Exemplo n.º 1
0
        private void OnAuthenticate(HttpContext context)
        {
            if (context.User == null)
            {//用户是否认证
                MaUserTicket _ticket = MaSecurityHelper.GetTicketFormCookie();
                if (_ticket != null)
                {
                    if (!_ticket.Expired)
                    {
                        #region 票证有效进行延期
                        if (!string.IsNullOrEmpty(_ticket.Username))
                        {
                            bool _isDefer = false;
                            if (MaSecurityConfig.Instance.ValidateIP)
                            {     //需要验证IP
                                if (_ticket.Ip != MaWebUtility.GetIP())
                                { //ip验证不通过,退出登录
                                    MaSecurityHelper.SignOut();
                                    return;
                                }
                                else
                                {
                                    _isDefer = true;
                                }
                            }
                            //设置用户
                            Type type = System.Web.Compilation.BuildManager.GetType(MaSecurityConfig.Instance.MaPrincipalType, false, false);
                            context.User = Activator.CreateInstance(type, new object[] { _ticket.Username }) as MaPrincipal;
                            //更新过期时间
                            if (_isDefer && _ticket.SlidingExpiration)
                            {
                                //更新cookie
                                HttpContext.Current.Response.Cookies.Add(MaSecurityHelper.GetAuthCookie(_ticket));
                            }
                        }

                        #endregion
                    }
                    else
                    {
                        //登录超时
                    }
                }
            }
            else
            {
                //已有用户信息
            }
        }
Exemplo n.º 2
0
        /// <summary>
        /// 为提供的用户名创建一个身份验证票证,并将其添加到响应的cookie集合或URL
        /// </summary>
        /// <param name="username">已验证身份的用户的名称</param>
        /// <param name="createPersistentCookie">持久cookie</param>
        public static void SetAuthCookie(string username, bool createPersistentCookie)
        {
            if (string.IsNullOrEmpty(username))
            {
                return;
            }
            //生成用户票证
            MaUserTicket _userTicket = new MaUserTicket(username, MaSecurityConfig.Instance.Timeout, MaSecurityConfig.Instance.SlidingExpiration, createPersistentCookie);

            //写入cookie
            HttpContext.Current.Response.Cookies.Add(GetAuthCookie(_userTicket));

            //设置用户
            Type type = System.Web.Compilation.BuildManager.GetType(MaSecurityConfig.Instance.MaPrincipalType, false, false);

            HttpContext.Current.User = Activator.CreateInstance(type, new object[] { username }) as MaPrincipal;
        }
Exemplo n.º 3
0
        /// <summary>
        /// 根据用户票证获取cookie
        /// </summary>
        /// <param name="userTicket"></param>
        /// <returns></returns>
        public static HttpCookie GetAuthCookie(MaUserTicket userTicket)
        {
            //根据用户票证生成cookie
            HttpCookie cookie = new HttpCookie(MaSecurityConfig.Instance.CookieName, userTicket.ToString());

            cookie.HttpOnly = false;
            cookie.Path     = MaSecurityConfig.Instance.CookiePath;
            cookie.Secure   = MaSecurityConfig.Instance.RequireSSL;
            if (MaSecurityConfig.Instance.CookieDomain != null)
            {
                cookie.Domain = MaSecurityConfig.Instance.CookieDomain;
            }
            if (userTicket.CreatePersistentCookie)
            {//创建持久cookie
                cookie.Expires = userTicket.Expiration;
            }
            return(cookie);
        }
Exemplo n.º 4
0
        /// <summary>
        /// 从cookie获得用户票证
        /// </summary>
        /// <returns></returns>
        public static MaUserTicket GetTicketFormCookie()
        {
            HttpCookie _cookie = HttpContext.Current.Request.Cookies[MaSecurityConfig.Instance.CookieName];

            if (_cookie == null)
            {
                return(null);
            }
            try
            {
                MaUserTicket _userTicket = new MaUserTicket(_cookie.Value);
                return(_userTicket);
            }
            catch
            {
                SignOut();
                return(null);
            }
        }