/// <summary>
/// 获取Web授权地址
/// </summary>
/// <returns></returns>
public static string GetAuthUrl(string callback)
{
string url = Stands.AUTH_HOST + "/Authorize/Index";
//回调地址
string callBackUrl = WebUtils.CurrentHost() + "/" + Stands.CallBackController + "/CallBack/?" + Stands.BEFORE_REQUEST_URL + "=" + HttpUtility.UrlEncode(callback);
CJClient client = new CJClient();
CJDictionary dic = new CJDictionary { { "projectCode", Stands.PROJECT_CODE }, { "auth_type", (int)Stands.AuthType } };
DateTime timestamp = DateTime.Now;
return client.BuildAuthUrl(url, "", Stands.SIGN_SECRET, callBackUrl, dic, timestamp);
}
public string BuildAuthUrl(string url, string openId, string secret, string callback, CJDictionary txtParams, DateTime timestamp)
{
txtParams.Add(CALL_BACK, callback);
// txtParams.Add(VERSION, "1.0");
txtParams.Add(OPEN_ID, openId);
// txtParams.Add(FORMAT, format);
// txtParams.Add(PARTNER_ID, SDK_VERSION);
txtParams.Add(TIMESTAMP, timestamp);
// txtParams.Add(TOKEN, session);
// txtParams.AddAll(this.systemParameters);
// 添加签名参数
txtParams.Add(SIGN, CJUtils.SignRequest(txtParams, secret));
var webUtils = new WebUtils();
return webUtils.BuildGetUrl(url, txtParams);
}
/// <summary>
/// url 权限路由
/// </summary>
/// <param name="callBack"></param>
/// <param name="_biz">数据请求对象</param>
/// <param name="_client">url编辑对象</param>
/// <param name="userInfo">用户信息</param>
/// <param name="dic">其他信息</param>
/// <returns></returns>
public static AuthMessage RouteUrl(string callBack, CJClient _client, SSOUser userInfo, CJDictionary dic)
{
try
{
userInfo.Password = null;
dic = dic ?? new CJDictionary();
//尝试从cookie中拿openid
var openId = Tools.GetCookie(Stands.OpenIdCookie);
//生成主站令牌 ps:如果有openid 使用openid作为令牌,如果没有openid 使用id
var token = string.IsNullOrEmpty(openId) ? Guid.NewGuid().ToString().ToUpper() : openId;
dic[CJClient.TOKEN] = token;
var list = CacheHelper.Item_Get<List<Filters>>(Stands.FILTERS);
//存储用户信息
SaveLoginInfo(userInfo, token);
try
{
string configMsg;
if (list != null && list.Any(x => x.FlagValue == userInfo.FlagValue))
{
var redirect = list.First(x => x.FlagValue == userInfo.FlagValue);
callBack = redirect.Url;
configMsg = redirect.Message;
}
else
{
callBack = _client.BuildReturnUrl(callBack, dic);
configMsg = "登录成功!";
}
return new AuthMessage
{
Message = configMsg,
Url = callBack,
Status = userInfo.FlagValue
};
}
catch (Exception ex)
{
_log.Error(ex.Message);
throw new Exception("请检查xml文件:" + ex.Message);
}
}
catch (Exception ex)
{
_log.Error(ex.Message);
return new AuthMessage
{
IsError = true,
Message = ex.Message
};
}
}
/// <summary>
/// url 权限路由
/// </summary>
/// <param name="callBack"></param>
/// <param name="userInfo">用户信息</param>
/// <param name="dic">其他信息 该信息会通过Url返回到分站的callback</param>
/// <returns></returns>
public static AuthMessage RouteUrl(string callBack, SSOUser userInfo, CJDictionary dic)
{
CJClient _client = new CJClient();
return RouteUrl(callBack, _client, userInfo, dic);
}
public ActionResult Index()
{
try
{
#region 检查参数有效性
if (!CJUtils.VerifyResponse(Request.Url.AbsoluteUri, Stands.SIGN_SECRET))
{
return Json("非法访问,错误的签名。", JsonRequestBehavior.AllowGet);
}
var projectCode = Request[CJClient.PROJECT_CODE];
//授权类型 如果是其他则自动识别当前环境
var strAuthType = Request[CJClient.AUTH_TYPE];
int authType = int.Parse(strAuthType);
if (authType == 999)
{
if (Request.UserAgent != null &&
Request.UserAgent.IndexOf("MicroMessenger", StringComparison.Ordinal) > 0)
{
authType = 1;
}
}
var callBack = Request[CJClient.CALL_BACK];
if (string.IsNullOrEmpty(projectCode) || string.IsNullOrEmpty(callBack))
{
return Content("非法访问,错误的参数。");
}
#endregion
var token = Tools.GetCookie(Stands.TOKEN);
//检查是否登录 (token 是否为空)
#region 如果已经登录
if (!string.IsNullOrEmpty(token))
{
var key = projectCode + "_" + token;
var model = CacheHelper.Item_Get<SSOUser>(key);
if (model != null)
{
var url = RouteUtils.RouteUrl(callBack, _client, model, null).Url;
//没有回调地址则删除redis信息重新登录
if (url == null)
{
_log.Warn("Url is null model:" + model);
//删除redis中的信息
CacheHelper.Item_Remove(key);
return Content("服务器繁忙请重试!");
}
return Redirect(url);
}
}
