/*public async Task<string> GetLogoutUrl(SystemLoginEndpoint endpoint, string strToken) * { * //验证JWT是否正确 * var jwtResult = _securityService.ValidateJWT(endpoint.SecretKey, strToken); * if (!jwtResult.ValidateResult.Result) * { * var fragment = new TextFragment() * { * Code = TextCodes.SystemLoginEndpointTokenValidateError, * DefaultFormatting = "名称为{0}的系统登录终结点验证令牌字符串{1}失败,失败原因{2}", * ReplaceParameters = new List<object>() { endpoint.Name, strToken, jwtResult.ValidateResult.Description } * }; * * //验证未通过,抛出异常 * throw new UtilityException((int)Errors.SystemLoginEndpointTokenValidateError,fragment); * } * * //从JWT字符串中获取令牌相关信息 * Dictionary<string, string> jwtInfo = jwtResult.Playload; * //查找验证终结点名称 * if (!jwtInfo.TryGetValue("AuthorizationName", out string strAuthorizationName)) * { * var fragment = new TextFragment() * { * Code = TextCodes.NotFoundInfoInSystemLoginEndpointTokenByName, * DefaultFormatting = "名称为{0}的系统登录终结点验证令牌字符串{1}中,找不到名称为{2}的信息", * ReplaceParameters = new List<object>() { endpoint.Name, strToken, "AuthorizationName" } * }; * * throw new UtilityException((int)Errors.NotFoundInfoInSystemLoginEndpointTokenByName, fragment); * } * //查找用户信息键值对 * if (!jwtInfo.TryGetValue("UserInfoAttributes", out string strUserInfoAttributes)) * { * var fragment = new TextFragment() * { * Code = TextCodes.NotFoundInfoInSystemLoginEndpointTokenByName, * DefaultFormatting = "名称为{0}的系统登录终结点验证令牌字符串{1}中,找不到名称为{2}的信息", * ReplaceParameters = new List<object>() { endpoint.Name, strToken, "UserInfoAttributes" } * }; * * throw new UtilityException((int)Errors.NotFoundInfoInSystemLoginEndpointTokenByName, fragment); * } * * * //查询出该登录终结点关联的验证终结点中相同名称的验证终结点 * //调用验证终结点的获取登出url方法 * var authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, strAuthorizationName); * if (authorizationEndpoint == null) * { * var fragment = new TextFragment() * { * Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, * DefaultFormatting = "名称为{0}的系统登录终结点中,找不到名称为{1}的关联认证终结点", * ReplaceParameters = new List<object>() { endpoint.Name, strAuthorizationName } * }; * * throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, fragment); * } * * var userInfoAttributes=JsonSerializerHelper.Deserialize<Dictionary<string, string>>(strUserInfoAttributes); * if (userInfoAttributes==null) * { * userInfoAttributes = new Dictionary<string, string>(); * } * * return await authorizationEndpoint.GetLogoutUrl(userInfoAttributes); * } */ public async Task <string> GetCommonToken(SystemLoginEndpoint endpoint, string authorizationName, string userName, string password) { //找到关联的验证终结点 var authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, authorizationName); if (authorizationEndpoint == null) { var fragment = new TextFragment() { Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, DefaultFormatting = "名称为{0}的系统登录终结点中,找不到名称为{1}的关联认证终结点", ReplaceParameters = new List <object>() { endpoint.Name, authorizationName } }; throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, fragment); } var authResult = await authorizationEndpoint.GetSystemTokenByPassword(endpoint, userName, password); var commonToken = new CommonToken() { SystemName = endpoint.Name, AuthorizationName = authorizationName, UserInfoAttributes = authResult.Attributes }; //生成通用令牌的JWT字符串 var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>() { { "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) } }, endpoint.ExpireSecond); return(strCommonToken); }
