public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if(ModelState.IsValid)
{
Tuple<KoalaBlogIdentityObject, SignInStatus, string> result = await Services.SecurityClient.SignInAsync(model.UserName, model.Password, model.RememberMe);
var identityObj = result.Item1;
var signInStatus = result.Item2;
var accessToken = result.Item3;
switch (signInStatus)
{
case SignInStatus.Succeeded:
KoalaBlogSecurityManager.SetAuthCookie(accessToken);
KoalaBlogIdentity identity = new KoalaBlogIdentity(identityObj);
KoalaBlogPrincipal principal = new KoalaBlogPrincipal(identity);
System.Threading.Thread.CurrentPrincipal = principal;
return RedirectToLocal(returnUrl);
case SignInStatus.NotYetEmailConfirmed:
ConfirmEmailViewModel cevModel = new ConfirmEmailViewModel() { UserID = identityObj.UserID, Email = identityObj.Email, IsEmailConfirmed = false };
return View("ConfirmEmail", cevModel);
case SignInStatus.LockedOut:
return View("LockedOut");
case SignInStatus.Failure:
AddErrors("账号密码错误");
break;
}
}
return View(model);
}
public void OnAuthentication(AuthenticationContext filterContext)
{
if(filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
//1. If there are define allow Anonymous attribute, do nothing.
if (IsDefinedAllowAnonymous(filterContext))
{
return;
}
//2. If there are no credentials, set the error result.
if(string.IsNullOrEmpty(KoalaBlogSecurityManager.GetAuthCookie()))
{
filterContext.Result = new AuthenticationFailureResult();
}
else
{
//3. Check the credentials.
KoalaBlogIdentityObject identityObj = ClientContext.Clients.CreateSecurityClient().GetIdentityObj();
//4. If the credentials are bad, set the error result.
if(identityObj == null)
{
filterContext.Result = new AuthenticationFailureResult();
}
else
{
KoalaBlogIdentity identity = new KoalaBlogIdentity(identityObj);
KoalaBlogPrincipal principal = new KoalaBlogPrincipal(identity);
filterContext.Principal = principal;
}
}
}
/// <summary>
/// 验证Bearer Token
/// </summary>
/// <param name="userAccountId">用户ID</param>
/// <param name="accessToken">令牌</param>
/// <returns></returns>
public async Task<IPrincipal> AuthenticateBearerTokenAsync(string accessToken)
{
//1. 根据条件获取Token对象。
Token bearerToken = await Fetch(x => x.AccessToken == accessToken && !x.IsRevoked && x.ExpirationDate > DateTime.Now).SingleOrDefaultAsync();
if(bearerToken != null)
{
//2. 如果Token对象不为空,则为Token验证成功,建立Principal。
KoalaBlogIdentityObject identityObj = new KoalaBlogIdentityObject();
UserAccountXPersonHandler uaxpHandler = new UserAccountXPersonHandler(_dbContext);
//3. 获取UserAccountXPerson对象。
UserAccountXPerson uaxp = await uaxpHandler.LoadByUserAccountIDIncludeUserAccountAndPersonAsync(bearerToken.UserAccountID);
if(uaxp != null)
{
if (uaxp.UserAccount != null)
{
identityObj.UserID = uaxp.UserAccount.ID;
identityObj.UserName = uaxp.UserAccount.UserName;
identityObj.Email = uaxp.UserAccount.Email;
identityObj.Status = uaxp.UserAccount.Status;
}
if (uaxp.Person != null)
{
identityObj.PersonID = uaxp.Person.ID;
identityObj.PersonNickName = uaxp.Person.NickName;
identityObj.Introduction = uaxp.Person.Introduction;
}
}
else
{
UserAccountHandler uaHandler = new UserAccountHandler(_dbContext);
//4. 如果UserAccountXPerson对象为空,意味着可能是用户注册还没完成,则根据用户名获取UserAccount对象,赋值IdentityObject通用Property。
UserAccount userAccount = await uaHandler.GetByIdAsync(bearerToken.UserAccountID);
if (userAccount != null)
{
identityObj.UserID = userAccount.ID;
identityObj.UserName = userAccount.UserName;
identityObj.Email = userAccount.Email;
identityObj.Status = userAccount.Status;
}
}
KoalaBlogIdentity identity = new KoalaBlogIdentity(identityObj);
KoalaBlogPrincipal principal = new KoalaBlogPrincipal(identity);
return principal;
}
return null;
}
