private ActionResult ValidateCredential(HttpContextBase httpContext, CredentialPrincipal principal, Common.IValidator <Credential> validator) { //获取凭证提供者服务 var credentialProvider = this.CredentialProvider; if (credentialProvider == null) { throw new MissingMemberException(this.GetType().FullName, "CredentialProvider"); } //如果指定的主体为空,或对应的凭证编号不存在,或对应的凭证已过期则返回未验证结果 if (principal == null || principal.Identity == null || !credentialProvider.Validate(principal.Identity.CredentialId)) { return(new HttpUnauthorizedResult()); } //使用凭证验证器对指定的凭证进行验证,如果验证失败 if (validator != null && !validator.Validate(principal.Identity.Credential)) { //如果当前请求的路径是主页,并且是从登录页面跳转而来的返回特定的结果 if (httpContext.Request.Path == "/" && httpContext.Request.UrlReferrer != null && string.Equals(httpContext.Request.UrlReferrer.LocalPath, AuthenticationUtility.GetLoginUrl(), StringComparison.OrdinalIgnoreCase)) { return(new HttpStatusCodeResult(444, "Invalid Credential")); } return(new HttpStatusCodeResult(System.Net.HttpStatusCode.Forbidden)); } //返回空,表示成功 return(null); }
public AuthorizationEventArgs(CredentialPrincipal principal, string schemaId, string actionId, bool isAuthorized) { if(principal == null) throw new ArgumentNullException("principal"); _principal = principal; _schemaId = schemaId; _actionId = actionId; _isAuthorized = isAuthorized; }
public AuthorizationEventArgs(CredentialPrincipal principal, string schemaId, string actionId, bool isAuthorized) { if (principal == null) { throw new ArgumentNullException("principal"); } _principal = principal; _schemaId = schemaId; _actionId = actionId; _isAuthorized = isAuthorized; }
public void Register(CredentialPrincipal principal) { if (principal == null || principal.Identity == null) { return; } var cache = this.Cache.Value ?? throw new InvalidOperationException($"Missing the required cache."); //确保同个用户在相同场景下只能存在一个凭证 if (cache.GetValue(this.GetCacheKeyOfUser(principal.Identity.GetIdentifier(), principal.Scenario)) is string credentialId && credentialId.Length > 0) { //将同名用户及场景下的原来的凭证删除(即踢下线) cache.Remove(this.GetCacheKeyOfCredential(credentialId)); //将本地内存缓存中的凭证对象删除 _memoryCache.Remove(credentialId); } //确保指定的凭证主体的过期时间是有效的 if (principal.Expiration == TimeSpan.Zero) { principal.Expiration = this.Options.GetPeriod(principal.Scenario); } //激发“Registering”事件 this.OnRegistering(principal); //将当前用户身份保存到物理存储层中 cache.SetValue(this.GetCacheKeyOfCredential(principal.CredentialId), principal.Serialize(), principal.Expiration); //设置当前用户及场景所对应的唯一凭证号为新注册的凭证号 cache.SetValue(this.GetCacheKeyOfUser(principal.Identity.GetIdentifier(), principal.Scenario), principal.CredentialId, principal.Expiration); //将凭证对象保存到本地内存缓存中 _memoryCache.SetValue(principal.CredentialId, new CredentialToken(principal), TimeSpan.FromSeconds(principal.Expiration.TotalSeconds * 0.6)); //激发“Registered”事件 this.OnRegistered(principal, false); }
public CredentialPrincipal GetPrincipal(string credentialId) { if (string.IsNullOrEmpty(credentialId)) { return(null); } //如果本地缓存获取成功则直接返回 if (_memoryCache.GetValue(credentialId) is CredentialToken token) { if (token.Active()) { this.Refresh(credentialId, token); } return(token.Principal); } var cache = this.Cache.Value ?? throw new InvalidOperationException($"Missing the required cache."); var buffer = cache.GetValue <byte[]>(this.GetCacheKeyOfCredential(credentialId)); if (buffer == null || buffer.Length == 0) { return(null); } var principal = CredentialPrincipal.Deserialize(buffer); //顺延当前用户及场景对应凭证号的缓存项的过期时长 cache.SetExpiry(this.GetCacheKeyOfUser(principal.Identity.GetIdentifier(), principal.Scenario), principal.Expiration); //顺延当前凭证缓存项的过期时长 cache.SetExpiry(this.GetCacheKeyOfCredential(credentialId), principal.Expiration); //将获取到的凭证保存到本地内存缓存中 _memoryCache.SetValue(credentialId, new CredentialToken(principal), TimeSpan.FromSeconds(principal.Expiration.TotalSeconds * 0.6)); return(principal); }
public static void EnsureAuthroize(CredentialPrincipal principal, ISet <string> roles) { if (principal != null) { if (principal.IsAdministrator) { return; } if (roles != null || roles.Count > 0) { foreach (var role in roles) { if (principal.InRole(role)) { return; } } } } throw new System.Web.Http.HttpResponseException(System.Net.HttpStatusCode.Forbidden); }
public CredentialToken(CredentialPrincipal principal) { this.Principal = principal ?? throw new ArgumentNullException(nameof(principal)); _issuedTime = _activeTime = DateTime.Now; }
protected virtual void OnRegistering(CredentialPrincipal principal) { this.Registering?.Invoke(this, new CredentialRegisterEventArgs(principal)); }
protected virtual void OnRegistered(CredentialPrincipal principal, bool renewal) { this.Registered?.Invoke(this, new CredentialRegisterEventArgs(principal, renewal)); }