protected void HandleUnauthorizedRequest(ref AuthorizationContext filterContext)
{
UrlHelper urlHelper = null;
if (filterContext.Controller is Controller)
{
urlHelper = ((Controller)filterContext.Controller).Url;
}
else
{
urlHelper = new UrlHelper(filterContext.RequestContext);
}
bool isAjaxRequest = filterContext.RequestContext.HttpContext.Request.IsAjaxRequest();
Func<string, JsonResult> setResult = delegate(string msg)
{
DataResultBoolean response = new DataResultBoolean()
{
IsValid = false,
Message = msg,
MessageType = DataResultMessageType.Error,
Data = false
};
JsonResult result = new JsonResult();
result.Data = response;
return result;
};
if (!this.CheckSessionExpired(filterContext.HttpContext))
{
if (isAjaxRequest)
{
filterContext.Result = setResult($customNamespace$.Resources.General.GeneralTexts.SessionExpired);
}
else
{
filterContext.Result = new RedirectResult(ErrorUrlHelper.SessionExpired(urlHelper));
}
}
// break execution in case a result has been already set
if (filterContext.Result != null)
return;
if (!this.CheckIsAutohrized(filterContext.HttpContext))
{
if (isAjaxRequest)
{
filterContext.Result = setResult($customNamespace$.Resources.General.GeneralTexts.PermissionDenied);
}
else
{
filterContext.Result = new RedirectResult(ErrorUrlHelper.UnAuthorized(urlHelper));
}
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
var user = HttpContext.Current.User as ClaimsPrincipal;
var controllerGroup = filterContext.Controller.GetType().GetCustomAttribute<ClaimsGroupAttribute>();
if (controllerGroup == null)
{
return;
}
var actionClaim = (ClaimsActionAttribute)filterContext.ActionDescriptor.GetCustomAttributes(typeof(ClaimsActionAttribute), true).FirstOrDefault();
actionClaim = actionClaim ?? new ClaimsActionAttribute(ClaimsActions.Index);
var groupId = controllerGroup.GetGroupId();
var claimValue = actionClaim .Claim.ToString();
var hasClaim = user.HasClaim(groupId, claimValue);
if (!hasClaim)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary()
{
{ "controller", "errors" },
{ "action", "Unauthorised" },
{ "area", "" }
});
}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
if(!AuthHelper.IsAllowEnterAdminPlatform)
{
throw new HttpException(401, "您没有权限进行此操作!");
}
}
protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.Request.IsLocal)
{
base.HandleNonHttpsRequest(filterContext);
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
{
if (context.RequestContext.HttpContext.Request.Headers["X-Requested-With"] != "XMLHttpRequest")
{
context.Result = new RedirectResult("/account/sign-in");
}
}
public async Task HandleAsync(AuthorizationContext context)
{
foreach (var handler in context.Requirements.OfType<IAuthorizationHandler>())
{
await handler.HandleAsync(context);
}
}
public override bool CheckAccess(AuthorizationContext context)
{
var identity = context.Principal.Identity as IClaimsIdentity;
if (identity == null || !identity.IsAuthenticated)
{
return false;
}
var nameIdentifier = identity.Claims.FirstOrDefault(c => c.ClaimType == ClaimTypes.NameIdentifier);
if (nameIdentifier == null)
{
return false;
}
var resourceUri = new Uri(context.Resource.First().Value, UriKind.RelativeOrAbsolute);
foreach (var validator in this.storageRequestValidators)
{
if (validator.DoesRequestApply(resourceUri))
{
return validator.ValidateRequest(nameIdentifier.Value, HttpContext.Current.Request);
}
}
return base.CheckAccess(context);
}
public async Task HandleAsync(AuthorizationContext context)
{
if (await Handler(context))
{
context.Succeed(this);
}
}
// Override method
public override void OnAuthorization(AuthorizationContext filterContext)
{
// Get a reference to the user
var user = filterContext.HttpContext.User as ClaimsPrincipal;
// Matches (below) are case-insensitive
// Look for claims that match the incoming type
// The matchingClaims will be a collection of zero or more matching claims
var matchingClaims = user.Claims
.Where(c => c.Type.ToLower().Contains(ClaimType.ToLower()));
// Attempt to locate matching values
var matchedClaim = false;
foreach (var claim in matchingClaims)
{
if (claim.Value.ToLower() == ClaimValue.ToLower())
{
matchedClaim = true;
break;
}
}
if (matchedClaim)
{
// Yes, authorized
base.OnAuthorization(filterContext);
}
else
{
// No, not authorized
base.HandleUnauthorizedRequest(filterContext);
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
//you can change to any controller or html page.
//filterContext.Result = new RedirectResult("/Home/NaoAutorizado");
filterContext.Result = new RedirectResult("/Identificacao/Autenticacao/NaoAutorizado");
}
protected ActionResult CreateResult(AuthorizationContext filterContext)
{
var viewName = "~/Views/Shared/AccessDenied.cshtml";
return new PartialViewResult
{
ViewName = viewName
};
}
public void OnAuthorization(AuthorizationContext context)
{
context.Result = new ContentResult()
{
Content = "You are unauthorized!!",
StatusCode = 401
};
}
protected virtual void Fail(AuthorizationContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
context.Result = new HttpUnauthorizedResult();
}
protected virtual bool HasAllowAnonymous(AuthorizationContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
return context.Filters.Any(item => item is IAllowAnonymousFilter);
}
public bool Authorize(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
{
var authContext = new AuthorizationContext(requirements, user, resource);
foreach (var handler in _handlers)
{
handler.Handle(authContext);
}
return authContext.HasSucceeded;
}
public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements)
{
var authContext = new AuthorizationContext(requirements, user, resource);
foreach (var handler in _handlers)
{
await handler.HandleAsync(authContext);
}
return authContext.HasSucceeded;
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
filterContext.Controller.ValidateRequest = EnableValidation;
}
public void OnAuthorization(AuthorizationContext context)
{
var validPrincipal = new ClaimsPrincipal(
new ClaimsIdentity( new[] {
new Claim(ClaimTypes.Name, "Admin"),
new Claim(ClaimTypes.Role, "Administrator"),
}));
context.HttpContext.User = validPrincipal;
}
public override void OnAuthorization(AuthorizationContext context)
{
context.HttpContext.User = new ClaimsPrincipal(
new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.NameIdentifier, "John")},
"Basic"));
}
public virtual Task OnAuthorizationAsync(AuthorizationContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
OnAuthorization(context);
return TaskCache.CompletedTask;
}
public bool Authorize(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
{
var authContext = new AuthorizationContext(requirements, user, resource);
foreach (var handler in _handlers)
{
handler.Handle(authContext);
//REVIEW: Do we want to consider short circuiting on failure
}
return authContext.HasSucceeded;
}
public override bool CheckAccess(AuthorizationContext context)
{
"AuthorizationManager.CheckAccess\n".ConsoleYellow();
context.Principal.Identity.Name.ConsoleYellow();
ShowClaimsCollection(context.Resource, "Resource(s)");
ShowClaimsCollection(context.Action, "Action(s)");
return true;
}
/// <summary>
/// Checks the authorization policy.
