public static Credential Login(IAuthentication authentication, ICredentialProvider credentialProvider, string identity, string password, string @namespace, bool isRemember, out string redirectUrl) { if (authentication == null) { throw new ArgumentNullException("authentication"); } if (credentialProvider == null) { throw new ArgumentNullException("credentialProvider"); } //进行身份验证(即验证身份标识和密码是否匹配) var result = authentication.Authenticate(identity, password, @namespace); //注册用户凭证 var credential = credentialProvider.Register(result.User, AuthenticationUtility.GetScene(), (result.HasParameters ? result.Parameters : null)); //将注册成功的用户凭证保存到Cookie中 AuthenticationUtility.SetCredentialCookie(credential, isRemember ? TimeSpan.FromDays(7) : TimeSpan.Zero); object redirectObject = null; //如果验证事件中显式指定了返回的URL,则使用它所指定的值 if (result.HasParameters && result.Parameters.TryGetValue("RedirectUrl", out redirectObject) && redirectObject != null) { redirectUrl = redirectObject.ToString(); } else //返回重定向的路径中 { redirectUrl = AuthenticationUtility.GetRedirectUrl(credential.Scene); } return(credential); }
public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext) { if (AuthenticationUtility.IsAuthenticated || AuthenticationUtility.GetAuthorizationMode(filterContext.ActionDescriptor) == AuthorizationMode.Anonymous) { return; } var url = Utility.RepairQueryString(Zongsoft.Web.Security.AuthenticationUtility.GetLoginUrl(), filterContext.HttpContext.Request.Url.Query); url = Utility.RepairQueryString(url, "?ReturnUrl=" + Uri.EscapeDataString(filterContext.HttpContext.Request.RawUrl)); filterContext.Result = new RedirectResult(url); }
public void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext) { //获取授权验证的声明描述 var attribute = AuthenticationUtility.GetAuthorizationAttribute(filterContext.ActionDescriptor, filterContext.RequestContext); //忽略授权验证 if (attribute == null || attribute.Mode == AuthorizationMode.Anonymous) { return; } //如果连身份验证都未通过则返回身份验证失败并退出 if (!AuthenticationUtility.IsAuthenticated) { filterContext.Result = new HttpUnauthorizedResult(); return; } //进行凭证验证(确保凭证是未过期并且可用的) filterContext.Result = this.ValidateCredential(filterContext.HttpContext, filterContext.HttpContext.User as CredentialPrincipal, attribute.GetValidator()); //如果返回的结果不为空则退出 if (filterContext.Result != null) { return; } //获取当前请求对应的用户编号 var userId = ((CredentialPrincipal)filterContext.HttpContext.User).Identity.Credential.User.UserId; switch (attribute.Mode) { case AuthorizationMode.Identity: if (attribute.Roles != null && attribute.Roles.Length > 0) { //如果当前用户即不属于系统管理员也不属于指定角色的成员,则返回验证失败的响应 if (!this.MemberProvider.InRoles(userId, Role.Administrators) && !this.MemberProvider.InRoles(userId, attribute.Roles)) { filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden); } } break; case AuthorizationMode.Requires: //执行授权验证操作,如果验证失败则返回验证失败的响应 if (!this.Authorization.Authorize(userId, attribute.SchemaId, attribute.ActionId)) { filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden); } break; } }
public static Credential Login(IAuthenticator authenticator, ICredentialProvider credentialProvider, string identity, string password, string @namespace, bool isRemember, out string redirectUrl) { if (authenticator == null) { throw new ArgumentNullException(nameof(authenticator)); } if (credentialProvider == null) { throw new ArgumentNullException(nameof(credentialProvider)); } System.Collections.Generic.IDictionary <string, object> parameters = new System.Collections.Generic.Dictionary <string, object>(StringComparer.OrdinalIgnoreCase); //进行身份验证(即验证身份标识和密码是否匹配) var user = authenticator.Authenticate(identity, password, @namespace, null, ref parameters); //构建用户凭证 var credential = new Credential(user, AuthenticationUtility.GetScene(), TimeSpan.FromHours(2), parameters); //注册用户凭证 credentialProvider.Register(credential); //将注册成功的用户凭证保存到Cookie中 AuthenticationUtility.SetCredentialCookie(credential, isRemember ? TimeSpan.FromDays(7) : TimeSpan.Zero); object redirectObject = null; //如果验证事件中显式指定了返回的URL,则使用它所指定的值 if (parameters != null && parameters.TryGetValue("RedirectUrl", out redirectObject) && redirectObject != null) { redirectUrl = redirectObject.ToString(); } else //返回重定向的路径中 { redirectUrl = AuthenticationUtility.GetRedirectUrl(credential.Scene); } return(credential); }
private ActionResult ValidateCredential(HttpContextBase httpContext, CredentialPrincipal principal, Common.IValidator <Credential> validator) { //获取凭证提供者服务 var credentialProvider = this.CredentialProvider; if (credentialProvider == null) { throw new MissingMemberException(this.GetType().FullName, "CredentialProvider"); } //如果指定的主体为空,或对应的凭证编号不存在,或对应的凭证已过期则返回未验证结果 if (principal == null || principal.Identity == null || !credentialProvider.Validate(principal.Identity.CredentialId)) { return(new HttpUnauthorizedResult()); } //使用凭证验证器对指定的凭证进行验证,如果验证失败 if (validator != null && !validator.Validate(principal.Identity.Credential)) { //如果当前请求的路径是主页,并且是从登录页面跳转而来的返回特定的结果 if (httpContext.Request.Path == "/" && httpContext.Request.UrlReferrer != null && string.Equals(httpContext.Request.UrlReferrer.LocalPath, AuthenticationUtility.GetLoginUrl(), StringComparison.OrdinalIgnoreCase)) { return(new HttpStatusCodeResult(444, "Invalid Credential")); } return(new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden)); } //返回空,表示成功 return(null); }