示例#1
0
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            var principal = Thread.CurrentPrincipal;

            if (principal == null && HttpContext.Current != null)
            {
                principal = HttpContext.Current.User;
            }

            if (principal != null && principal.Identity != null && !principal.Identity.IsAuthenticated &&
                actionContext.IsUseAttributeOf <AuthorizeAttribute>())
            {
                actionContext.CreateErrorResponse("用户未登录!");
                return(false);
            }

            if (principal != null && principal.Identity != null && principal.Identity.IsAuthenticated)
            {
                if (!(principal.Identity is BasicAuthenticationIdentity identity))
                {
                    return(false);
                }

                var context = new Context(identity.Name);
                var bizUser = new UserBusiness(context);
                var result  = bizUser.ValidateLogin(identity.Name, identity.Password);
                if (!result.IsValid)
                {
                    actionContext.CreateErrorResponse(result.Message);
                }
                else
                {
                    actionContext.RequestContext.Principal         = principal;
                    actionContext.Request.Properties["Known_User"] = result.Data;
                }
                return(result.IsValid);
            }

            return(false);
        }
示例#2
0
        private static bool ValidateRequest(HttpActionContext actionContext)
        {
            var timestamp = actionContext.Request.GetQueryValue("timestamp");

            if (string.IsNullOrWhiteSpace(timestamp))
            {
                actionContext.CreateErrorResponse("缺少参数timestamp!");
                return(false);
            }

            if (!long.TryParse(timestamp, out long ms) || ms.ToString().Length != 13)
            {
                actionContext.CreateErrorResponse("不合法的timestamp!");
                return(false);
            }

            var requestTime = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1)).AddMilliseconds(ms);
            var diffSeconds = (DateTime.Now - requestTime).TotalSeconds;

            if (diffSeconds > ExpiredSeconds || diffSeconds < 0 - ExpiredSeconds)
            {
                actionContext.CreateErrorResponse("请求已超时!");
                return(false);
            }

            var nonce = actionContext.Request.GetQueryValue("nonce");

            if (string.IsNullOrWhiteSpace(nonce))
            {
                actionContext.CreateErrorResponse("缺少参数nonce!");
                return(false);
            }

            var sign = actionContext.Request.GetQueryValue("sign");

            if (string.IsNullOrWhiteSpace(sign))
            {
                actionContext.CreateErrorResponse("缺少参数sign!");
                return(false);
            }

            if (sign != GetSignature(actionContext.Request))
            {
                actionContext.CreateErrorResponse("sign格式不正确!");
                return(false);
            }

            return(true);
        }