protected override bool IsAuthorized(HttpActionContext actionContext) { var principal = Thread.CurrentPrincipal; if (principal == null && HttpContext.Current != null) { principal = HttpContext.Current.User; } if (principal != null && principal.Identity != null && !principal.Identity.IsAuthenticated && actionContext.IsUseAttributeOf <AuthorizeAttribute>()) { actionContext.CreateErrorResponse("用户未登录!"); return(false); } if (principal != null && principal.Identity != null && principal.Identity.IsAuthenticated) { if (!(principal.Identity is BasicAuthenticationIdentity identity)) { return(false); } var context = new Context(identity.Name); var bizUser = new UserBusiness(context); var result = bizUser.ValidateLogin(identity.Name, identity.Password); if (!result.IsValid) { actionContext.CreateErrorResponse(result.Message); } else { actionContext.RequestContext.Principal = principal; actionContext.Request.Properties["Known_User"] = result.Data; } return(result.IsValid); } return(false); }
private static bool ValidateRequest(HttpActionContext actionContext) { var timestamp = actionContext.Request.GetQueryValue("timestamp"); if (string.IsNullOrWhiteSpace(timestamp)) { actionContext.CreateErrorResponse("缺少参数timestamp!"); return(false); } if (!long.TryParse(timestamp, out long ms) || ms.ToString().Length != 13) { actionContext.CreateErrorResponse("不合法的timestamp!"); return(false); } var requestTime = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1)).AddMilliseconds(ms); var diffSeconds = (DateTime.Now - requestTime).TotalSeconds; if (diffSeconds > ExpiredSeconds || diffSeconds < 0 - ExpiredSeconds) { actionContext.CreateErrorResponse("请求已超时!"); return(false); } var nonce = actionContext.Request.GetQueryValue("nonce"); if (string.IsNullOrWhiteSpace(nonce)) { actionContext.CreateErrorResponse("缺少参数nonce!"); return(false); } var sign = actionContext.Request.GetQueryValue("sign"); if (string.IsNullOrWhiteSpace(sign)) { actionContext.CreateErrorResponse("缺少参数sign!"); return(false); } if (sign != GetSignature(actionContext.Request)) { actionContext.CreateErrorResponse("sign格式不正确!"); return(false); } return(true); }