public async Task <IActionResult> ChangeRole(Guid Id)
{
ViewData["DataType"] = typeof(UserAccountBusinessRole);
if (Id != null)
{
var userAccountRole = await userAccountBusiness.GetRoles(Id.ToString());
ViewData["DataModel"] = userAccountRole;
}
return(View());
}
public async Task <IActionResult> CreateAdminUser([FromBody] CaRegisterModel model)
{
var UserId = HttpContext.Session.GetString(UserAccountBusiness.UserAccountSessionkey);
var hasAdmin = await userAccountBusiness.CheckAdminAccount();
ApiMessage apiMsg;
if (!hasAdmin)
{
apiMsg = await ApiMessage.Wrap(async() =>
{
var resultTuple = await userAccountBusiness.RegisterUserAdminNamePwd(model);
HttpContext.Session.Set
(UserAccountBusiness.UserAccountSessionkey,
Encoding.UTF8.GetBytes(resultTuple.Item3));
await HttpContext.Session.CommitAsync();
await SetAuth(resultTuple.Item3);
return(resultTuple.Item3);
});
}
else
{
var roles = await userAccountBusiness.GetRoles(UserId);
var hasAdminLogin = roles?.Any(c => c == UserAccountBusiness.AdminUserRoleKey) ?? false;
if (hasAdminLogin)
{
apiMsg = await ApiMessage.Wrap(async() =>
{
var resultTuple = await userAccountBusiness.RegisterUserNamePwd(model, UserAccountBusiness.AdminUserRoleKey);
HttpContext.Session.Set
(UserAccountBusiness.UserAccountSessionkey,
Encoding.UTF8.GetBytes(resultTuple.Item3));
await HttpContext.Session.CommitAsync();
await SetAuth(resultTuple.Item3);
return(resultTuple.Item3);
});
}
else
{
apiMsg = new ApiMessage();
apiMsg.SetFault("用户权限不足");
}
}
return(Json(apiMsg));
}
public async Task OnPageHandlerExecutionAsync(PageHandlerExecutingContext context, PageHandlerExecutionDelegate next)
{
try
{
await context.HttpContext.Session.LoadAsync();
byte[] storeData;
var loginPage = context.HttpContext.Request.Path.Value.Contains("/Account/Login");
if (loginPage)
{
await next();
}
else
{
if (context.HttpContext.Session.TryGetValue(UserAccountBusiness.UserAccountSessionkey, out storeData))
{
var strValue = Encoding.UTF8.GetString(storeData);
if (!string.IsNullOrEmpty(strValue))
{
var roles = await userAccountBusiness.GetRoles(strValue);
if (roles.Any(x => targetRoleList.Any(c => c == x)))
{
await next();
}
else
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
else
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
else
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
}
catch (Exception exc)
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
try
{
await context.HttpContext.Session.LoadAsync();
byte[] storeData;
var type = context.ActionDescriptor.GetType();
var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
// var hasIgnore = type.CustomAttributes.Any(x => x.AttributeType == typeof(PageIgnoreAttribute));
bool hasIgnore = actionDescriptor.MethodInfo
.GetCustomAttributes(typeof(PageIgnoreAttribute), false)
.Any();
var requestType = context.HttpContext.Request.Headers["RequestType"];
if (hasIgnore)
{
await next();
return;
}
var loginPage = context.HttpContext.Request.Path.Value.Contains("/Account/Login");
if (loginPage)
{
await next();
}
else
{
var apiMsg = new ApiMessage
{
ErrorCode = "503",
Message = "No Auth"
};
if (context.HttpContext.Session.TryGetValue(UserAccountBusiness.UserAccountSessionkey, out storeData))
{
var strValue = Encoding.UTF8.GetString(storeData);
if (!string.IsNullOrEmpty(strValue))
{
var roles = await userAccountBusiness.GetRoles(strValue);
if (roles.Any(x => targetRoleList.Any(c => c == x)))
{
await next();
}
else
{
if (!string.IsNullOrEmpty(requestType))
{
context.HttpContext.Response.ContentType = "application/json";
await context.HttpContext.Response.WriteAsync(Newtonsoft.Json.JsonConvert.SerializeObject(apiMsg));
}
else
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
}
else
{
if (!string.IsNullOrEmpty(requestType))
{
context.HttpContext.Response.ContentType = "application/json";
await context.HttpContext.Response.WriteAsync(Newtonsoft.Json.JsonConvert.SerializeObject(apiMsg));
}
else
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
}
else
{
if (!string.IsNullOrEmpty(requestType))
{
context.HttpContext.Response.ContentType = "application/json";
await context.HttpContext.Response.WriteAsync(Newtonsoft.Json.JsonConvert.SerializeObject(apiMsg));
}
else
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
}
}
catch (Exception exc)
{
context.HttpContext.Response.Redirect("/Account/Login?return_url=" + context.HttpContext.Request.Path);
}
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var accessToken = context.HttpContext.Request.Headers["AccessToken"];
var identity = new System.Security.Claims.ClaimsIdentity();
if (!string.IsNullOrEmpty(accessToken))
{
var resultDocument = await distributedCache.GetValue <string>(accessToken);
if (resultDocument.ExpireTime > DateTime.Now)
{
if (!string.IsNullOrEmpty(resultDocument.Value))
{
//var identity = new System.Security.Claims.ClaimsIdentity();
identity.AddClaim(new System.Security.Claims.Claim("OryxUser", resultDocument.Value));
context.HttpContext.User.AddIdentity(identity);
var roles = await userAccountBusiness.GetRoles(resultDocument.Value);
if (roles.Any(x => targetRoleList.Any(c => c == x)))
{
await next();
}
else
{
context.Result = new JsonResult(new ApiMessage
{
Success = false,
Message = "Not in role",
ErrorCode = "503"
});
}
}
else
{
context.Result = new JsonResult(new ApiMessage
{
Success = false,
Message = "Permission Empty",
ErrorCode = "503"
});
}
}
else
{
context.Result = new JsonResult(new ApiMessage
{
Success = false,
Message = "Permission Expired",
ErrorCode = "503"
});
}
}
else
{
context.Result = new JsonResult(new ApiMessage
{
Success = false,
Message = "Permission denied",
ErrorCode = "503"
});
}
}