public async Task <MessageModel <JwtTokenOutDto> > JwtToken(JwtTokenInDto dto) { string jwt = string.Empty; dto.Pass = MD5Helper.MD5Encrypt32(dto.Pass); var user = (await _userAppService.Queryable(x => x.LoginName == dto.Name && x.LoginPwd == dto.Pass)).ToList(); if (user.Count > 0) { //基于角色授权 var userRoles = await _userAppService.GetUserRoleNameStr(dto.Name, dto.Pass); //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色 var claims = new List <Claim> { new Claim(ClaimTypes.Name, dto.Name), new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id), new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString()) }; claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s))); if (!Permissions.IsUseIds4) { var data = await _role2Module2PermissionAppService.RoleModuleMaps(); //角色,权限 关系列表 var list = (from item in data select new PermissionItem { Url = item.ModuleEntity?.LinkUrl, Role = item.RoleEntity?.Name, }).ToList(); _requirement.Permissions = list; } var token = JwtTokenHelper.BuildJwtToken(claims.ToArray(), _requirement); return(new MessageModel <JwtTokenOutDto>() { success = true, msg = "获取成功", response = token }); } else { return(await Task.FromResult(new MessageModel <JwtTokenOutDto>() { success = false, msg = "认证失败", })); } }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) { //请求执行方法 var httpContext = _accessor.HttpContext; // 获取系统中所有的角色和菜单的关系集合 if (!requirement.Permissions.Any()) { var data = await _role2Module2PermissionAppService.RoleModuleMaps(); var list = new List <PermissionItem>(); list = (from item in data select new PermissionItem { Url = item.ModuleEntity?.LinkUrl, Role = item.RoleEntity?.Name, }).ToList(); requirement.Permissions = list; } if (httpContext != null) { //请求地址 var questUrl = httpContext.Request.Path.Value.ToLower(); // 整体结构类似认证中间件UseAuthentication的逻辑,具体查看开源地址 // https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Core/src/AuthenticationMiddleware.cs httpContext.Features.Set <IAuthenticationFeature>(new AuthenticationFeature { OriginalPath = httpContext.Request.Path, OriginalPathBase = httpContext.Request.PathBase }); // Give any IAuthenticationRequestHandler schemes a chance to handle the request // 主要作用是: 判断当前是否需要进行远程验证,如果是就进行远程验证 var handlers = httpContext.RequestServices.GetRequiredService <IAuthenticationHandlerProvider>(); foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync()) { if (await handlers.GetHandlerAsync(httpContext, scheme.Name) is IAuthenticationRequestHandler handler && await handler.HandleRequestAsync()) { context.Fail(); return; } } //判断请求是否拥有凭据,即有没有登录 var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync(); if (defaultAuthenticate != null) { var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name); //result?.Principal不为空即登录成功 if (result?.Principal != null) { httpContext.User = result.Principal; // 获取当前用户的角色信息 var currentUserRoles = new List <string>(); // jwt currentUserRoles = (from item in httpContext.User.Claims where item.Type == requirement.ClaimType select item.Value).ToList(); var isMatchRole = false; var permisssionRoles = requirement.Permissions.Where(w => currentUserRoles.Contains(w.Role)); foreach (var item in permisssionRoles) { try { if (Regex.Match(questUrl, item.Url.ToLower())?.Value == questUrl) { isMatchRole = true; break; } } catch (Exception) { // ignored } } //验证权限 if (currentUserRoles.Count <= 0 || !isMatchRole) { context.Fail(); return; } var isExp = false; // jwt isExp = (httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration)?.Value) != null && DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration)?.Value) >= DateTime.Now; if (isExp) { context.Succeed(requirement); } else { context.Fail(); return; } return; } } //判断没有登录时,是否访问登录的url,并且是Post请求,并且是form表单提交类型,否则为失败 if (!(questUrl.Equals(requirement.LoginPath.ToLower(), StringComparison.Ordinal) && (!httpContext.Request.Method.Equals("POST") || !httpContext.Request.HasFormContentType))) { context.Fail(); return; } } }