private JToken GetToken(string cookieKey, NameValueCollection param)
{
var result = OAuthHelper.PostRequest(JwellConfig.GetAppSetting("baseInfoForTokenUrl"), param);
var value = JObject.Parse(result);
//取得Token存到Cookie里面
return(value[cookieKey]);
}
/// <summary>
/// 获取用户信息
/// </summary>
/// <param name="token"></param>
/// <param name="cookieKey"></param>
/// <returns></returns>
public static string GetUserInfo(string token, string cookieKey)
{
var param = new NameValueCollection
{
[cookieKey] = token
};
return(PostRequest(JwellConfig.GetAppSetting("tokenApplyForUserInfoUrl"), param));
}
/// <summary>
/// 回调
/// </summary>
/// <param name="code"></param>
/// <param name="state"></param>
/// <param name="returnUrl"></param>
/// <returns></returns>
public ActionResult AuthorizationCallBack(string code, string state, string returnUrl)
{
string cookieKey = JwellConfig.GetAppSetting("accessToken");
var stateCookie = Request.Cookies["state"];
//判断State是否一致
if (stateCookie != null && stateCookie.Value.Equals(state))
{
//stateCookie.Expires = DateTime.Now.AddDays(-1); //内存Cookie
//stateCookie.Path = JwellConfig.AppSettings("WebRootPath");
System.Web.HttpContext.Current.Response.AppendCookie(stateCookie);
var param = new NameValueCollection
{
["clientId"] = JwellConfig.GetAppSetting("clientId"),
["clientSecret"] = JwellConfig.GetAppSetting("clientSecret"),
["redirectUrl"] = JwellConfig.GetAppSetting("redirectUrl"),
["code"] = code,
["grantType"] = "authorizationCode"
};
//根据Code申请Token
var token = GetToken(cookieKey, param);
if (token != null)
{
int expireTime = 0;
int.TryParse(JwellConfig.GetAppSetting("codeExpire"), out expireTime);
var cookie = new HttpCookie(cookieKey, token.Value <string>())
{
//cookie过期时间固定设置为12小时,与token过期时间一致
Expires = DateTime.Now.AddHours(expireTime)
};
var userInfo = GetUserInfo(token.Value <string>(), cookieKey);
Request.RequestContext.HttpContext.Session["userContext"] = userInfo;
System.Web.HttpContext.Current.Response.AppendCookie(cookie);
if (returnUrl.Contains("~")) //解决前端URl存在#的问题
{
returnUrl = returnUrl.Replace("~", "#");
}
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index", "register"));
}
return(Redirect(returnUrl));
}
}
return(Redirect(OAuthHelper.GenerateLoginUrl(this.Url.Action("AuthorizationCallBack", "OAuth", null, Request.Url.Scheme),
$"http://{HttpContext.Request.Url.Authority}/register/index")));
}
/// <summary>
/// 回调
/// </summary>
/// <param name="code">此处code为employeeID</param>
/// <param name="state"></param>
/// <param name="returnUrl"></param>
/// <returns></returns>
public ActionResult AuthorizationCallBack(string code, string state, string returnUrl)
{
string cookieKey = JwellConfig.GetAppSetting("accessToken");
if (JwellConfig.GetAppSetting("scope") == ApplicationConstant.BASEINFO)
{
var param = new NameValueCollection
{
["clientId"] = JwellConfig.GetAppSetting("clientId"),
["clientSecret"] = JwellConfig.GetAppSetting("clientSecret"),
["code"] = code,
["grantType"] = "authorizationCode"
};
//根据Code申请Token
var token = GetToken(cookieKey, param);
if (token != null)
{
int expireTime = 0;
int.TryParse(JwellConfig.GetAppSetting("codeExpire"), out expireTime);
var cookie = new HttpCookie(cookieKey, token.Value <string>())
{
//cookie过期时间固定设置为12小时,与token过期时间一致
Expires = DateTime.Now.AddHours(expireTime)
};
var userInfo = GetUserInfo(token.Value <string>(), cookieKey);
Request.RequestContext.HttpContext.Session["userContext"] = userInfo;
System.Web.HttpContext.Current.Response.AppendCookie(cookie);
