public static Credential Login(IAuthentication authentication, ICredentialProvider credentialProvider, string identity, string password, string @namespace, bool isRemember, out string redirectUrl)
{
if (authentication == null)
{
throw new ArgumentNullException("authentication");
}
if (credentialProvider == null)
{
throw new ArgumentNullException("credentialProvider");
}
//进行身份验证(即验证身份标识和密码是否匹配)
var result = authentication.Authenticate(identity, password, @namespace);
//注册用户凭证
var credential = credentialProvider.Register(result.User, AuthenticationUtility.GetScene(), (result.HasParameters ? result.Parameters : null));
//将注册成功的用户凭证保存到Cookie中
AuthenticationUtility.SetCredentialCookie(credential, isRemember ? TimeSpan.FromDays(7) : TimeSpan.Zero);
object redirectObject = null;
//如果验证事件中显式指定了返回的URL,则使用它所指定的值
if (result.HasParameters && result.Parameters.TryGetValue("RedirectUrl", out redirectObject) && redirectObject != null)
{
redirectUrl = redirectObject.ToString();
}
else //返回重定向的路径中
{
redirectUrl = AuthenticationUtility.GetRedirectUrl(credential.Scene);
}
return(credential);
}
public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
{
if (AuthenticationUtility.IsAuthenticated || AuthenticationUtility.GetAuthorizationMode(filterContext.ActionDescriptor) == AuthorizationMode.Anonymous)
{
return;
}
var url = Utility.RepairQueryString(Zongsoft.Web.Security.AuthenticationUtility.GetLoginUrl(), filterContext.HttpContext.Request.Url.Query);
url = Utility.RepairQueryString(url, "?ReturnUrl=" + Uri.EscapeDataString(filterContext.HttpContext.Request.RawUrl));
filterContext.Result = new RedirectResult(url);
}
public void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
//获取授权验证的声明描述
var attribute = AuthenticationUtility.GetAuthorizationAttribute(filterContext.ActionDescriptor, filterContext.RequestContext);
//忽略授权验证
if (attribute == null || attribute.Mode == AuthorizationMode.Anonymous)
{
return;
}
//如果连身份验证都未通过则返回身份验证失败并退出
if (!AuthenticationUtility.IsAuthenticated)
{
filterContext.Result = new HttpUnauthorizedResult();
return;
}
//进行凭证验证(确保凭证是未过期并且可用的)
filterContext.Result = this.ValidateCredential(filterContext.HttpContext, filterContext.HttpContext.User as CredentialPrincipal, attribute.GetValidator());
//如果返回的结果不为空则退出
if (filterContext.Result != null)
{
return;
}
//获取当前请求对应的用户编号
var userId = ((CredentialPrincipal)filterContext.HttpContext.User).Identity.Credential.User.UserId;
switch (attribute.Mode)
{
case AuthorizationMode.Identity:
if (attribute.Roles != null && attribute.Roles.Length > 0)
{
//如果当前用户即不属于系统管理员也不属于指定角色的成员,则返回验证失败的响应
if (!this.MemberProvider.InRoles(userId, Role.Administrators) && !this.MemberProvider.InRoles(userId, attribute.Roles))
{
filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden);
}
}
break;
case AuthorizationMode.Requires:
//执行授权验证操作,如果验证失败则返回验证失败的响应
if (!this.Authorization.Authorize(userId, attribute.SchemaId, attribute.ActionId))
{
filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden);
}
break;
}
}
public static Credential Login(IAuthenticator authenticator, ICredentialProvider credentialProvider, string identity, string password, string @namespace, bool isRemember, out string redirectUrl)
{
if (authenticator == null)
{
throw new ArgumentNullException(nameof(authenticator));
}
if (credentialProvider == null)
{
throw new ArgumentNullException(nameof(credentialProvider));
}
System.Collections.Generic.IDictionary <string, object> parameters = new System.Collections.Generic.Dictionary <string, object>(StringComparer.OrdinalIgnoreCase);
//进行身份验证(即验证身份标识和密码是否匹配)
var user = authenticator.Authenticate(identity, password, @namespace, null, ref parameters);
//构建用户凭证
var credential = new Credential(user, AuthenticationUtility.GetScene(), TimeSpan.FromHours(2), parameters);
//注册用户凭证
credentialProvider.Register(credential);
//将注册成功的用户凭证保存到Cookie中
AuthenticationUtility.SetCredentialCookie(credential, isRemember ? TimeSpan.FromDays(7) : TimeSpan.Zero);
object redirectObject = null;
//如果验证事件中显式指定了返回的URL,则使用它所指定的值
if (parameters != null && parameters.TryGetValue("RedirectUrl", out redirectObject) && redirectObject != null)
{
redirectUrl = redirectObject.ToString();
}
else //返回重定向的路径中
{
redirectUrl = AuthenticationUtility.GetRedirectUrl(credential.Scene);
}
return(credential);
}
private ActionResult ValidateCredential(HttpContextBase httpContext, CredentialPrincipal principal, Common.IValidator <Credential> validator)
{
//获取凭证提供者服务
var credentialProvider = this.CredentialProvider;
if (credentialProvider == null)
{
throw new MissingMemberException(this.GetType().FullName, "CredentialProvider");
}
//如果指定的主体为空,或对应的凭证编号不存在,或对应的凭证已过期则返回未验证结果
if (principal == null || principal.Identity == null || !credentialProvider.Validate(principal.Identity.CredentialId))
{
return(new HttpUnauthorizedResult());
}
//使用凭证验证器对指定的凭证进行验证,如果验证失败
if (validator != null && !validator.Validate(principal.Identity.Credential))
{
//如果当前请求的路径是主页,并且是从登录页面跳转而来的返回特定的结果
if (httpContext.Request.Path == "/" && httpContext.Request.UrlReferrer != null && string.Equals(httpContext.Request.UrlReferrer.LocalPath, AuthenticationUtility.GetLoginUrl(), StringComparison.OrdinalIgnoreCase))
{
return(new HttpStatusCodeResult(444, "Invalid Credential"));
}
return(new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden));
}
//返回空,表示成功
return(null);
}