/// </summary>
/// <param name="resource">The resource.</param>
/// <param name="action">The action.</param>
/// <param name="principal">The principal.</param>
/// <returns>true when authorized, otherwise false</returns>
public static bool CheckAccess(string resource, string action, IClaimsPrincipal principal)
{
Contract.Requires(!String.IsNullOrEmpty(resource));
Contract.Requires(!String.IsNullOrEmpty(action));
Contract.Requires(principal != null);
var context = new AuthorizationContext(principal, resource, action);
return AuthorizationManager.CheckAccess(context);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
var contextBase = filterContext.RequestContext.HttpContext;
if(contextBase.User.Identity.IsAuthenticated)
{
filterContext.Result = new ViewResult { ViewName = "~/Views/Shared/401.cshtml" };
}else
{
FormsAuthentication.RedirectToLoginPage(contextBase.Request.RawUrl);
}
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException(nameof(filterContext));
}
if (!filterContext.HttpContext.Request.IsHttps)
{
HandleNonHttpsRequest(filterContext);
}
}
public override Decision Evaluate(IEnumerable<IDecisionEvaluator> evaluators, AuthorizationContext context)
{
bool atLeastOneErrorD = false;
bool atLeastOneErrorP = false;
bool atLeastOneErrorDP = false;
bool atLeastOnePermit = false;
foreach (var decisionEvaluator in evaluators)
{
var decision = decisionEvaluator.Evaluate(context);
switch (decision)
{
case Decision.Deny:
return Decision.Deny;
case Decision.Permit:
atLeastOnePermit = true;
continue;
case Decision.NotApplicable:
continue;
case Decision.Indeterminate | Decision.Deny:
atLeastOneErrorD = true;
continue;
case Decision.Indeterminate | Decision.Permit:
atLeastOneErrorP = true;
continue;
case Decision.Indeterminate | Decision.Permit | Decision.Deny:
atLeastOneErrorDP = true;
continue;
}
}
if (atLeastOneErrorDP)
return Decision.Indeterminate | Decision.Permit;
if (atLeastOneErrorD && (atLeastOneErrorP || atLeastOnePermit))
return Decision.Indeterminate | Decision.Permit | Decision.Deny;
if (atLeastOneErrorD)
return Decision.Indeterminate | Decision.Deny;
if (atLeastOnePermit)
return Decision.Permit;
if (atLeastOneErrorP)
return Decision.Indeterminate | Decision.Permit;
return Decision.NotApplicable;
}
//Called when access is denied
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new {controller = "UserAccount", action = "Login", returnUrl = HttpContext.Current.Request.RawUrl }));
HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
}
else
filterContext.Result =
new RedirectToRouteResult(new RouteValueDictionary(new {controller = "Home", action = "Error"}));
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.IsChildAction)
{
throw Error.ChildActionOnlyAttribute_MustBeInChildRequest(filterContext.ActionDescriptor);
}
}
public void PropertiesAreSetByConstructor()
{
// Arrange
ControllerContext controllerContext = new Mock<ControllerContext>().Object;
ActionDescriptor actionDescriptor = new Mock<ActionDescriptor>().Object;
// Act
AuthorizationContext authorizationContext = new AuthorizationContext(controllerContext, actionDescriptor);
// Assert
Assert.Equal(actionDescriptor, authorizationContext.ActionDescriptor);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
var user = HttpContext.Current.User as ClaimsPrincipal;
if (user != null && user.Identity.IsAuthenticated && user.HasClaim(claimType, claimValue))
{
base.OnAuthorization(filterContext);
}
else
{
//base.HandleUnauthorizedRequest(filterContext);
filterContext.Result = new RedirectResult("~/Home/NotAuthorized");
}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
this.OnAuthorizationCalled = true;
}
protected override void Execute(AuthorizationContext context)
{
context.HasPermission = Provider.Get()
.HasOperationForProgram(_programId, EDefaultOperation.ReadDataAndAccessModule);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
(filterContext.Controller as MyController).Attribute_OnAuthorizationCalled = true;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.IsChildAction)
{
string controller = filterContext.RouteData.Values["controller"].ToString().ToLower();
string action = filterContext.RouteData.Values["action"].ToString().ToLower();
string returnUrl = filterContext.RequestContext.HttpContext.Request.Url.AbsoluteUri;
if (!((controller.Equals("home") && _lstActionNoneCheck.Contains(action)) || _lstControllerNoneCheck.Contains(controller)))
{
var username = HttpContext.Current.Session[Constant.SessionUsername];
if (username == null)
{
// Redirect to Login Page
FormsAuthentication.SignOut();
HttpContext.Current.Session[Constant.SessionPreviousUrl] = filterContext.HttpContext.Request.Url;
filterContext.Result = new RedirectResult("~/Home/Login");
}
else //nếu đang còn session
{
var user = _userService.GetUserByUsername(username.ToString());
if (user != null && user.IsActive)
{
var isAllowAccess = false;
bool IsStore = false; //Kiem tra accout login co phai store ko
bool IsAdmin = false;
bool IsCSKH = false;
var lstRoleId = _userService.GetLstRoleIdByUserId(user.Id);
HttpContext.Current.Session[Constant.SessionUserRole] = string.Join(",", lstRoleId);
if (lstRoleId != null && lstRoleId.Any())
{
if (lstRoleId.Contains(RoleEnum.Admin))
