//public void OnAuthorization
// (Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
//{
// throw new System.NotImplementedException();
//}
public void OnAuthorization
(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
// احمقانهترین روش کست کردن است
//Models.User user =
// (Models.User)context.HttpContext.Items["User"];
var user =
context.HttpContext.Items["User"] as Models.User;
// Not Logged in or Request with Crupted Token or Request with Expired Token!
if (user == null)
{
context.Result =
new Microsoft.AspNetCore.Mvc
.JsonResult(new { message = "Unauthorized" })
{
StatusCode =
Microsoft.AspNetCore.Http.StatusCodes.Status401Unauthorized,
};
}
// If User != null
//context.HttpContext.Request.Path
// /Products/Create
// Request to Database!
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationTokenRequirement requirement)
{
Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext resource = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
Microsoft.AspNetCore.Http.DefaultHttpContext httpContext = resource.HttpContext as Microsoft.AspNetCore.Http.DefaultHttpContext;
Microsoft.AspNetCore.Http.Internal.DefaultHttpRequest request = httpContext.Request as Microsoft.AspNetCore.Http.Internal.DefaultHttpRequest;
Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameRequestHeaders headers = request.Headers as Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameRequestHeaders;
string AuthorizationToken = headers.HeaderAuthorization;
if (String.IsNullOrEmpty(AuthorizationToken))
{
context.Fail();
}
else
{
string authvalue = AuthorizationToken.Replace("Bearer ", "");
bool isTokenValid = tokenProvider.IsTokenValid(authvalue);
if (isTokenValid)
{
ReadOnlyCollection <Claim> claims = tokenProvider.GetClaimsCollection(authvalue);
currentAuthenticationContext.setCurrentUser(claims.GetKey(ClaimKeys.USER_ID));
currentAuthenticationContext.setCurrentRoleId(claims.GetKey(ClaimKeys.ROLE));
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
return(Task.CompletedTask);
}
public override Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
// If there is another authorize filter, do nothing
if (context.Filters.Any(item => item is IAsyncAuthorizationFilter && item != this))
{
return(Task.FromResult(0));
}
//Otherwise apply this policy
return(base.OnAuthorizationAsync(context));
}
public override async Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
await base.OnAuthorizationAsync(context);
var username = context.HttpContext.User.Identity.Name;
Console.WriteLine($"{username} just logged in!");
// TODO Check our own database to see if this user has access to the resource
// TODO Log out the username to a service
// TODO Create the user in our own database on first visit
// TODO Your own business logic
}
/// <summary>
/// Gets the required scope from the route
/// </summary>
/// <param name="resource">Resource from the authorization context</param>
/// <returns>The scope associated with the specified route</returns>
protected (string Scope, string[] ScopeParts) GetScopeFromRoute(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext resource)
{
string service = resource.RouteData.Values.ElementAt(1).Value.ToString().ToLower();
string db = resource.RouteData.Values.ElementAt(2).Value.ToString();
string collection = resource.RouteData.Values.ElementAt(3).Value.ToString();
var scope = $"{SystemName}.{service}.{db}.{collection}";
var scopes = new string[4] {
SystemName, service, db, collection
};
return(scope, scopes);
}
public void OnAuthorization
(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
Models.User user =
context.HttpContext.Items["User"] as Models.User;
if (user == null)
{
// Not Logged in
context.Result =
new Microsoft.AspNetCore.Mvc
.JsonResult(new { message = "Unauthorized" })
{
StatusCode =
Microsoft.AspNetCore.Http.StatusCodes.Status401Unauthorized,
};
}
}
public override Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
var iSysAreaService = context.HttpContext.RequestServices.GetService(typeof(IRepository <SysArea>)) as Repository <SysArea>;
var area = (string)context.RouteData.Values["area"];
if (string.IsNullOrEmpty(area) || iSysAreaService == null || !iSysAreaService.GetAll(a => a.AreaName == area).Any())
{
return(Task.FromResult(0));
}
//从Cookie中读出,如果用户已经不存在需要重新登录
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
return(base.OnAuthorizationAsync(context));
}
//判断当前用户权限
var controller = (string)context.RouteData.Values["controller"];
var action = (string)context.RouteData.Values["action"];
var sysRoleService = context.HttpContext.RequestServices.GetService(typeof(IRepository <SysRole>)) as Repository <SysRole>;
var userInfo = context.HttpContext.RequestServices.GetService(typeof(IUserInfo)) as IUserInfo;
if (string.IsNullOrEmpty(userInfo.UserId))
{
//?需要注销当前用户?
