コード例 #1
0
ファイル: Config.cs プロジェクト: ZQuanLi/Test
        /// <summary>
        /// 获取系统Session
        /// </summary>
        /// <returns></returns>
        public static CacheUser GetSession()
        {
            string    msg  = "";
            CacheUser user = GetAuthorizeUser(out msg);

            if (user == null)
            {
                user          = new CacheUser();
                user.Ledger   = WebConfig.Ledger;
                user.Uid      = 0;
                user.CacheKey = "";
            }
            return(user);
        }
コード例 #2
0
ファイル: AuthorizeAttribute.cs プロジェクト: ZQuanLi/Test
        /// <summary>
        /// 访问前
        /// </summary>
        /// <param name="actionContext"></param>
        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            //CacheUser user = HttpContext.Current.Session["CacheUser"] as CacheUser;
            string          msg = "";
            CacheUser       user = WebConfig.GetAuthorizeUser(out msg);
            HttpRequestBase req = ((System.Web.HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]).Request;
            string          nameSpace = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.Namespace;
            string          controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string          actionName = actionContext.ActionDescriptor.ActionName;
            string          userHostAddress = "", absolutePath = "";

            if (req != null)
            {
                userHostAddress = req.UserHostAddress;
                absolutePath    = req.Url.AbsolutePath;
            }
            else
            {
                FileLog.WriteLog(string.Format("访问命名空间{0}控制器{1}操作对象{2}的HttpRequestBase对象不存在!", nameSpace, controllerName, actionName));
            }
            string content = "";      /*描述*/
            string prog_id = "";      /*权限ID*/
            bool   authorize = false; /*权限*/
            bool   chkSession = true; /*检测seesion是否过期*/

            /////////////
            #region 对象信息
            var obj = actionContext.ControllerContext.Controller.GetType().GetMethod(actionName).GetCustomAttributes(typeof(SecurityCtrl), false);
            if (obj != null)
            {
                foreach (SecurityCtrl md in obj)
                {
                    content    = md.describe;   /*描述*/
                    prog_id    = md.prog_id;    /*权限ID号*/
                    authorize  = md.authorize;  /*是否检查权限*/
                    chkSession = md.chkSession; /*是否检查session*/
                }
            }
            #endregion
            #region 类型验证
            var modelState = actionContext.ModelState;
            if (!modelState.IsValid)
            {
                string error = string.Empty;
                foreach (var key in modelState.Keys)
                {
                    var state = modelState[key];
                    if (state.Errors.Any())
                    {
                        error = state.Errors.First().ErrorMessage;
                        break;
                    }
                }
                APIRst api = new APIRst()
                {
                    rst = false
                };
                api.err.code           = (int)ResultCodeDefine.Auth_ParamsInvalid;
                api.err.msg            = "参数错误:" + error;
                actionContext.Response = new HttpResponseMessage {
                    Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
                };
                AddHeadersOrigin(actionContext.Request, actionContext.Response);
                base.OnActionExecuting(actionContext);
                return;
            }
            #endregion
            #region Session验证
            if (chkSession == true && user == null)
            {
                APIRst api = new APIRst()
                {
                    rst = false
                };
                if (string.IsNullOrEmpty(msg))
                {
                    api.err.code = (int)ResultCodeDefine.Error_LoginInvalid;
                    api.err.msg  = "登录过期";
                }
                else
                {
                    api.err.code = (int)ResultCodeDefine.Auth_TicketInvalid;
                    api.err.msg  = msg;
                }
                actionContext.Response = new HttpResponseMessage {
                    Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
                };
                AddHeadersOrigin(actionContext.Request, actionContext.Response);
                base.OnActionExecuting(actionContext);
                return;
            }