{
IsAdmin = true;
isAllowAccess = true;
}
if (lstRoleId.Contains(RoleEnum.Store))
{
IsStore = true;
}
if (lstRoleId.Contains(RoleEnum.SupplierEmployee))
{
IsCSKH = true;
}
//
if (lstRoleId.Contains(RoleEnum.Root))
{
isAllowAccess = true;
IsAdmin = true;
}
else
{
var lstMenu = _menuService.GetLstMenuByLstRoleId(lstRoleId);
if (lstMenu != null && lstMenu.Any())
{
Lib.Business.Models.DBContext.UsTransport.tblMenu menu = null;
if (action == "index")
{
menu = lstMenu.FirstOrDefault(x => (!string.IsNullOrEmpty(x.Controller) &&
x.Controller.ToLower().Equals(controller)));
}
else
{
menu = lstMenu.FirstOrDefault(x => (!string.IsNullOrEmpty(x.Controller) && !string.IsNullOrEmpty(x.Action) &&
x.Controller.ToLower().Equals(controller) &&
x.Action.ToLower().Equals(action)));
}
if (menu != null && menu.IsActive)
{
isAllowAccess = true;
}
}
}
}
if (isAllowAccess)
{
HttpContext.Current.Session[Constant.SessionUsername] = username;
HttpContext.Current.Session[Constant.SessionUserID] = user.Id;
if (IsStore)
{
Lib.Business.Models.DBContext.UsTransport.tblStoreAccount storeOfUser = _storeServices.SelectStoreByUserName(username.ToString());
if (storeOfUser != null)
{
HttpContext.Current.Session[Constant.SessionStoreID] = storeOfUser.id;
HttpContext.Current.Session[Constant.SessionStoreName] = storeOfUser.StoreName;
}
}
HttpContext.Current.Session[Constant.SessionIsAdmin] = IsAdmin;
HttpContext.Current.Session[Constant.SessionIsCSKH] = IsCSKH;
}
else
{
filterContext.Result = new HttpStatusCodeResult(403);
throw new HttpException(403, "Access Denied");
}
}
else
{
filterContext.Result = new RedirectResult("~/Home/Login");
}
}
}
}
}
/// <summary>
/// 响应前执行登录验证,查看当前用户是否有效
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
/*签名生成格式*/
/*md5(md5(appidplatform=androidtimestamp=1611907265000version=1.2.0appid)+"174PYR5Wwtce") 最后转为小写 参数放在header里面 参数名sign*/
string ActionName = filterContext.RouteData.Values["action"].ToString().ToLower();
//登录拦截是否忽略
if (_customMode == FilterMode.Ignore || nosign.Contains(ActionName))
{
return;
}
var attrNeeds = filterContext.ActionDescriptor.GetCustomAttributes(typeof(NoNeedLoginAttribute), false);
if (!attrNeeds.IsEmpty() && attrNeeds.Count() > 0)
{
//NoNeedLoginAttribute needPass = attrNeeds[0] as NoNeedLoginAttribute;
return;
}
string token = filterContext.HttpContext.Request.Headers["token"]; //用户登录token
string platform = filterContext.HttpContext.Request.Headers["platform"]; //平台类型
string appid = filterContext.HttpContext.Request.Headers["appid"]; //appid
string timestamp = filterContext.HttpContext.Request.Headers["timestamp"]; //时间戳
string version = filterContext.HttpContext.Request.Headers["version"]; //版本号
string sign = filterContext.HttpContext.Request.Headers["sign"]; //请求签名
DateTime currentTime = DateTime.Now;
ResParameter modelResult = new ResParameter();
//参数判断
if (filterContext.HttpContext.Request.Headers["appid"] == null)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "缺少appid参数!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
else if (filterContext.HttpContext.Request.Headers["timestamp"] == null)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "缺少timestamp参数!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
else if (filterContext.HttpContext.Request.Headers["version"] == null)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "缺少version参数!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
else if (platform == null)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "缺少platform参数!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
int version_num = int.Parse(version.Replace(".", ""));
if ((platform == "ios" && version_num > 103) || (platform == "android" && version_num > 119))
{
if (sign != "dlm_hyg")
{
#region 校验签名
string signContent = string.Format("{0}platform={1}timestamp={2}version={3}{0}", appid, platform, timestamp, version);
string check_sign = Md5Helper.Encrypt(Md5Helper.Encrypt(signContent, 32) + "174PYR5Wwtce", 32).ToLower();
if (sign != check_sign)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "签名校验失败!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
#endregion
#region 校验时间戳区间
long timestamp_long = long.Parse(timestamp);
long startTime = long.Parse(Time.GetTimeStamp(currentTime.AddMinutes(-2), true));
long endTime = long.Parse(Time.GetTimeStamp(currentTime.AddMinutes(2), true));
if (startTime > timestamp_long || timestamp_long > endTime)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "本地时间和网络时间存在较大差别,请调整后重新使用APP!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
#endregion
#region 校验请求频率
string ip = Net.Ip;
IP_Limit iP_Limit = CommonConfig.iP_Limits.Where(t => t.IP == ip).FirstOrDefault();//获取IP限制记录
if (!iP_Limit.IsEmpty())
{
double diffTime = (currentTime - iP_Limit.RequestTime).TotalSeconds;//该IP请求时间间隔在1分钟以内 增加接口请求的数量 不在1分钟以内的重新记录IP请求
if (diffTime < 60)
{
if (iP_Limit.RequestCount > 100)
{
modelResult.code = ResponseCode.fail;
modelResult.info = "操作过于频繁,请稍后重试!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
iP_Limit.RequestCount += 1;
}
else
{
iP_Limit.RequestTime = currentTime;
iP_Limit.RequestCount = 1;
}
}
else
{
CommonConfig.iP_Limits.Add(new IP_Limit
{
IP = ip,
RequestCount = 1,
RequestTime = currentTime
});
}