if (!string.IsNullOrWhiteSpace(returnUrl))
{
if (returnUrl.Contains("~")) //解决前端URl存在#的问题
{
returnUrl = returnUrl.Replace("~", "#");
}
}
else
{
return(RedirectToAction("Index", "Home"));
}
return(Redirect(returnUrl));
}
}
return(Redirect(OAuthHelper.GenerateLoginUrl(this.Url.Action("AuthorizationCallBack", "OAuth", null, Request.Url.Scheme),
$"http://{HttpContext.Request.Url.Authority}/Home/index")));
}
/// <summary>
/// 进行页面验证,查看Token是否存在
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.ActionDescriptor.GetCustomAttributes(false).Any(g => g.GetType() == typeof(AllowAnonymousAttribute)))
{
base.OnAuthorization(filterContext);
return;
}
var token = filterContext.HttpContext.Request.Cookies[JwellConfig.GetAppSetting("AccessToken")];
if (token != null && !string.IsNullOrEmpty(token.Value))
{
return;
}
var returnUri = filterContext.HttpContext.Request.Url.ToString();
var urlHelper = new UrlHelper(filterContext.RequestContext);
filterContext.Result = new RedirectResult(OAuthHelper.GenerateLoginUrl(urlHelper.Action("AuthorizationCallBack", "OAuth", null, filterContext.HttpContext.Request.Url.Scheme), returnUri));
}
/// <summary>
/// 参数验证
/// </summary>
/// <param name="responseType"></param>
/// <param name="scope"></param>
/// <returns></returns>
private bool Verification(string responseType, string scope)
{
bool isValid = true;
if (string.IsNullOrWhiteSpace(responseType) && string.IsNullOrWhiteSpace(scope))
{
isValid = false;
}
else
{
if (responseType != JwellConfig.GetAppSetting("responseType"))
{
isValid = false;
}
if (scope != JwellConfig.GetAppSetting("scope"))
{
isValid = false;
}
}
return(isValid);
}
/// <summary>
/// 登出方法
/// </summary>
public ActionResult LogOut()
{
string accessToken = JwellConfig.GetAppSetting("AccessToken");
StringBuilder fullLogoutUri = new StringBuilder().Append(JwellConfig.GetAppSetting("SSOLogoutUri"));
var cookies = HttpContext.Request.Cookies[accessToken];
if (cookies != null)
{
fullLogoutUri.Append("?").
Append(accessToken).Append("=").Append(cookies.Value);
cookies.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(cookies);
Request.Cookies.Remove(accessToken);
}
string result = HttpClientHelper.Post(fullLogoutUri.ToString(), string.Empty);
//返回系统首页
return(Redirect($"http://{HttpContext.Request.Url.Authority}"));
}
/// <summary>
/// 生成授权登录登录地址
/// </summary>
/// <returns></returns>
public static string GenerateLoginUrl(string authUri, string returnUrl)
{
// 用于防止跨站请求伪造(CSRF)攻击
var state = Guid.NewGuid().ToString("N");
var cookie = new HttpCookie("state", state)
{
//Path = JwellConfig.AppSettings("WebRootPath")
HttpOnly = true
};
HttpContext.Current.Response.AppendCookie(cookie);
var fullUri = new StringBuilder();
fullUri.AppendFormat("{0}?", JwellConfig.GetAppSetting("StateApplyForCodeUrl"))
.AppendFormat("responseType={0}", JwellConfig.GetAppSetting("responseType"))
.AppendFormat("&scope={0}", JwellConfig.GetAppSetting("scope"))
.AppendFormat("&clientId={0}", JwellConfig.GetAppSetting("clientId")) //项目标示
.AppendFormat("&redirectUrl={0}",
HttpUtility.UrlEncode(authUri, Encoding.UTF8)) //验证地址,申请Token,写入Cookie
.AppendFormat("&state={0}", state)
.AppendFormat("&returnUrl={0}", HttpUtility.UrlEncode(returnUrl, Encoding.UTF8)); //验证通过转跳地址
return(fullUri.ToString());
}
/// <summary>
/// 是否是有效域名
/// </summary>
/// <returns></returns>
protected bool IsValidDomainName()
{
return(HttpContext.Request.UrlReferrer.Host ==
JwellConfig.GetAppSetting("Host"));
}