public async Task <string> GetCommonToken(SystemLoginEndpoint endpoint, HttpRequest request) { //从request的query中获取authname if (!request.Query.TryGetValue("authname", out StringValues strAuthName)) { var fragment = new TextFragment() { Code = TextCodes.NotFoundAuthNameQuerystringInAuthRedirectUrl, DefaultFormatting = "名称为{0}的系统登录终结点的第三方认证系统回调请求处理中,回调请求的Url中不包含authname参数,回调请求的Url为{1}", ReplaceParameters = new List <object>() { endpoint.Name, request.Path.Value } }; throw new UtilityException((int)Errors.NotFoundAuthNameQuerystringInAuthRedirectUrl, fragment); } //根据authname获取登录终结点下面关联的验证终结点 AuthorizationEndpoint authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, strAuthName[0]); if (authorizationEndpoint == null) { var fragment = new TextFragment() { Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback, DefaultFormatting = "名称为{0}的系统登录终结点中,找不到可以处理从第三方认证系统回调请求的关联认证终结点,请求url为{1}", ReplaceParameters = new List <object>() { endpoint.Name, request.Path.Value } }; throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback, fragment); } //调用验证终结点的方法,获取实际的重定向地址 string redirectUrl = await authorizationEndpoint.GetRealRedirectUrl(request); //验证客户端重定向地址 await validateClientRedirectUrl(endpoint, redirectUrl); //调用验证终结点的方法,获取第三方登陆系统处理后产生的键值对 var authResult = await authorizationEndpoint.GetSystemAttributes(endpoint, request); //生成最终要重定向回接入方的Url var commonToken = new CommonToken() { SystemName = endpoint.Name, AuthorizationName = authorizationEndpoint.Name, UserInfoAttributes = authResult.Attributes }; //生成通用令牌的JWT字符串 var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>() { { "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) } }, endpoint.ExpireSecond); //生成重定向回接入方系统的地址 var strReturnUrl = QueryHelpers.AddQueryString(redirectUrl, authResult.AdditionalRedirectUrlQueryAttributes); strReturnUrl = QueryHelpers.AddQueryString(strReturnUrl, "commontoken", strCommonToken); return(strReturnUrl); }
/// <summary> /// 获取通用令牌 /// 返回结果有两种情况 /// 1,直接获取通用令牌,返回重定向回接入方系统的地址,该地址包含通用令牌的字符串信息 /// 2,需要重定向到第三方认证系统,返回第三方认证系统的地址 /// </summary> /// <param name="endpoint"></param> /// <param name="authorizationName">验证终结点名称</param> /// <param name="returnUrl">接入方系统的重定向地址</param> /// <returns>获取通用令牌动作的结果</returns> public async Task <GetCommonTokenResult> GetCommonToken(SystemLoginEndpoint endpoint, string authorizationName, string returnUrl) { //验证客户端重定向地址 await validateClientRedirectUrl(endpoint, returnUrl); //找到关联的验证终结点 var authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, authorizationName); if (authorizationEndpoint == null) { var fragment = new TextFragment() { Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, DefaultFormatting = "名称为{0}的系统登录终结点中,找不到名称为{1}的关联认证终结点", ReplaceParameters = new List <object>() { endpoint.Name, authorizationName } }; throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointByName, fragment); } //生成验证中心重定向地址 var sysUrl = GenerateSystemLoginUrl(endpoint, authorizationEndpoint); //var serviceReturnUrl = $"{endpoint.BaseUrl}?returnurl={WebUtility.UrlEncode(returnUrl)}"; //调用认证终结点的获取系统令牌的方法 var authResult = await authorizationEndpoint.GetSystemToken(endpoint, sysUrl, returnUrl); //从接入方系统的returnUrl上面获取Querystring的键值对 //从请求中获取querystring,将它转成键值对 Dictionary <string, string> returnUrlKV = new Dictionary <string, string>(); Uri returnUrlUri = new Uri(returnUrl); var dictKV = QueryHelpers.ParseQuery(returnUrlUri.Query); foreach (var item in dictKV) { returnUrlKV.Add(item.Key, item.Value[0]); } GetCommonTokenResult result = new GetCommonTokenResult(); if (authResult.Direct) { //组装结果 result.Direct = true; var commonToken = new CommonToken() { SystemName = endpoint.Name, AuthorizationName = authorizationName, UserInfoAttributes = authResult.TokenResult.Attributes }; //生成通用令牌的JWT字符串 var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>() { { "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) } }, endpoint.ExpireSecond); //生成重定向回接入方系统的地址 var strReturnUrl = QueryHelpers.AddQueryString(returnUrl, authResult.TokenResult.AdditionalRedirectUrlQueryAttributes); strReturnUrl = QueryHelpers.AddQueryString(strReturnUrl, "commontoken", strCommonToken); result.CommonTokenRedirectUrl = strReturnUrl; } else { result.Direct = false; result.RedirectUrl = authResult.RedirectUrl; } return(result); }