CommonConfig.iP_Limits.RemoveAll(t => t.RequestTime < currentTime.AddMinutes(-2));//清空超过2分钟的请求记录
#endregion
}
}
#region 屏蔽不需要校验登录的接口
if (actionNameList.Contains(ActionName))
{
return;
}
#endregion
#region 校验当前用户是否在线
if (token.IsEmpty())
{
modelResult.code = ResponseCode.NoLogin;
modelResult.info = "请登录后操作!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
else
{
dm_userEntity dm_UserEntity = CacheHelper.ReadUserInfo(filterContext.HttpContext.Request.Headers);
if (dm_UserEntity.IsEmpty())
{
dm_UserEntity = dM_UserIBLL.GetUserInfoByToken(token);
if (!dm_UserEntity.IsEmpty())
{
CacheHelper.UpdateUserInfo(dm_UserEntity);
}
else
{
string header = string.Format("ActionName={0}&token={1}&platform={2}", ActionName, token, platform);
Hyg.Common.OtherTools.LogHelper.WriteDebugLog("测试token", header);
modelResult.code = ResponseCode.LoginExpire;
modelResult.info = "您的账号在另一台设备登录。如非本人操作,请注意账户安全!";
//modelResult.info = "亲,离开太久了,重新登录一下吧!";
filterContext.Result = new ContentResult {
Content = modelResult.ToJson()
};
return;
}
}
}
#endregion
}
public void OnAuthorization([NotNull] AuthorizationContext context)
{
throw new NotImplementedException();
}
public override bool CheckAccess(AuthorizationContext context)
{
var beerService = new BeerService(_beerElasticsearch, _beerRepository);
if (!context.Principal.Identity.IsAuthenticated)
{
return(false);
}
var username = context.Principal.Identity.Name;
var memberships = _breweryRepository.GetMemberships(username);
//User auth
if ((context.Action.Any((c => c.Value == "Put")) || context.Action.Any(c => c.Value == "Upload") || context.Action.Any(c => c.Value == "Resend")) &&
context.Resource.Any(c => c.Value == "User") && context.Principal.HasClaim(ClaimTypes.Role, "User") && username == context.Resource[1].Value)
{
return(true);
}
// new Beer post auth
if (context.Action.Any(c => c.Value.Equals("Post")) && context.Resource.Any(c => c.Value.Equals("Beer")) && context.Principal.HasClaim(ClaimTypes.Role, "User"))
{
return(true);
}
// New brewery post auth
if (context.Action.Any(c => c.Value.Equals("Post")) && context.Resource.Any(c => c.Value.Equals("Brewery")) && context.Principal.HasClaim(ClaimTypes.Role, "User"))
{
return(true);
}
// Update beer auth: Brewer of beer or brewery memeber with role admin are allowed to change beer.
if ((context.Action.Any(c => c.Value.Equals("Put")) || context.Action.Any(c => c.Value.Equals("Delete"))) && context.Resource.Any(c => c.Value.Equals("BeerId")))
{
int beerId;
var success = int.TryParse(context.Resource[1].Value, out beerId);
if (success && beerService.GetAllUserBeer(username).Any(b => b.Id.Equals(beerId)))
{
return(true);
}
if (memberships.Where(m => m.Role.Equals("Admin"))
.Any(b => beerService.GetAllBreweryBeers(b.BreweryId).Any(beer => beer.Id == beerId)))
{
return(true);
}
}
if ((context.Action.Any(c => c.Value == "Delete" || c.Value == "Post" || c.Value == "Put" || c.Value == "Upload")) &&
context.Resource.Any(c => c.Value.Equals("BreweryId")))
{
int breweryId;
var success = int.TryParse(context.Resource.Last().Value, out breweryId);
if (success && memberships.Any(m => m.Role != null && m.Role.Equals("Admin") && m.BreweryId == breweryId))
{
return(true);
}
if (success)
{
var members = _breweryRepository.GetMembers(breweryId);
if (!members.Any() && context.Principal.HasClaim(ClaimTypes.Role, "Admin"))
{
return(true);
}
}
}
if (context.Action.Any(c => c.Value.Equals("Post")) && context.Principal.HasClaim(ClaimTypes.Role, "Admin") &&
context.Resource.Any(r => r.Value.Equals("Hop") || r.Value.Equals("Yeast") || r.Value.Equals("Fermentable") ||
r.Value.Equals("Other") || r.Value.Equals("Supplier") || r.Value.Equals("Origin") || r.Value.Equals("BeerStyle") ||
r.Value.Equals("Glass")))
{
return(true);
}
if (context.Action.Any(c => c.Value.Equals("Delete")) && context.Principal.HasClaim(ClaimTypes.Role, "Admin") &&
context.Resource.Any(r => r.Value.Equals("Hop") || r.Value.Equals("Yeast") || r.Value.Equals("Fermentable") ||
r.Value.Equals("Other") || r.Value.Equals("Supplier") || r.Value.Equals("Origin") || r.Value.Equals("BeerStyle") ||
r.Value.Equals("Glass")))
{
return(true);
}
if (context.Action.Any(c => c.Value.Equals("Put")) && context.Principal.HasClaim(ClaimTypes.Role, "Admin") &&
context.Resource.Any(r => r.Value.Equals("Hop") || r.Value.Equals("Yeast") || r.Value.Equals("Fermentable") ||
r.Value.Equals("Other") || r.Value.Equals("Supplier") || r.Value.Equals("Origin") || r.Value.Equals("BeerStyle") ||
r.Value.Equals("Glass")))
{
return(true);
}
if (context.Action.Any(c => c.Value.Equals("Reindex")) && context.Principal.HasClaim(ClaimTypes.Role, "Admin") &&
context.Resource.Any(r => r.Value.Equals("Hop") || r.Value.Equals("Yeast") || r.Value.Equals("Fermentable") ||
r.Value.Equals("Other") || r.Value.Equals("Supplier") || r.Value.Equals("Origin") || r.Value.Equals("BeerStyle") ||
r.Value.Equals("Glass") || r.Value.Equals("User") || r.Value.Equals("Beer")))
{
return(true);
}
return(false);
}
protected virtual HttpStatusCodeResult CreateUnAuthorizedNonJsonResult(AuthorizationContext filterContext, string message)
{
return(new HttpStatusCodeResult(filterContext.HttpContext.Response.StatusCode, message));
}
/// <summary>
/// Starts the FFMPEG.
