExpiresTime); //如果没有登陆,重定向 context.HttpContext.Response.Redirect("/Account/Login?redirect=" + Helper.UrlEncode(Referrence)); } else { //已经登陆 StackExchangeHelper stackExchangeHelper = new StackExchangeHelper(); string Domain = Helper.GetDomain(Referrence); //获取所有已注册的域名 var RegisterUrl = stackExchangeHelper.ListRange(JseSessionId + AppConfig.DomainStr); //拿到之前登陆的令牌 string Token = stackExchangeHelper.StringGet(JseSessionId + AppConfig.TokenStr); //判断该域名是否已在服务端注册 if (!string.IsNullOrEmpty(Token)) { if (!RegisterUrl.Contains(Domain)) { //服务端注册本次登陆的域名,并设置过期时间 stackExchangeHelper.ListRightPush(JseSessionId + AppConfig.DomainStr, Domain); stackExchangeHelper.KeyExpire(JseSessionId + AppConfig.DomainStr, ExpiresTime.ServerExpiresTime); } //发放令牌并重定向 context.HttpContext.Response.Redirect(Referrence + "?token=" + Token); } else { //Token过期或者没有登陆 context.HttpContext.Response.Redirect("/Account/Login?redirect=" + Helper.UrlEncode(Referrence)); } } }
/// <summary> /// 获取用户信息 /// </summary> /// <param name="Token">Token</param> /// <returns></returns> public ResponseModel GetUserName(string Token, HttpContext Context) { StackExchangeHelper stackExchangeHelper = new StackExchangeHelper(); string JseSessionId = CookiesOperation.GetCookies(Context, "JSESSIONID"); string DESKey = stackExchangeHelper.StringGet(JseSessionId + AppConfig.DESKeyStr); string DecryptClientToken = Helper.DESDecrypt(Token, DESKey); //解析Token,数组第一个元素是UserId,第二个元素是时间戳 string[] ClientTokenArray = DecryptClientToken.Split(AppConfig.SplitCode); if (ClientTokenArray != null && ClientTokenArray.Length > 0) { string UserId = ClientTokenArray[0]; var User = _usersRepository.Get(new { Id = UserId }, new List <string>() { "Id", "Name", "Phone", "Email" }); return(new ResponseModel(ResponseStatus.OK, "", User)); } else { return(new ResponseModel(ResponseStatus.ErrorParameters, "Token解析错误!")); } }