コード例 #1
0
        /// <summary>
        /// 方法执行前
        /// 判断用户是否为管理角色,不是则抛出异常
        /// </summary>
        /// <param name="context"></param>
        public void OnActionExecuting(ActionExecutingContext context)
        {
            #region 记录API调用及响应时长等
            var stopwach = new Stopwatch();
            stopwach.Start();
            context.RouteData.Values.Add(DURATION, stopwach);
            #endregion

            #region 权限验证
            //获得Controller类型
            Type t = context.Controller.GetType();
            //获得方法名
            string actionname = context.RouteData.Values["action"].ToString();

            var headers = context.HttpContext.Request.Headers;

            string errorMessage = string.Empty;

            //判断是否需要检查访问token及其它校验
            if (IsHaveVisitToken(actionname, t))
            {
                #region 访问token的校验
                //检测是否包含'Authorization'请求头,如果不包含返回context进行下一个中间件,用于访问不需要认证的API
                if (!headers.ContainsKey("Authorization"))
                {
                    context.Result = new JsonResult(HttpResult.NotAuth);
                    return;
                }
                var    tokenStr = headers["Authorization"];
                string jwtStr   = tokenStr.ToString().Substring("Bearer ".Length).Trim();
                if (!TokenHelp.VerifyVisitToken(jwtStr, false, out errorMessage))
                {
                    context.Result = new JsonResult(HttpResult.NotAuth);
                    return;
                }

                //_logger.LogInformation($"{context.HttpContext.Request.Path.ToUriComponent()}--error--{errorMessage}");
                //_logger.LogInformation($"{context.HttpContext.Request.Path.ToUriComponent()}--Authorization--{tokenStr}");
                //var a = TokenHelp.ReadVisitTokenByTokenStr(jwtStr);
                //_logger.LogInformation($"{context.HttpContext.Request.Path.ToUriComponent()}--tokenTO--{a.To}");
                //_logger.LogInformation($"{context.HttpContext.Request.Path.ToUriComponent()}--CurrentVisitToKey--{Current.VisitToKey}");
                //_logger.LogInformation($"{context.HttpContext.Request.Path.ToUriComponent()}--ConfigVisitTos--{Config.VisitTos.ToJsonString()}");
                #endregion

                #region 用户token的校验
                //存储当前访问的用户token
                if (headers.ContainsKey("UserToken"))
                {
                    Current.UserToken = headers["UserToken"];
                    #region 只要有UserToken就记录当前访问用户,失败不影响
                    try
                    {
                        int?   userId;
                        User   user;
                        string err;
                        if (TokenHelp.VerifyUserToken(Current.UserToken, out userId, out err))
                        {
                            //记录当前用户Id
                            Current.UserId = userId;
                            //未获取到当前用户
                            if (Current.UserId.HasValue && Current.UId > 0)
                            {
                                user             = ServiceHelp.GetUserService.GetById(Current.UId);
                                Current.UserJson = user.ToJsonString();
                            }
                        }
                    }
                    catch (Exception) { }
                    #endregion
                }
                else
                {
                    Current.UserToken = string.Empty;
                }

                //判断是否需要检验登录
                if (IsCheckLogin(t, actionname))
                {
                    User user;
                    //判断是否登录
                    if (!IsLogin(out user, out errorMessage))
                    {
                        context.Result = new JsonResult(HttpResult.AginLogin(null, errorMessage));
                        return;
                    }
                }

                //是否有权限
                if (!IsHaveAuthorize(actionname, t, out errorMessage))
                {
                    context.Result = new JsonResult(HttpResult.NotAuth);
                    return;
                }
                if (!string.IsNullOrWhiteSpace(errorMessage))
                {
                    context.Result = new JsonResult(HttpResult.AginLogin(new { }, errorMessage));
                }
                #endregion
            }

            #endregion

            //成功访问
        }
コード例 #2
0
        /// <summary>
        /// 方法执行前
        /// 判断用户是否为管理角色,不是则抛出异常
        /// </summary>
        /// <param name="context"></param>
        public void OnActionExecuting(ActionExecutingContext context)
        {
            #region 记录API调用及响应时长等
            var stopwach = new Stopwatch();
            stopwach.Start();
            context.RouteData.Values.Add(DURATION, stopwach);
            #endregion

            #region 权限验证
            //获得Controller类型
            Type t = context.Controller.GetType();
            //获得方法名
            string actionname = context.RouteData.Values["action"].ToString();

            var headers = context.HttpContext.Request.Headers;

            string errorMessage = string.Empty;

            //判断是否需要检查访问token及其它校验
            if (IsHaveVisitToken(actionname, t))
            {
                #region 访问token的校验
                //检测是否包含'Authorization'请求头,如果不包含返回context进行下一个中间件,用于访问不需要认证的API
                if (!headers.ContainsKey("Authorization"))
                {
                    context.Result = new JsonResult(HttpResult.NotAuth);
                    return;
                }
                var    tokenStr = headers["Authorization"];
                string jwtStr   = tokenStr.ToString().Substring("Bearer ".Length).Trim();
                if (!TokenHelp.VerifyVisitToken(jwtStr, false, out errorMessage))
                {
                    context.Result = new JsonResult(HttpResult.NotAuth);
                    return;
                }
                #endregion

                #region 用户token的校验
                //存储当前访问的用户token
                if (headers.ContainsKey("UserToken"))
                {
                    Current.UserToken = headers["UserToken"];
                }
                else
                {
                    Current.UserToken = string.Empty;
                }

                //判断是否需要检验登录
                if (IsCheckLogin(t, actionname))
                {
                    User user;
                    //判断是否登录
                    if (!IsLogin(out user, out errorMessage))
                    {
                        context.Result = new JsonResult(HttpResult.AginLogin(null, errorMessage));
                        return;
                    }
                }

                //是否有权限
                if (!IsHaveAuthorize(actionname, t, out errorMessage))
                {
                    context.Result = new JsonResult(HttpResult.NotAuth);
                    return;
                }
                if (!string.IsNullOrWhiteSpace(errorMessage))
                {
                    context.Result = new JsonResult(HttpResult.AginLogin(new { }, errorMessage));
                }
                #endregion
            }

            #endregion

            //成功访问
        }