/// </summary>
/// <param name="state">The state.</param>
/// <param name="outputPath">The output path.</param>
/// <param name="cancellationTokenSource">The cancellation token source.</param>
/// <param name="workingDirectory">The working directory.</param>
/// <returns>Task.</returns>
protected async Task <TranscodingJob> StartFfMpeg(
StreamState state,
string outputPath,
CancellationTokenSource cancellationTokenSource,
string workingDirectory = null)
{
Directory.CreateDirectory(Path.GetDirectoryName(outputPath));
await AcquireResources(state, cancellationTokenSource).ConfigureAwait(false);
if (state.VideoRequest != null && !string.Equals(state.OutputVideoCodec, "copy", StringComparison.OrdinalIgnoreCase))
{
var auth = AuthorizationContext.GetAuthorizationInfo(Request);
if (auth.User != null && !auth.User.Policy.EnableVideoPlaybackTranscoding)
{
ApiEntryPoint.Instance.OnTranscodeFailedToStart(outputPath, TranscodingJobType, state);
throw new ArgumentException("User does not have access to video transcoding");
}
}
var encodingOptions = ApiEntryPoint.Instance.GetEncodingOptions();
var process = new Process()
{
StartInfo = new ProcessStartInfo()
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = false,
// Must consume both stdout and stderr or deadlocks may occur
//RedirectStandardOutput = true,
RedirectStandardError = true,
RedirectStandardInput = true,
FileName = MediaEncoder.EncoderPath,
Arguments = GetCommandLineArguments(outputPath, encodingOptions, state, true),
WorkingDirectory = string.IsNullOrWhiteSpace(workingDirectory) ? null : workingDirectory,
ErrorDialog = false
},
EnableRaisingEvents = true
};
var transcodingJob = ApiEntryPoint.Instance.OnTranscodeBeginning(outputPath,
state.Request.PlaySessionId,
state.MediaSource.LiveStreamId,
Guid.NewGuid().ToString("N", CultureInfo.InvariantCulture),
TranscodingJobType,
process,
state.Request.DeviceId,
state,
cancellationTokenSource);
var commandLineLogMessage = process.StartInfo.FileName + " " + process.StartInfo.Arguments;
Logger.LogInformation(commandLineLogMessage);
var logFilePrefix = "ffmpeg-transcode";
if (state.VideoRequest != null &&
string.Equals(state.OutputVideoCodec, "copy", StringComparison.OrdinalIgnoreCase))
{
if (string.Equals(state.OutputAudioCodec, "copy", StringComparison.OrdinalIgnoreCase))
{
logFilePrefix = "ffmpeg-directstream";
}
else
{
logFilePrefix = "ffmpeg-remux";
}
}
var logFilePath = Path.Combine(ServerConfigurationManager.ApplicationPaths.LogDirectoryPath, logFilePrefix + "-" + Guid.NewGuid() + ".txt");
// FFMpeg writes debug/error info to stderr. This is useful when debugging so let's put it in the log directory.
Stream logStream = FileSystem.GetFileStream(logFilePath, FileOpenMode.Create, FileAccessMode.Write, FileShareMode.Read, true);
var commandLineLogMessageBytes = Encoding.UTF8.GetBytes(Request.AbsoluteUri + Environment.NewLine + Environment.NewLine + JsonSerializer.SerializeToString(state.MediaSource) + Environment.NewLine + Environment.NewLine + commandLineLogMessage + Environment.NewLine + Environment.NewLine);
await logStream.WriteAsync(commandLineLogMessageBytes, 0, commandLineLogMessageBytes.Length, cancellationTokenSource.Token).ConfigureAwait(false);
process.Exited += (sender, args) => OnFfMpegProcessExited(process, transcodingJob, state);
try
{
process.Start();
}
catch (Exception ex)
{
Logger.LogError(ex, "Error starting ffmpeg");
ApiEntryPoint.Instance.OnTranscodeFailedToStart(outputPath, TranscodingJobType, state);
throw;
}
state.TranscodingJob = transcodingJob;
// Important - don't await the log task or we won't be able to kill ffmpeg when the user stops playback
_ = new JobLogger(Logger).StartStreamingLog(state, process.StandardError.BaseStream, logStream);
// Wait for the file to exist before proceeeding
while (!File.Exists(state.WaitForPath ?? outputPath) && !transcodingJob.HasExited)
{
await Task.Delay(100, cancellationTokenSource.Token).ConfigureAwait(false);
}
if (state.IsInputVideo && transcodingJob.Type == TranscodingJobType.Progressive && !transcodingJob.HasExited)
{
await Task.Delay(1000, cancellationTokenSource.Token).ConfigureAwait(false);
if (state.ReadInputAtNativeFramerate && !transcodingJob.HasExited)
{
await Task.Delay(1500, cancellationTokenSource.Token).ConfigureAwait(false);
}
}
if (!transcodingJob.HasExited)
{
StartThrottler(state, transcodingJob);
}
return(transcodingJob);
}
/// <summary>
/// Check for Authorization
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
IsUserAuthorized(filterContext);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
// simplified for this example
Thread.CurrentThread.CurrentUICulture = CultureInfo.GetCultureInfo("de");
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
}
} // no op
public void OnAuthorization(AuthorizationContext filterContext)
{
filterContext.HttpContext.Set <IAuthenticationManager>(new AuthenticationManager());
var authCookie = filterContext.HttpContext.Request.Cookies.Get(cookieName);
if (authCookie == null || authCookie.Value.IsNullOrWhiteSpace())
{
SetGuestPrincipal(filterContext);
filterContext.HttpContext.Get <IAuthenticationManager>().SignOut();
return;
}
AuthenticationToken authenticationToken = null;
try
{
authenticationToken = AuthenticationTokenProtector.Unprotect(authCookie.Value);
}
catch (Exception)
{
System.Diagnostics.Debug.Fail("TODO log and return instead of throwing exception");
throw;
}
// note that we don't check for cookie expiration, we simply don't care.
