Exemplo n.º 1
0
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
        {
            int matchHeaderCount = request.Headers.Count((item) =>
            {
                if ("keyword".Equals(item.Key))
                {
                    foreach (var str in item.Value)
                    {
                        if ("SxSh".Equals(str))
                        {
                            return(true);
                        }
                    }
                }
                return(false);
            });

            if (matchHeaderCount > 0)
            {
                return(base.SendAsync(request, cancellationToken));
            }
            else
            {
                if (!Model_SYS_USER.IsLogin())
                {
                    AjaxMsgModel amm = new AjaxMsgModel
                    {
                        BackUrl = "/Home/Login?msg=noLogin",
                        Data    = null,
                        Msg     = Message.NotLogin,
                        Statu   = AjaxStatu.nologin
                    };
                    var response = request.CreateResponse(System.Net.HttpStatusCode.OK, amm);
                    //var response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                    var task = new TaskCompletionSource <HttpResponseMessage>();
                    task.SetResult(response);
                    return(task.Task);
                }
                return(base.SendAsync(request, cancellationToken));
            }
        }
Exemplo n.º 2
0
        //
        // 摘要:
        //     在过程请求授权时调用。
        //
        // 参数:
        //   filterContext:
        //     筛选器上下文,它封装有关使用 System.Web.Mvc.AuthorizeAttribute 的信息。
        //
        // 异常:
        //   System.ArgumentNullException:
        //     filterContext 参数为 null。
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            /**
             * 如果请求的区域包含area并且area的名称等于SYSs
             * 那么就进行权限验证
             * */

            if (filterContext.RouteData.DataTokens.Keys.Contains("area") &&
                (filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "sys" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "gate" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "gis" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "job" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "material" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "rule" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "scripts" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "rain" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "tool" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "rail" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "car" ||
                 filterContext.RouteData.DataTokens["area"].ToString().ToLower() == "repair"
                ))
            {
                ///**
                //   * 验证用户是否登录
                //   * */
                if (!Model_SYS_USER.IsLogin())
                { ///如果没有登录那么就跳转到登录页面
                    filterContext.Result = new BaseController().Redirect("/Home/Login?msg=noLogin", filterContext.ActionDescriptor, AjaxStatu.nologin);
                }
                else
                {
                    if (!AuthorizeIs(filterContext.HttpContext))
                    {
                        filterContext.Result = new BaseController().Redirect("/Home/Login?msg=noLogin", filterContext.ActionDescriptor, AjaxStatu.none);
                    }
                    else
                    {
                        /**
                         * Action方法本身及它所属控制器都没有定义Skip特性
                         * 那么就可以进行权限验证
                         * */
                        if (!filterContext.ActionDescriptor.AttributeExists <Common.Attributes.SkipAttribute>(false) &&
                            !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(Common.Attributes.SkipAttribute), false))
                        {
                            //验证该登录用户是否有访问该页面的权限
                            string strAreaName       = filterContext.RouteData.DataTokens["area"].ToString().ToLower();
                            string strControllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
                            string strActionName     = filterContext.ActionDescriptor.ActionName.ToLower();

                            if (strActionName == "index")
                            {
                                string[] url = filterContext.HttpContext.Request.FilePath.Split('/');
                                if (url.Length > 4)
                                {
                                    for (int i = 4; i < url.Length; i++)
                                    {
                                        strActionName = strActionName + "/" + url[i];
                                    }
                                }
                            }

                            string     strHttpMethod = filterContext.HttpContext.Request.HttpMethod;
                            HttpMethod httpMethod    = strHttpMethod.ToLower().Equals("get") ? HttpMethod.Get
                                : strHttpMethod.ToLower().Equals("post") ? HttpMethod.Post : HttpMethod.HEAD;

                            if (!Model_SYS_MENU.HasPermission(strAreaName, strControllerName, strActionName, httpMethod))
                            {
                                filterContext.Result = new BaseController().Redirect("/Home/Login?msg=noPermission", filterContext.ActionDescriptor, AjaxStatu.noperm);
                            }
                            else
                            {
                                if (strActionName.ToLower() == "list" && filterContext.HttpContext.Request["page"] != null && filterContext.HttpContext.Request["rows"] != null)
                                {
                                    string pageIndex = filterContext.HttpContext.Request["page"].ToString();
                                    string pageSize  = filterContext.HttpContext.Request["rows"].ToString();
                                    if (pageIndex == "0" && pageSize == "0")
                                    {
                                        filterContext.Result = ObjToJson.GetToJson(null, 0, true);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }