protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
//1. 如果session中不存在user对象,说明session超时或者用户没有登录
var session = httpContext.Session;
if (session["user"] == null)
{
//var cookie = httpContext.Request.Cookies["usrck"];
//if (cookie == null)
//{
AbsAuthorizeLoginResult result = AbsAuthorizeLogin.AuthorizeCore(httpContext.Request["token"], "http://localhost:54805/");
if (!result.Success)
{
httpContext.Response.StatusCode = 401;
}
else
{
session["user"] = result.User;
httpContext.Request.Cookies.Add(new HttpCookie("usrck", JsonConvert.SerializeObject(result.User)));
}
//}
//else
//{
// session["user"] = JsonConvert.DeserializeObject<SessionUser>(cookie.Value);
//}
}
//3. 通过角色鉴权
return(true);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//本系统验证登陆
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
//sso服务端验证是否登陆
AbsAuthorizeLoginResult result = AbsAuthorizeLogin.AuthorizeCore(httpContext.Request["token"], "http://localhost:54805/");
if (!result.Success)
{
httpContext.Response.StatusCode = 401;
return(false);
}
else
{
string CookieUser = JsonConvert.SerializeObject(new CookieUser()
{
UserId = result.User.UserId, RoleId = result.User.UserRole.ID, LoginName = result.User.LoginName, RoleName = result.User.UserRole.Name
}); //序列化用户实体
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, result.User.LoginName, DateTime.Now, DateTime.Now.AddDays(1), false, CookieUser);
HttpCookie Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(Ticket)); //加密身份信息,保存至Cookie
httpContext.Response.Cookies.Add(Cookie);
Cookie.HttpOnly = true;
return(true);
}
}
return(true);
}