var tokenClaim = authenticationToken.Identity.FindFirst(ClaimTypes.NameIdentifier);
var authenticationType = authenticationToken.Identity.AuthenticationType;
UserAccount userAccount = null;
// TODO move this database access code back behind some provider
// and implement the switch logic as a subclass instead of procedure
using (var databaseSession = DatabaseBootstrapper.SessionFactory.OpenSession())
{
databaseSession.FlushMode = FlushMode.Commit;
databaseSession.Transaction.Begin(IsolationLevel.RepeatableRead);
switch (authenticationType)
{
case FacebookAuthentication.AuthenticationType:
{
var id = int.Parse(tokenClaim.Value);
userAccount = databaseSession.Get <UserFacebookAccessToken>(id)?.User;
break;
}
default:
{
System.Diagnostics.Debug.Fail("TODO: log that we have an invalid authentication type");
break;
}
}
if (userAccount != null)
{
userAccount.UpdateSeen();
}
databaseSession.CommitTransaction();
}
if (userAccount == null)
{
SetGuestPrincipal(filterContext);
filterContext.HttpContext.Get <IAuthenticationManager>().SignOut();
}
authenticationToken.Identity.RemoveClaim(tokenClaim);
authenticationToken.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userAccount.UserAccountId.ToString(), ClaimValueTypes.Integer32));
authenticationToken.Identity.AddClaim(new Claim(authenticationToken.Identity.NameClaimType, userAccount.Name));
if (userAccount.IsContributor)
{
authenticationToken.Identity.AddClaim(new Claim(authenticationToken.Identity.RoleClaimType, RoleNames.Contributor));
}
if (userAccount.IsArchivist)
{
authenticationToken.Identity.AddClaim(new Claim(authenticationToken.Identity.RoleClaimType, RoleNames.Archivist));
}
if (userAccount.IsAdmin)
{
authenticationToken.Identity.AddClaim(new Claim(authenticationToken.Identity.RoleClaimType, RoleNames.Admin));
}
SetPrincipal(filterContext.HttpContext, new ClaimsPrincipal(authenticationToken.Identity));
}
private void SetGuestPrincipal(AuthorizationContext filterContext)
{
SetPrincipal(filterContext.HttpContext, GuestPrincipal.Default);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.HttpContext.Response.Redirect("/Home/Contact");
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(
new { action = "Index", Controller = "Home", id = 404 }));
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectResult("~/Home/UnAuthorized");
}
public override bool CanExecute(Guid resourceId, IDSFDataObject dataObject, AuthorizationContext authorizationContext)
{
return(true);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new HttpUnauthorizedResult();
}
public void OnAuthorization(AuthorizationContext filterContext)
{
throw new NotImplementedException();
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectResult("/Admin/AdminLogin/Index");
}
/// <summary>
/// Gets the state.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>StreamState.</returns>
protected async Task <StreamState> GetState(StreamRequest request, CancellationToken cancellationToken)
{
ParseDlnaHeaders(request);
if (!string.IsNullOrWhiteSpace(request.Params))
{
ParseParams(request);
}
ParseStreamOptions(request);
var url = Request.PathInfo;
if (string.IsNullOrEmpty(request.AudioCodec))
{
request.AudioCodec = EncodingHelper.InferAudioCodec(url);
}
var enableDlnaHeaders = !string.IsNullOrWhiteSpace(request.Params) ||
string.Equals(GetHeader("GetContentFeatures.DLNA.ORG"), "1", StringComparison.OrdinalIgnoreCase);
var state = new StreamState(MediaSourceManager, TranscodingJobType)
{
Request = request,
RequestedUrl = url,
UserAgent = Request.UserAgent,
EnableDlnaHeaders = enableDlnaHeaders
};
var auth = AuthorizationContext.GetAuthorizationInfo(Request);
if (!auth.UserId.Equals(Guid.Empty))
{
state.User = UserManager.GetUserById(auth.UserId);
}
//if ((Request.UserAgent ?? string.Empty).IndexOf("iphone", StringComparison.OrdinalIgnoreCase) != -1 ||
// (Request.UserAgent ?? string.Empty).IndexOf("ipad", StringComparison.OrdinalIgnoreCase) != -1 ||
// (Request.UserAgent ?? string.Empty).IndexOf("ipod", StringComparison.OrdinalIgnoreCase) != -1)
//{
// state.SegmentLength = 6;
//}
if (state.VideoRequest != null && !string.IsNullOrWhiteSpace(state.VideoRequest.VideoCodec))
{
state.SupportedVideoCodecs = state.VideoRequest.VideoCodec.Split(',').Where(i => !string.IsNullOrWhiteSpace(i)).ToArray();
state.VideoRequest.VideoCodec = state.SupportedVideoCodecs.FirstOrDefault();
}
if (!string.IsNullOrWhiteSpace(request.AudioCodec))
{
state.SupportedAudioCodecs = request.AudioCodec.Split(',').Where(i => !string.IsNullOrWhiteSpace(i)).ToArray();
state.Request.AudioCodec = state.SupportedAudioCodecs.FirstOrDefault(i => MediaEncoder.CanEncodeToAudioCodec(i))
?? state.SupportedAudioCodecs.FirstOrDefault();
}
if (!string.IsNullOrWhiteSpace(request.SubtitleCodec))
{
state.SupportedSubtitleCodecs = request.SubtitleCodec.Split(',').Where(i => !string.IsNullOrWhiteSpace(i)).ToArray();
state.Request.SubtitleCodec = state.SupportedSubtitleCodecs.FirstOrDefault(i => MediaEncoder.CanEncodeToSubtitleCodec(i))
?? state.SupportedSubtitleCodecs.FirstOrDefault();
}
var item = LibraryManager.GetItemById(request.Id);
state.IsInputVideo = string.Equals(item.MediaType, MediaType.Video, StringComparison.OrdinalIgnoreCase);
//var primaryImage = item.GetImageInfo(ImageType.Primary, 0) ??
// item.Parents.Select(i => i.GetImageInfo(ImageType.Primary, 0)).FirstOrDefault(i => i != null);
//if (primaryImage != null)
//{
// state.AlbumCoverPath = primaryImage.Path;
//}
MediaSourceInfo mediaSource = null;
if (string.IsNullOrWhiteSpace(request.LiveStreamId))
{
var currentJob = !string.IsNullOrWhiteSpace(request.PlaySessionId) ?
