public void OnAuthorization(AuthorizationFilterContext filterContext)
{
filterContextInfo = new FilterContextInfo(filterContext);
if (filterContextInfo.ControllerName == "Base")
{
throw new Exception("禁止访问基类控制器");
}
//不用检查
if (Anonymous)
{
return;
}
#region 检查认证
try
{
string token = filterContext.HttpContext.Request.Headers["cat-token"];
try
{
if (string.IsNullOrEmpty(token))
{
throw new Exception("用户身份认证未通过[token不能为空],请求数据失败");
}
token = AesHelper.AesDecrypt(token);
var auth = Serializer.JsonDeserialize <Cat.M.Book.Models.ModelBinder.ReturnModels.BookAuth>(token);
if (string.IsNullOrEmpty(auth.Openid))
{
throw new Exception("用户身份认证未通过[找不到指定的openid],请求数据失败");
}
}
catch (Exception ex)
{
if (string.IsNullOrEmpty(ex.Message))
{
throw new Exception("用户身份认证未通过,请求数据失败");
}
else
{
throw ex;
}
}
}
catch (Exception ex)
{
Microsoft.AspNetCore.Mvc.ContentResult contentResult = new Microsoft.AspNetCore.Mvc.ContentResult();
contentResult.Content = ActionRes.Fail(ex.Message).ToJson();
filterContext.Result = contentResult;
return;
}
#endregion
}
// OnActionExecuted 在执行操作方法后由 ASP.NET MVC 框架调用。
// OnActionExecuting 在执行操作方法之前由 ASP.NET MVC 框架调用。
// OnResultExecuted 在执行操作结果后由 ASP.NET MVC 框架调用。
// OnResultExecuting 在执行操作结果之前由 ASP.NET MVC 框架调用。
/// <summary>
/// 在执行操作方法之前由 ASP.NET MVC 框架调用。
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
//检查是否免检页面
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
if (skipAuthorization)
{
return;
}
#region 是否已经登陆
var user = filterContext.HttpContext.User;
userName = filterContext.HttpContext.User.Identity.Name;//取得当前用户名
if (filterContext.HttpContext.Session["Employee"] == null || user == null || !user.Identity.IsAuthenticated)
{
filterContext.HttpContext.Session.RemoveAll();
isState = false;
filterContext.Result = new ContentResult {
Content = @"抱歉,您还未登录!"
};
filterContext.Result = new HttpUnauthorizedResult();
return;
}
else
{
isState = true;
}
#endregion
#region
#endregion
#region 权限验证
GetEmployee(filterContext);//得到当前员工信息
fcinfo = new FilterContextInfo(filterContext);
string actionName = fcinfo.ActionName; //获取域名
string contollerName = fcinfo.ControllerName; //获取 controllerName 名称
///检查操作权限
CheckAuth(Employees, actionName, contollerName);
if (isState)//如果满足
{
return;
// filterContext.Result = new HttpUnauthorizedResult();//直接URL输入的页面地址跳转到登陆页
// filterContext.Result = new RedirectResult("http://www.baidu.com");//也可以跳到别的站点
}
else
{
filterContext.Result = new ContentResult {
Content = @"抱歉,你不具有当前操作的权限!"
}; // 直接返回 return Content("抱歉,你不具有当前操作的权限!")
}
#endregion
}
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
filterContextInfo = new FilterContextInfo(filterContext);
if (filterContextInfo.ControllerName == "Base")
{
throw new Exception("禁止访问基类控制器");
}
////不用检查
//if (Anonymous)
//{
// return;
//}
//当类和方法都被标记【ApiAuthorizeFilterAttribute】,只取最后一个筛选器配置。即如果类和方法都被标记,则取的是方法上的筛选器
var thisClassObj = filterContext.Filters.Where(w => w.ToString().EndsWith("ApiAuthorizeFilterAttribute")).Last() as ApiAuthorizeFilterAttribute;
AuthorityIdentity = thisClassObj.AuthorityIdentity;
//标记为“匿名”的方法或类不用检查
if (AuthorityIdentity == AuthorityIdentityEnum.Anonymous)
{
return;
}
ErrorCode errorCode = ErrorCode.Default;
#region
try
{
try
{
//检查认证
//string authority = filterContext.HttpContext.Request.Headers["cat-book-antd-pro-authority"];
//string userid = filterContext.HttpContext.Request.Headers["cat-book-antd-pro-userid"];
string token = ApiHelper.AuthToken;
if (string.IsNullOrEmpty(token))
{
errorCode = ErrorCode.user_no_authority;
throw new Exception("用户身份认证未通过[token不能为空],请求数据失败");
}
token = AesHelper.AesDecrypt(token);
var auth = Serializer.JsonDeserialize <Cat.M.Book.Models.ModelBinder.ReturnModels.ApiAuth>(token);
if (string.IsNullOrEmpty(auth.User_Id))
{
errorCode = ErrorCode.user_no_authority;
throw new Exception("");
}
//if (auth.User_Id != userid) throw new Exception();
//检查用户状态
var user = Cat.M.Public.Services.AllServices.SysAccountService.GetSingle(w => w.User_Id == auth.User_Id);
if (user == null)
{
errorCode = ErrorCode.user_not_found;
throw new Exception("没有找到用户,可能已被删除");
}
if (user.Disable == true)
{
errorCode = ErrorCode.user_disabled;
throw new Exception("当前登录用户已被禁用,请找超级管理员解除");
}
if ((user.Password.Substring(0, 5) + user.Password.Substring(user.Password.Length - 5, 5)) != auth.Pwd_Incomplete)
{
errorCode = ErrorCode.user_pwd_modified;
throw new Exception("当前登录用户密码已修改,请重新登录");
}
if ((DateTime.Now - auth.LoginTime).TotalDays > Cat.Foundation.ConfigManager.CatSettings.LogonCredentialSaveDay)
{
errorCode = ErrorCode.user_logon_overdue;
throw new Exception("登录凭证已过期,您需要重新登录");
}
//检查授权
if (!user.Authority.Split(",", StringSplitOptions.RemoveEmptyEntries).Contains(AuthorityIdentityEnum.Administrator.ToString().ToLower()))
{
//当前登录用户没有管理员权限
if (AuthorityIdentity == AuthorityIdentityEnum.Administrator)
{
//当前访问的类或方法被标记为管理员
throw new Exception("当前登录用户没有权限进行此操作");
}
}
}
catch (Exception ex)
{
if (string.IsNullOrEmpty(ex.Message))
{
throw new Exception("用户身份认证未通过,请求数据失败");
}
else
{
throw ex;
}
}
}
catch (Exception ex)
{
Microsoft.AspNetCore.Mvc.ContentResult contentResult = new Microsoft.AspNetCore.Mvc.ContentResult();
contentResult.Content = ActionRes.Fail((int)errorCode, ex.Message).ToJson();
filterContext.Result = contentResult;
return;
}
#endregion
}
