public override void OnAuthorization(HttpActionContext actionContext) { var req = HttpContext.Current.Request; var userToken = getRequestParam("usertoken"); var nonceStr = getRequestParam("noncestr"); UserAuthenticateAttribute userAuthenticate = null; if (!IsIgnoreUserAuthenticate(actionContext, out userAuthenticate)) { var result = OnUserAuthorization(nonceStr, userToken, userAuthenticate); if (result.Status != 0) { actionContext.Response = new HttpResponseMessage() { Content = new StringContent(JsonHelper.ToJson(result, false, ""), Encoding.UTF8, "application/json") }; return; } else { BLL.Sys.Implements.ApiSecurityService.SetUserTokenExpire(userToken); } } }
/// <summary> /// 是否忽略用户登录认证 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> bool IsIgnoreUserAuthenticate(HttpActionContext actionContext, out UserAuthenticateAttribute userAuthenticate) { var userAuthenticates = GetActionOrControllerAttributes <UserAuthenticateAttribute>(actionContext); userAuthenticate = null; //控制器或者Action上标识了用户验证 if (userAuthenticates != null && userAuthenticates.Count > 0) { userAuthenticate = userAuthenticates[0]; //查找是否有特殊标识 var actionIgnoreAuthcate = GetActionOrControllerAttributes <IgnoreUserAuthenticateAttribute>(actionContext); //没有找到特殊标识 if (actionIgnoreAuthcate == null || actionIgnoreAuthcate.Count <= 0) { //不需要忽略用户认证 return(false); } else { //忽略用户认证 return(true); } } else { userAuthenticate = new UserAuthenticateAttribute(); userAuthenticate.IsValidUserType = false; return(true); } }
public ApiMessageResult OnUserAuthorization(string nonceStr, string userToken, UserAuthenticateAttribute userAuthenticateAttribute) { //返回结果 var result = new ApiMessageResult() { Status = 0 }; if (!string.IsNullOrEmpty(userToken)) { if (!BLL.Sys.Implements.ApiSecurityService.CheckNonceStr(nonceStr, userToken)) { result.Status = EnumApiStatus.ApiRepeatedAccess; result.Msg = "非法请求(重复请求)"; return(result); } } #region //通过API正常登录,有usertoken的验证方式 //用户是否登录(根据userToken取用户信息) if (!BLL.Sys.Implements.ApiSecurityService.CheckUserTicket(userToken)) { result = new ApiMessageResult() { Status = EnumApiStatus.ApiUserNotLogin, Msg = "用户未登录" }; } else { var loginUser = ApiSecurityService.GetUserTicket(userToken); //扩展 药店用户,权限等同 用户 if (userAuthenticateAttribute != null && userAuthenticateAttribute.IsValidUserType && loginUser.UserType != userAuthenticateAttribute.UserType) { result = new ApiMessageResult() { Status = EnumApiStatus.ApiUserUnauthorized, Msg = "用户无权限访问" }; } else { //存入通过认证的登录用户信息 HttpContext.Current.Items["LoginUser"] = loginUser; } } #endregion return(result); }