/// <summary>
/// 获取系统Session
/// </summary>
/// <returns></returns>
public static CacheUser GetSession()
{
string msg = "";
CacheUser user = GetAuthorizeUser(out msg);
if (user == null)
{
user = new CacheUser();
user.Ledger = WebConfig.Ledger;
user.Uid = 0;
user.CacheKey = "";
}
return(user);
}
/// <summary>
/// 访问前
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//CacheUser user = HttpContext.Current.Session["CacheUser"] as CacheUser;
string msg = "";
CacheUser user = WebConfig.GetAuthorizeUser(out msg);
HttpRequestBase req = ((System.Web.HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]).Request;
string nameSpace = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.Namespace;
string controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = actionContext.ActionDescriptor.ActionName;
string userHostAddress = "", absolutePath = "";
if (req != null)
{
userHostAddress = req.UserHostAddress;
absolutePath = req.Url.AbsolutePath;
}
else
{
FileLog.WriteLog(string.Format("访问命名空间{0}控制器{1}操作对象{2}的HttpRequestBase对象不存在!", nameSpace, controllerName, actionName));
}
string content = ""; /*描述*/
string prog_id = ""; /*权限ID*/
bool authorize = false; /*权限*/
bool chkSession = true; /*检测seesion是否过期*/
/////////////
#region 对象信息
var obj = actionContext.ControllerContext.Controller.GetType().GetMethod(actionName).GetCustomAttributes(typeof(SecurityCtrl), false);
if (obj != null)
{
foreach (SecurityCtrl md in obj)
{
content = md.describe; /*描述*/
prog_id = md.prog_id; /*权限ID号*/
authorize = md.authorize; /*是否检查权限*/
chkSession = md.chkSession; /*是否检查session*/
}
}
#endregion
#region 类型验证
var modelState = actionContext.ModelState;
if (!modelState.IsValid)
{
string error = string.Empty;
foreach (var key in modelState.Keys)
{
var state = modelState[key];
if (state.Errors.Any())
{
error = state.Errors.First().ErrorMessage;
break;
}
}
APIRst api = new APIRst()
{
rst = false
};
api.err.code = (int)ResultCodeDefine.Auth_ParamsInvalid;
api.err.msg = "参数错误:" + error;
actionContext.Response = new HttpResponseMessage {
Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
};
AddHeadersOrigin(actionContext.Request, actionContext.Response);
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region Session验证
if (chkSession == true && user == null)
{
APIRst api = new APIRst()
{
rst = false
};
if (string.IsNullOrEmpty(msg))
{
api.err.code = (int)ResultCodeDefine.Error_LoginInvalid;
api.err.msg = "登录过期";
}
else
{
api.err.code = (int)ResultCodeDefine.Auth_TicketInvalid;
api.err.msg = msg;
}
actionContext.Response = new HttpResponseMessage {
Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
};
AddHeadersOrigin(actionContext.Request, actionContext.Response);
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 权限验证
if (authorize == true)
{//检查权限
if (user == null)
{
APIRst api = new APIRst()
{
rst = false
};
api.err.code = (int)ResultCodeDefine.Auth_UserNoPermission;
api.err.msg = "没有权限:原因登录过期";
actionContext.Response = new HttpResponseMessage {
Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
};
AddHeadersOrigin(actionContext.Request, actionContext.Response);
base.OnActionExecuting(actionContext);
return;
}
YDS6000.BLL.Platform.Home.HomeBLL hBll = new BLL.Platform.Home.HomeBLL(user.Ledger, user.Uid);
bool power = hBll.GetPower(user.Role_id, prog_id);
if (power == false)
{
APIRst api = new APIRst()
{
rst = false
};
api.err.code = (int)ResultCodeDefine.Auth_UserNoPermission;
api.err.msg = "没有权限";
actionContext.Response = new HttpResponseMessage {
Content = new StringContent(JsonHelper.Serialize(api), Encoding.GetEncoding("UTF-8"), "application/json")
};
AddHeadersOrigin(actionContext.Request, actionContext.Response);
}
}
bool isAddLog = string.IsNullOrEmpty(content) ? false : true;
if (isAddLog == true)
{
try
{
//YDS6000.BLL.WholeBLL.AddLog(user.Ledger, user.Uid, prog_id, userHostAddress, controllerName, actionName, content);
}
catch (Exception ex)
{
FileLog.WriteLog("增加访问记录错误:", ex.Message);
}
}
#endregion
base.OnActionExecuting(actionContext);
}
public static CacheUser GetAuthorizeUser(out string msg)
{
msg = "";
CacheUser user = null;
user = HttpContext.Current.Session["CacheUser"] as CacheUser;
if (user == null)
{
if (HttpContext.Current.Request.Headers != null && !string.IsNullOrEmpty(HttpContext.Current.Request.Headers.Get("Ticket")))
{
string ticket = CommFunc.ConvertDBNullToString(HttpContext.Current.Request.Headers.Get("Ticket"));
int len = ticket.Length;
if (len >= 14)
{
string flag = CommFunc.ConvertDBNullToString(ticket.Substring(10, 1));
int seed = CommFunc.CharToNuner(flag);
string kk = CommFunc.ConvertDBNullToString(ticket.Substring(11, len - 11));
string[] arr = kk.Split(new string[] { flag }, StringSplitOptions.RemoveEmptyEntries);
bool isPass = true;
int ledger = 0, uid = 0;
if (arr.Count() != 2)
{
msg = "Ticket信息错误";
isPass = false;
}
if (isPass == true)
{
ledger = CommFunc.ConvertDBNullToInt32(arr[0]) - seed;
uid = CommFunc.ConvertDBNullToInt32(arr[1]) - seed;
if (ledger <= 0 && uid < 0)
{
msg = "Ticket包含错误信息";
isPass = false;
}
}
if (isPass == true)
{
string ccKey = ledger.ToString() + "A" + uid.ToString();
string ss = HttpContext.Current.Request.RawUrl;
if (ss.Contains("api/ExpApp/"))
{
ccKey = ledger.ToString() + "APP" + uid.ToString();
}
else if (ss.Contains("api/ExpAdminApp/"))
{
ccKey = ledger.ToString() + "AdminApp" + uid.ToString();
}
user = HttpRuntime.Cache.Get(ccKey) as CacheUser;
}
//int seed = CommFunc.ConvertDBNullToInt32(ticket.Substring(10, 3));
//int uid = CommFunc.ConvertDBNullToInt32(ticket.Substring(13, 7)) - seed;
//user = HttpRuntime.Cache.Get(uid.ToString()) as CacheUser;
}
}
else
{
msg = "没有Ticket信息";
}
}
//if (user == null && HttpContext.Current.Request.Url.Host.ToLower().Equals("localhost"))
//{/*本地代码执行*/
// user = new CacheUser();
// user.Ledger = WebConfig.Ledger;
// user.Uid = 1;
//}
return(user);
}