public override Task OnActionExecutionAsync(ActionExecutingContext controllerContext, ActionExecutionDelegate cancellationToken)
{
//获取用户登录信息
var authorization = controllerContext.HttpContext.Request.Headers["Authorization"].ToString();
if (authorization != null && authorization.Contains("BasicAuth"))
{
var encrypt = authorization.Split(" ")[1];
var userInfo = TicketEncryption.VerifyTicket(encrypt, out string client);
AccountInfo = userInfo;
}
return(base.OnActionExecutionAsync(controllerContext, cancellationToken));
}
public void OnAuthorization(AuthorizationFilterContext context)
{
//允许匿名访问
if (context.HttpContext.User.Identity.IsAuthenticated ||
context.Filters.Any(item => item is IAllowAnonymousFilter))
{
return;
}
var httpContext = context.HttpContext;
var claimsIdentity = httpContext.User.Identity as ClaimsIdentity;
var request = context.HttpContext.Request;
var authorization = request.Headers["Authorization"].ToString();
if (authorization != null && authorization.Contains("BasicAuth"))
{
//当前登录用户ticket
var current_ticket = authorization.Split(" ")[1];
var userInfo = TicketEncryption.VerifyTicket(current_ticket, out string dec_client);
if (userInfo != null)
{
//同一个终端多次登录挤下线功能 返回403
if (userInfo.ticket != current_ticket && userInfo.client.ToString() == dec_client)
{
#region 多设备挤下线代码
var response = new HttpResponseMessage();
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Result = new JsonResult("Forbidden:The current authorization has expired");
#endregion
return;
}
else
{
return;
}
}
}
// 401 未授权
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new JsonResult("Forbidden:Tiket Invalid");
}