ApiEntryPoint.Instance.GetTranscodingJob(request.PlaySessionId)
: null;
if (currentJob != null)
{
mediaSource = currentJob.MediaSource;
}
if (mediaSource == null)
{
var mediaSources = (await MediaSourceManager.GetPlayackMediaSources(LibraryManager.GetItemById(request.Id), null, false, false, cancellationToken).ConfigureAwait(false)).ToList();
mediaSource = string.IsNullOrEmpty(request.MediaSourceId)
? mediaSources[0]
: mediaSources.Find(i => string.Equals(i.Id, request.MediaSourceId));
if (mediaSource == null && request.MediaSourceId.Equals(request.Id))
{
mediaSource = mediaSources[0];
}
}
}
else
{
var liveStreamInfo = await MediaSourceManager.GetLiveStreamWithDirectStreamProvider(request.LiveStreamId, cancellationToken).ConfigureAwait(false);
mediaSource = liveStreamInfo.Item1;
state.DirectStreamProvider = liveStreamInfo.Item2;
}
var videoRequest = request as VideoStreamRequest;
EncodingHelper.AttachMediaSourceInfo(state, mediaSource, url);
var container = Path.GetExtension(state.RequestedUrl);
if (string.IsNullOrEmpty(container))
{
container = request.Container;
}
if (string.IsNullOrEmpty(container))
{
container = request.Static ?
StreamBuilder.NormalizeMediaSourceFormatIntoSingleContainer(state.InputContainer, state.MediaPath, null, DlnaProfileType.Audio) :
GetOutputFileExtension(state);
}
state.OutputContainer = (container ?? string.Empty).TrimStart('.');
state.OutputAudioBitrate = EncodingHelper.GetAudioBitrateParam(state.Request, state.AudioStream);
state.OutputAudioCodec = state.Request.AudioCodec;
state.OutputAudioChannels = EncodingHelper.GetNumAudioChannelsParam(state, state.AudioStream, state.OutputAudioCodec);
if (videoRequest != null)
{
state.OutputVideoCodec = state.VideoRequest.VideoCodec;
state.OutputVideoBitrate = EncodingHelper.GetVideoBitrateParamValue(state.VideoRequest, state.VideoStream, state.OutputVideoCodec);
if (videoRequest != null)
{
EncodingHelper.TryStreamCopy(state);
}
if (state.OutputVideoBitrate.HasValue && !string.Equals(state.OutputVideoCodec, "copy", StringComparison.OrdinalIgnoreCase))
{
var resolution = ResolutionNormalizer.Normalize(
state.VideoStream?.BitRate,
state.VideoStream?.Width,
state.VideoStream?.Height,
state.OutputVideoBitrate.Value,
state.VideoStream?.Codec,
state.OutputVideoCodec,
videoRequest.MaxWidth,
videoRequest.MaxHeight);
videoRequest.MaxWidth = resolution.MaxWidth;
videoRequest.MaxHeight = resolution.MaxHeight;
}
}
ApplyDeviceProfileSettings(state);
var ext = string.IsNullOrWhiteSpace(state.OutputContainer)
? GetOutputFileExtension(state)
: ('.' + state.OutputContainer);
var encodingOptions = ApiEntryPoint.Instance.GetEncodingOptions();
state.OutputFilePath = GetOutputFilePath(state, encodingOptions, ext);
return(state);
}
private PartUserInfo partUserInfo = null; //用户信息
protected override void OnAuthorization(AuthorizationContext filterContext)
{
ip = WebHelper.GetIP();
//当用户ip不在允许的后台访问ip列表时
if (!string.IsNullOrEmpty(shopConfigInfo.AdminAllowAccessIP) && !ValidateHelper.InIPList(ip, shopConfigInfo.AdminAllowAccessIP))
{
filterContext.Result = HttpNotFound();
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(ip))
{
filterContext.Result = HttpNotFound();
return;
}
//获得用户id
int uid = ShopUtils.GetUidCookie();
if (uid < 1)
{
uid = WebHelper.GetRequestInt("uid");
}
if (uid < 1)//当用户为游客时
{
//创建游客
partUserInfo = Users.CreatePartGuest();
}
else//当用户为会员时
{
//获得保存在cookie中的密码
string encryptPwd = ShopUtils.GetCookiePassword();
if (string.IsNullOrWhiteSpace(encryptPwd))
{
encryptPwd = WebHelper.GetRequestString("password");
}
//防止用户密码被篡改为危险字符
if (encryptPwd.Length == 0 || !SecureHelper.IsBase64String(encryptPwd))
{
//创建游客
partUserInfo = Users.CreatePartGuest();
ShopUtils.SetUidCookie(-1);
ShopUtils.SetCookiePassword("");
}
else
{
partUserInfo = Users.GetPartUserByUidAndPwd(uid, ShopUtils.DecryptCookiePassword(encryptPwd));
if (partUserInfo == null)
{
partUserInfo = Users.CreatePartGuest();
ShopUtils.SetUidCookie(-1);
ShopUtils.SetCookiePassword("");
}
}
}
//当用户等级是禁止访问等级时
if (partUserInfo.UserRid == 1)
{
filterContext.Result = HttpNotFound();
return;
}
//如果当前用户没有登录
if (partUserInfo.Uid < 1)
{
filterContext.Result = HttpNotFound();
return;
}
//如果当前用户不是管理员
if (partUserInfo.AdminGid == 1)
{
filterContext.Result = HttpNotFound();
return;
}
}
public void BaseOnAuthorization(AuthorizationContext context)
{
OnAuthorization(context);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
}
internal static void TraceIdentityVerificationFailure(EndpointIdentity identity, AuthorizationContext authContext, Type identityVerifier)
{
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
// Return a "403 Forbidden" status rather than redirecting to the login page with the standard "401 Unauthorized"
filterContext.Result = new HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
}
// protected override void OnActionExecuting(ActionExecutingContext filterContext)
// {
// var sessionUser = (LoginModel) Session[CommonConstants.UserSession];
// if (sessionUser == null)
// {
// var sessionKey = filterContext.RouteData.Values["ssk"];
//
// if (sessionKey == null || sessionKey == "")
// {
// filterContext.Result = new RedirectToRouteResult(new
// RouteValueDictionary(new {controller = "Login", action = "Index"}));
// }
// else
// {