            #endregion
            #region 权限验证
            if (authorize == true)
            {//检查权限
                if (user == null)
                {
                    APIRst api = new APIRst()
                    {
                        rst = false
                    };
                    api.err.code           = (int)ResultCodeDefine.Auth_UserNoPermission;
                    api.err.msg            = "没有权限:原因登录过期";
                    actionContext.Response = new HttpResponseMessage {
                        Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
                    };
                    AddHeadersOrigin(actionContext.Request, actionContext.Response);
                    base.OnActionExecuting(actionContext);
                    return;
                }
                YDS6000.BLL.Platform.Home.HomeBLL hBll = new BLL.Platform.Home.HomeBLL(user.Ledger, user.Uid);
                bool power = hBll.GetPower(user.Role_id, prog_id);
                if (power == false)
                {
                    APIRst api = new APIRst()
                    {
                        rst = false
                    };
                    api.err.code           = (int)ResultCodeDefine.Auth_UserNoPermission;
                    api.err.msg            = "没有权限";
                    actionContext.Response = new HttpResponseMessage {
                        Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
                    };
                    AddHeadersOrigin(actionContext.Request, actionContext.Response);
                }
            }

            bool isAddLog = string.IsNullOrEmpty(content) ? false : true;
            if (isAddLog == true)
            {
                try
                {
                    //YDS6000.BLL.WholeBLL.AddLog(user.Ledger, user.Uid, prog_id, userHostAddress, controllerName, actionName, content);
                }
                catch (Exception ex)
                {
                    FileLog.WriteLog("增加访问记录错误:", ex.Message);
                }
            }
            #endregion
            base.OnActionExecuting(actionContext);
        }
コード例 #3
0
ファイル: Config.cs プロジェクト: ZQuanLi/Test
        public static CacheUser GetAuthorizeUser(out string msg)
        {
            msg = "";
            CacheUser user = null;

            user = HttpContext.Current.Session["CacheUser"] as CacheUser;
            if (user == null)
            {
                if (HttpContext.Current.Request.Headers != null && !string.IsNullOrEmpty(HttpContext.Current.Request.Headers.Get("Ticket")))
                {
                    string ticket = CommFunc.ConvertDBNullToString(HttpContext.Current.Request.Headers.Get("Ticket"));
                    int    len    = ticket.Length;
                    if (len >= 14)
                    {
                        string   flag = CommFunc.ConvertDBNullToString(ticket.Substring(10, 1));
                        int      seed = CommFunc.CharToNuner(flag);
                        string   kk = CommFunc.ConvertDBNullToString(ticket.Substring(11, len - 11));
                        string[] arr = kk.Split(new string[] { flag }, StringSplitOptions.RemoveEmptyEntries);
                        bool     isPass = true;
                        int      ledger = 0, uid = 0;
                        if (arr.Count() != 2)
                        {
                            msg    = "Ticket信息错误";
                            isPass = false;
                        }
                        if (isPass == true)
                        {
                            ledger = CommFunc.ConvertDBNullToInt32(arr[0]) - seed;
                            uid    = CommFunc.ConvertDBNullToInt32(arr[1]) - seed;
                            if (ledger <= 0 && uid < 0)
                            {
                                msg    = "Ticket包含错误信息";
                                isPass = false;
                            }
                        }
                        if (isPass == true)
                        {
                            string ccKey = ledger.ToString() + "A" + uid.ToString();
                            string ss    = HttpContext.Current.Request.RawUrl;
                            if (ss.Contains("api/ExpApp/"))
                            {
                                ccKey = ledger.ToString() + "APP" + uid.ToString();
                            }
                            else if (ss.Contains("api/ExpAdminApp/"))
                            {
                                ccKey = ledger.ToString() + "AdminApp" + uid.ToString();
                            }
                            user = HttpRuntime.Cache.Get(ccKey) as CacheUser;
                        }
                        //int seed = CommFunc.ConvertDBNullToInt32(ticket.Substring(10, 3));
                        //int uid = CommFunc.ConvertDBNullToInt32(ticket.Substring(13, 7)) - seed;
                        //user = HttpRuntime.Cache.Get(uid.ToString()) as CacheUser;
                    }
                }
                else
                {
                    msg = "没有Ticket信息";
                }
            }
            //if (user == null && HttpContext.Current.Request.Url.Host.ToLower().Equals("localhost"))
            //{/*本地代码执行*/
            //    user = new CacheUser();
            //    user.Ledger = WebConfig.Ledger;
            //    user.Uid = 1;
            //}
            return(user);
        }