return(base.OnAuthorizationAsync(context));
}
if (userInfo != null && sysRoleService != null && sysRoleService.GetAll(a => a.SysUserRoles.Any(b => b.UserId.Equals(userInfo.UserId)) &&
a.SysRoleSysControllerSysActions.Any(b => b.SysControllerSysAction.SysController.SysArea.AreaName.Equals(area) &&
b.SysControllerSysAction.SysController.ControllerName.Equals(controller) &&
b.SysControllerSysAction.SysAction.ActionName.Equals(action))).Any())
{
return(Task.FromResult(0));
}
// 用户无权限
context.Result = new BadRequestObjectResult("用户:" + userInfo.UserName + "(" + userInfo.UserId + ") 没有权限访问 " + area + " > " + controller + " > " + action + " !请联系系统管理员进行权限分配!");
return(Task.FromResult(0));
}
/// <summary>
/// </summary>
/// <param name="context">
/// </param>
/// <returns>
/// </returns>
public override Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
var iLogger = context.HttpContext.RequestServices.GetService(typeof(ILogger <UserAuthorizeFilter>)) as ILogger <UserAuthorizeFilter>;
var area = (string)context.RouteData.Values["area"];
if (string.IsNullOrEmpty(area) || context.HttpContext.RequestServices.GetService(typeof(ISysAreaService)) is not ISysAreaService iSysAreaService || !iSysAreaService.GetAll(a => a.AreaName == area).Any())
{
return(Task.FromResult(0));
}
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
// 用户未登录
context.Result = new UnauthorizedResult();
return(Task.FromResult(0));
}
//判断当前用户权限
var controller = (string)context.RouteData.Values["controller"];
var action = (string)context.RouteData.Values["action"];
var sysUserService = context.HttpContext.RequestServices.GetService(typeof(UserManager <IdentityUser>)) as UserManager <IdentityUser>;
var user = sysUserService.GetUserAsync(context.HttpContext.User).Result;
if (user != null && context.HttpContext.RequestServices.GetService(typeof(RoleManager <IdentityRole>)) is RoleManager <IdentityRole> sysRoleService && sysUserService != null && context.HttpContext.RequestServices.GetService(typeof(ISysRoleSysControllerSysActionService)) is ISysRoleSysControllerSysActionService iSysRoleSysControllerSysActionService)
{
var roles = sysUserService.GetRolesAsync(user).Result;
if (iSysRoleSysControllerSysActionService.GetAll(a => roles.Any(b => b == a.IdentityRole.Name)).Any(b => b.SysControllerSysAction.SysController.SysArea.AreaName.Equals(area) &&
b.SysControllerSysAction.SysController.ControllerName.Equals(controller) &&
b.SysControllerSysAction.SysAction.ActionName.Equals(action)))
{
return(base.OnAuthorizationAsync(context));
}
}
// 用户无权限
context.Result = new BadRequestObjectResult("用户:" + user.UserName + "(" + user.Id + ") 没有权限访问 " + area + " > " + controller + " > " + action + " !请联系系统管理员进行权限分配!");
return(Task.FromResult(0));
}
public override Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
base.OnAuthorizationAsync(context);
var togglerBlue = _context.Toggler.FirstOrDefault(m => m.NameButton == "isButtonBlue");
if ((togglerBlue != null) && (!togglerBlue.IsOn))
{
if (context.HttpContext.Request.Headers["Empresa"] != "service ABC")
{
return(Task.FromException(new Exception("Access Denied")));
}
}
var togglerGreen = _context.Toggler.FirstOrDefault(m => m.NameButton == "isButtonGreen");
if ((togglerGreen != null) && (togglerGreen.IsOn))
{
if (context.HttpContext.Request.Headers["Empresa"] != "service ABC")
{
return(Task.FromException(new Exception("Access Denied")));
}
}
else
{
return(Task.FromException(new Exception("Access Denied")));
}
var togglerRed = _context.Toggler.FirstOrDefault(m => m.NameButton == "isButtonRed");
if ((togglerRed != null) && (!togglerRed.IsOn))
{
if (context.HttpContext.Request.Headers["Empresa"] == "service ABC")
{
return(Task.FromException(new Exception("Access Denied")));
}
}
return(Task.CompletedTask);
}
private string GetScopeFromRoute(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext resource)
{
int dbIndex = 0;
int collectionIndex = 0;
int i = 0;
foreach (var key in resource.RouteData.Values.Keys)
{
if (key == "db")
{
dbIndex = i;
}
else if (key == "collection")
{
collectionIndex = i;
}
i++;
}
var db = string.Empty;
var collection = string.Empty;
i = 0;
foreach (var value in resource.RouteData.Values.Values)
{
if (i == dbIndex)
{
db = value.ToString();
}
if (i == collectionIndex)
{
collection = value.ToString();
}
i++;
}
var scope = $"fdns.object.{db}.{collection}";
return(scope);
}
public override Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
string authHeader = context.HttpContext.Request.Headers["Authorization"];
if (authHeader != null && authHeader.StartsWith("Secret"))
{
var token = authHeader.Substring("Secret ".Length).Trim();
UserPublicInfo userInfo;
if (_authorizationService.IsAuthonticate(token, out userInfo))
{
context.HttpContext.Items.Add("Authorization", userInfo);
return(Task.CompletedTask);
}
else
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new JsonResult(new { error = "Unauthorized." });
return(Task.CompletedTask);
}
}
return(base.OnAuthorizationAsync(context));
}
public System.Threading.Tasks.Task OnAuthorizationAsync(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext context)
{
throw null;
}
private string GetScopeFromRoute(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext resource)
{
var scope = $"fdns.example";
return(scope);
}