// LoginModel loginModel = new LoginModel();
// string sql = "select s.session_key, s.username from sessions s where s.session_key = :0";
// List<LoginModel> lstUser =
// OracleHelper.ExecuteCommandText<LoginModel>(ConnectionString, sql, sessionKey);
// if (lstUser.Count > 0)
// {
// loginModel.SessionKey = lstUser[0].SessionKey;
// loginModel.Username = lstUser[0].Username;
// Session.Add(CommonConstants.UserSession, loginModel);
// }
// else
// {
// filterContext.Result = new RedirectToRouteResult(new
// RouteValueDictionary(new {controller = "Login", action = "Index"}));
// }
// }
// }
//
// base.OnActionExecuting(filterContext);
// }
protected override void OnAuthorization(AuthorizationContext filterContext)
{
var sessionUser = (LoginModel)Session[CommonConstants.UserSession];
var sessionKey = filterContext.RouteData.Values["ssk"];
if (sessionUser == null)
{
if (sessionKey == null || sessionKey == "")
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Login", action = "Index" }));
}
else
{
LoginModel loginModel = new LoginModel();
string sql = "select s.session_key, s.username from sessions s where s.session_key = :0";
List <LoginModel> lstUser =
OracleHelper.ExecuteCommandText <LoginModel>(ConnectionString, sql, sessionKey);
if (lstUser.Count > 0)
{
loginModel.SessionKey = lstUser[0].SessionKey;
loginModel.Username = lstUser[0].Username;
Session.Add(CommonConstants.UserSession, loginModel);
}
else
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Login", action = "Index" }));
}
}
}
else
{
var ssk = sessionKey != null ? sessionKey : sessionUser.SessionKey;
if (sessionKey != null && sessionUser.SessionKey != sessionKey)
{
Session[CommonConstants.UserSession] = null;
LoginModel loginModel = new LoginModel();
string sql = "select s.session_key, s.username from sessions s where s.session_key = :0";
List <LoginModel> lstUser =
OracleHelper.ExecuteCommandText <LoginModel>(ConnectionString, sql, sessionKey);
if (lstUser.Count > 0)
{
loginModel.SessionKey = lstUser[0].SessionKey;
loginModel.Username = lstUser[0].Username;
Session.Add(CommonConstants.UserSession, loginModel);
}
}
string sqlGetRoleType =
"select\r\n ur.ROLETYPE_LIST || ',' || (select dr.ROLETYPE_LIST from apec_docs_department_role dr where dr.DEPARTMENT_ID = sd.dep_id) ROLETYPE_LIST\r\n from sessions s\r\n left join users u on s.user_id = u.user_id\r\n left join apec_docs_user_role ur on u.staff_id = ur.staff_id\r\n left join apec_staff_deparment sd on u.staff_id = sd.staff_id\r\n where s.session_key = :0 and sd.dep_id is not null";
List <RoleType> lstRoleType =
OracleHelper.ExecuteCommandText <RoleType>(ConnectionString, sqlGetRoleType, ssk);
var strAccessAction = lstRoleType.Count > 0 ? lstRoleType[0].RoleTypeString : "";
var strAction = filterContext.HttpContext.Request.Url.ToString();
var strActionNumber = "";
if (strAction.Contains("Create") || strAction.Contains("create"))
{
strActionNumber = "1";
}
if (strAction.Contains("Edit") || strAction.Contains("Edit"))
{
strActionNumber = "2";
}
if (strAction.Contains("DownloadDoc") || strAction.Contains("DownloadDocZip") || strAction.Contains("downloadDoc") || strAction.Contains("downloadDocZip") || strAction.Contains("UploadedFiles"))
{
strActionNumber = "5";
}
if (!strAccessAction.Contains(strActionNumber))
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Home", action = "CheckPermission" }));
}
}
base.OnAuthorization(filterContext);
}
public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
{
return(true);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
var user = (SysUser)filterContext.HttpContext.Session["user"];
if (user == null)
{
string code = filterContext.HttpContext.Request["code"];
if (string.IsNullOrEmpty(code) && isPc)
{
filterContext.Result = new RedirectResult("/Home/Login");
}
else
{
var request = filterContext.HttpContext.Request;
SysUserBLL handle = new SysUserBLL();
int environmentMode = ConvertHelper.ToInt32(ConfigurationManager.AppSettings["EnvironmentMode"]);
string openID = ConvertHelper.ToString(request.QueryString["OpenID"]);
if (!string.IsNullOrEmpty(openID) && environmentMode == (int)EnvironmentMode.Development) // 开发模式
{
user = handle.DetailByOpenID(openID);
}
else
{
string openId = WeChatAPI.GetOpenID(code);
if (string.IsNullOrEmpty(openId))
{
string toUrl = FileHelper.GetFilePath("/Home/Index");
string url = @"https://open.weixin.qq.com/connect/oauth2/authorize?appid={1}&redirect_uri={0}&response_type=code&scope=snsapi_userinfo&state=1&connect_redirect=1#wechat_redirect";
string redirectUrl = string.Format(url, toUrl, ConfigurationManager.AppSettings["AppKey"]);
filterContext.Result = new RedirectResult(redirectUrl);
}
else
{
user = handle.DetailByOpenID(openId);
}
}
if (user != null)
{
if (!string.IsNullOrEmpty(operateCode) && !AuthenHelper.HasAuth(operateCode))
{
filterContext.Result = new RedirectResult("/Home/NoRole");
}
else
{
filterContext.HttpContext.Session["user"] = user;
filterContext.HttpContext.Session.Timeout = 30;
}
}
}
}
else
{
if (!string.IsNullOrEmpty(operateCode) && !AuthenHelper.HasAuth(operateCode))
{
filterContext.Result = new RedirectResult("/Home/NoAuth");
}
else
{
filterContext.HttpContext.Session["user"] = user;
filterContext.HttpContext.Session.Timeout = 30;
}
filterContext.HttpContext.Session.Timeout = 30;
}
}
