public void OnAuthorization(AuthorizationContext filterContext) { // 支持预请求 if (filterContext.HttpContext.Request.HttpMethod.ToLower() == "options") { filterContext.Result = new EmptyResult(); return; } if (!isAuth) { return; } ResultWebData result = new ResultWebData(); //获取token string token = filterContext.HttpContext.Request.Headers["QWF-User-Token"].SafeConvert().ToStr(); string appId = filterContext.HttpContext.Request.Headers["QWF-AppID"].SafeConvert().ToStr(); //string url = filterContext.HttpContext.Request.RawUrl; string url = filterContext.HttpContext.Request.Url.AbsolutePath; if (token.StrValidatorHelper().StrIsNullOrEmpty() || appId.StrValidatorHelper().StrIsNullOrEmpty()) { //cookie 取值 if (filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_UserToken] == null || filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_AppId] == null) { throw new QWF.Framework.GlobalException.UIValidateException("用户没有登录或登录超时,请重新登录!", GlobalConst.LoginURL); } token = filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_UserToken].Value.SafeConvert().ToStr(); appId = filterContext.HttpContext.Request.Cookies[GlobalConst.COOKIE_Key_AppId].Value.SafeConvert().ToStr(); } //验证用户 using (var qwfContext = DbAccess.DbFrameworkContext.Create()) { var identifider = new Services.SvrModels.SvrUserIdentifier() { UserId = 0, UserName = string.Empty }; Services.BLL.UserHelper userHelper = new Services.BLL.UserHelper(qwfContext, identifider); //验证用户 token Services.BLL.User user = userHelper.CheckUserToken(appId, token); //验证用户URL 权限 if (!user.CheckUserInMenuPermission(url)) { throw new QWF.Framework.GlobalException.PermissionException(user.GetUserName() + "没有权限访问(" + url + ")"); } //验证通过则 设置当前用户信息到Session HttpContext.Current.Session[GlobalConst.SESSION_Key_UserInfo] = user.GetSvrShortUserInfo(); HttpContext.Current.Session.Timeout = 40; qwfContext.SaveChanges(); } }
public override void OnException(ExceptionContext filterContext) { // base.OnException(filterContext); var result = new ResultWebData(); result.Success = false; result.Message = "fail!"; // if (filterContext.Exception is QWF.Framework.GlobalException.UIValidateException) { //如果为UI,数据验证异常则不记录日志 QWF.Framework.GlobalException.UIValidateException uiex = (QWF.Framework.GlobalException.UIValidateException)filterContext.Exception; result.Message = uiex.Message; result.ReturnUrl = uiex.ReturnUrl; } else if (filterContext.Exception is QWF.Framework.GlobalException.UserValidateException) { result.Message = "用户验证失败,请重新登录!"; Common.LogHelper.Warning(result.Message + filterContext.Exception.Message); } else if (filterContext.Exception is QWF.Framework.GlobalException.PermissionException) { result.Message = "用户权限不够,无法访问!"; Common.LogHelper.Warning(result.Message + filterContext.Exception.Message); } else { var accessInfo = new AccessInfo(filterContext); //系统级错误日志,DEGBU模式则显示具体消息给前端,否则不显示 var sb = new System.Text.StringBuilder(); sb.Append("系统错误:"); sb.AppendLine(string.Format("区域={0}, 控制器={1}, 动作={2}, 方法={3}, 错误描述={4},堆栈={5}", accessInfo.Area, accessInfo.Controller, accessInfo.Action, accessInfo.HttpMethod, filterContext.Exception.Message, filterContext.Exception.StackTrace)); if (filterContext.Exception is System.Data.Entity.Validation.DbEntityValidationException) { //数据库异常 var dbEx = (System.Data.Entity.Validation.DbEntityValidationException)filterContext.Exception; sb.AppendLine("数据库异常:" + dbEx.Message); var errors = (from u in dbEx.EntityValidationErrors select u.ValidationErrors).ToList(); foreach (var item in errors) { sb.AppendLine("ERROR:" + item.FirstOrDefault().ErrorMessage); } foreach (var validationErrors in dbEx.EntityValidationErrors) { foreach (var validationError in validationErrors.ValidationErrors) { sb.AppendLine(string.Format("具体消息:Class: {0}, Property: {1}, Error: {2}", validationErrors.Entry.Entity.GetType().FullName, validationError.PropertyName, validationError.ErrorMessage)); } } } //写入日志 Common.LogHelper.Error(AppName, sb.ToString()); #if DEBUG result.Message += filterContext.Exception.Message; #else //dataResult.Message = "调用数据接口失败! 请查看系统日志"; #endif } var isAjax = filterContext.HttpContext.Request.IsAjaxRequest(); if (isAjax) { var actionResult = new ContentResult(); actionResult.Content = Newtonsoft.Json.JsonConvert.SerializeObject(result); filterContext.Result = actionResult; } else { System.Web.Mvc.ViewDataDictionary viewData = new ViewDataDictionary(); viewData["Message"] = result.Message; ViewResult viewResult = new ViewResult { ViewName = "Error", //错误页 MasterName = null, //指定母版页 ViewData = viewData, //指定模型 TempData = filterContext.Controller.TempData }; filterContext.Result = viewResult; filterContext.HttpContext.Response.Clear(); //filterContext.HttpContext.Response.StatusCode = 200; } filterContext.ExceptionHandled = true; }