/// <summary>
/// 登錄接口
/// </summary>
/// <param name="appKey">應用程式key.</param>
/// <param name="username">使用者名稱</param>
/// <param name="pwd">密碼</param>
/// <returns>System.String.</returns>
public LoginResult Login(string appKey, string username, string pwd)
{
if (_appConfiguration.Value.IsIdentityAuth)
{
return(new LoginResult
{
Code = 500,
Message = "接口啟動了OAuth認證,暫時不能使用該方式登錄"
});
}
var result = _loginParse.Do(new PassportLoginRequest
{
AppKey = appKey,
Account = username,
Password = pwd
});
var log = new SysLog
{
Content = $"使用者登錄,結果:{result.Message}",
Result = result.Code == 200 ? 0 : 1,
CreateId = username,
CreateName = username,
TypeName = "登錄日誌"
};
_logApp.Add(log);
return(result);
}
public void OnActionExecuting(ActionExecutingContext context)
{
var description =
(Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor;
var Controllername = description.ControllerName.ToLower();
var Actionname = description.ActionName.ToLower();
//匿名标识
var authorize = description.MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
if (authorize != null)
{
return;
}
if (!_authUtil.CheckLogin())
{
context.HttpContext.Response.StatusCode = 401;
context.Result = new JsonResult(new Response
{
Code = 401,
Message = "认证失败,请提供认证信息"
});
}
_logApp.Add(new SysLog
{
Content = $"用户访问",
Href = $"{Controllername}/{Actionname}",
CreateName = _authUtil.GetUserName(),
CreateId = _authUtil.GetCurrentUser().User.Id,
TypeName = "访问日志"
});
}
public void OnActionExecuting(ActionExecutingContext context)
{
var description =
(Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor;
//添加有允许匿名的Action,可以不用登录访问,如Login/Index
var anonymous = description.MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
if (anonymous != null)
{
return;
}
if (!_authUtil.CheckLogin())
{
context.Result = new RedirectResult("/Login/Index");
return;
}
//------------------------以下内容都需要登录--------------------------------------------
//如果是ajax请求的,跳过模块授权认证
var headers = context.HttpContext.Request.Headers;
var xreq = headers.ContainsKey("x-requested-with");
if (xreq && headers["x-requested-with"] == "XMLHttpRequest")
{
return;
}
var Controllername = description.ControllerName.ToLower();
var Actionname = description.ActionName.ToLower();
//控制器白名单,在该名单中的控制器,需要登录,但不需要授权
var whiteController = new[] { "usersession", "home", "redirects" };
if (whiteController.Contains(Controllername))
{
return;
}
var currentModule = _authUtil.GetCurrentUser().Modules.FirstOrDefault(u => u.Url.ToLower().Contains(Controllername));
//当前登录用户没有Action记录
if (currentModule == null)
{
context.Result = new RedirectResult("/Error/Auth");
}
_logApp.Add(new SysLog
{
Content = $"用户访问",
Href = $"{Controllername}/{Actionname}",
CreateName = _authUtil.GetUserName(),
CreateId = _authUtil.GetCurrentUser().User.Id,
TypeName = "访问日志"
});
}
public string Add(SysLog obj)
{
try
{
_app.Add(obj);
}
catch (Exception ex)
{
Result.Code = 500;
Result.Message = ex.Message;
}
return(JsonHelper.Instance.Serialize(Result));
}
public Response Add(Syslog obj)
{
var result = new Response();
try
{
_app.Add(obj);
}
catch (Exception ex)
{
result.Code = 500;
result.Message = ex.InnerException?.Message ?? ex.Message;
}
return(result);
}
public void OnActionExecuting(ActionExecutingContext context)
{
var description =
(Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor;
//新增有允許匿名的Action,可以不用登錄訪問,如Login/Index
var anonymous = description.MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
if (anonymous != null)
{
return;
}
if (!_authUtil.CheckLogin())
{
context.Result = new RedirectResult("/Login/Index");
return;
}
//------------------------以下內容都需要登錄--------------------------------------------
//如果是ajax請求的,跳過模組授權認證
var headers = context.HttpContext.Request.Headers;
var xreq = headers.ContainsKey("x-requested-with");
if (xreq && headers["x-requested-with"] == "XMLHttpRequest")
{
return;
}
var Controllername = description.ControllerName.ToLower();
var Actionname = description.ActionName.ToLower();
//控制器白名單,在該名單中的控制器,需要登錄,但不需要授權
var whiteController = new[] { "usersession", "home", "redirects" };
if (whiteController.Contains(Controllername))
{
return;
}
//URL白名單
var whiteurls = new[] { "usermanager/changepassword", "usermanager/profile" };
if (whiteurls.Contains(Controllername + "/" + Actionname))
{
return;
}
var currentModule = _authUtil.GetCurrentUser().Modules.FirstOrDefault(u => u.Url.ToLower().Contains(Controllername));
//當前登錄使用者沒有Action記錄
if (currentModule == null)
{
context.Result = new RedirectResult("/Error/Auth");
}
_logApp.Add(new SysLog
{
Content = $"使用者訪問",
Href = $"{Controllername}/{Actionname}",
CreateName = _authUtil.GetUserName(),
CreateId = _authUtil.GetCurrentUser().User.Id,
TypeName = "訪問日誌"
});
}