#endregion
//微信授权访问
#region 微信授权访问
var openId = Request[CJClient.OPEN_ID];
//openId 为了减少请求微信api次数 第一次获取后就存放到用户cookie中 存放时间为 1 年
if (string.IsNullOrEmpty(openId))
{
openId = Tools.GetCookie(Stands.OpenIdCookie);
}
//需要微信授权登录(1,登录方式auth_type=1 2,openid 为空)
if (authType == 1 && string.IsNullOrEmpty(openId))
{
Tools.SetCookie(Stands.CURRENT_PROJECT_CODE_KEY, projectCode);
Tools.SetCookie(projectCode + "_CallBack", callBack);
//微信授权
return Redirect(_client.GetWeixinAuthUrl(_appId, "cj_jason_sso"));
}
if (!string.IsNullOrEmpty(openId))
{
var key = projectCode + "_" + openId.ToUpper();
var model = CacheHelper.Item_Get<SSOUser>(key);
if (model == null)
{
var dics = new CJDictionary {
{ CJClient.PROJECT_CODE, projectCode },
{ CJClient.OPEN_ID,openId.ToUpper()},
{ CJClient.CALL_BACK, callBack}};
return Redirect(_client.BuildUrl(Stands.AUTH_HOST + loginPage, Stands.SIGN_SECRET, dics));
}
var authMessage = RouteUtils.RouteUrl(callBack, _client, model, null);
return Redirect(authMessage.Url);
}
#endregion
//拿到传递的参数转向到登录页面,此处没有对参数进行再次签名
var dic = _client.GetParamter(Request.Url.AbsoluteUri);
return Redirect(_client.BuildUrl(Stands.AUTH_HOST + loginPage, dic));
}
catch (Exception ex)
{
_log.Error(ex);
return Content("服务器繁忙...");
}
}
public ActionResult UserInfoCallback(string code, string state)
{
try
{
if (string.IsNullOrEmpty(code))
{
return Content("您拒绝了授权!");
}
if (state == null || state != "cj_jason_sso")
{
return Content("验证失败!请从正规途径进入!");
}
OAuthAccessTokenResult result = null;
//通过,用code换取access_token
try
{
result = OAuthApi.GetAccessToken(_appId, _secret, code);
Tools.SetCookie(Stands.OpenIdCookie, result.openid, DateTime.Now.AddYears(1));
Tools.SetCookie(Stands.AccessToken, result.access_token, DateTime.Now.AddYears(1));
}
catch (Exception ex)
{
_log.Error(ex);
return Content("服务器繁忙");
}
if (result.errcode != ReturnCode.请求成功)
{
_log.Error(result.errmsg);
return Content("错误:" + result.errmsg);
}
try
{
//callback&projectcode
////因为第一步选择的是OAuthScope.snsapi_userinfo,这里可以进一步获取用户详细信息
OAuthUserInfo userInfo = OAuthApi.GetUserInfo(result.access_token, result.openid);
SSOUser info = new SSOUser { Avatar = userInfo.headimgurl };
var projectCode = Tools.GetCookie(Stands.CURRENT_PROJECT_CODE_KEY);
var key = projectCode + "_" + userInfo.openid.ToUpper();
var model = CacheHelper.Item_Get<SSOUser>(key);
// Tools.Log(String.Format(" GET {0} {1} AuthorizeController>UserInfoCallback", key, model));
if (model == null)
{
var dic = new CJDictionary {
{ CJClient.PROJECT_CODE, projectCode },
{ CJClient.AUTH_TYPE, (int)AuthType.Weixin },
{ CJClient.AVATAR, info.Avatar },
{ CJClient.OPEN_ID,userInfo.openid}};
//把参数存到session
return Redirect(_client.BuildUrl(Stands.AUTH_HOST + loginPage, Stands.SIGN_SECRET, dic));
}
var callBack = Tools.GetCookie(projectCode + "_CallBack");
var authMessage = RouteUtils.RouteUrl(callBack, _client, model, null);
return Redirect(authMessage.Url);
}
catch (ErrorJsonResultException ex)
{
_log.Error(ex);
return Content(ex.Message);
}
}
catch (Exception ex)
{
_log.Error(ex);
return Content("服务器繁忙。。。");
}
}
public string BuildAuthUrl(string url, CJDictionary txtParams, DateTime timestamp)
{
var webUtils = new WebUtils();
return webUtils.BuildGetUrl(url, txtParams);
}
/// <summary>
/// 生成返回地址
/// </summary>
/// <param name="callBack"></param>
/// <param name="token"></param>
/// <param name="sign"></param>
/// <param name="dic"></param>
/// <returns></returns>
public string BuildReturnUrl(string callBack, CJDictionary dic)
{
dic = dic ?? new CJDictionary();
callBack = RefactorUrl(callBack, dic);
return BuildUrl(HttpUtility.UrlDecode(callBack), Stands.SIGN_SECRET, dic);
}
//解析并分离回调地址中的参数 ps:签名时会根据所有参数进行编码
public string RefactorUrl(string callBack, CJDictionary dic)
{
if (string.IsNullOrEmpty(callBack)) return string.Empty;
Uri uri = new Uri(WebUtils.UrlDecode(callBack));
string query = uri.Query;
if (!string.IsNullOrEmpty(query)) // 没有回调参数
{
query = query.Trim(new char[] { '?', ' ' });
if (query.Length > 0) // 没有回调参数
{
callBack = uri.AbsoluteUri.Replace(uri.Query, "");
dic.AddAll(SplitUrlQuery(query));
}
}
return callBack;
}
