public IActionResult Authenticate([FromBody] VUsers userDto)
{
var _Users = new Users();
_Users.LastLoginDateUtc = DateTime.UtcNow;
_Users.Password = System.Text.Encoding.ASCII.GetBytes(userDto.Password);
var user = _context.Users.FirstOrDefaultAsync(a => a.Email == userDto.Email && a.Password == _Users.Password).Result;
List <MstMenuList> MenuList = new List <MstMenuList>();
List <MstModuleList> ModuleList = new List <MstModuleList>();
if (user != null)
{
MenuList = _context.MstMenuList.Where(t => t.UserId == user.Id).ToList(); //pass userid for the get menu list from paricular user.
ModuleList = _context.MstModuleList.ToList();
}
if (user == null)
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.Name, userDto.Email)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecurityKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: _configuration["Issuer"],
audience: _configuration["Audience"],
claims: claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds
);
// return basic user info(without password) and token to store client side
return(Ok(new
{
Id = user.Id,
FullName = user.FullName,
Email = user.Email,
Token = new JwtSecurityTokenHandler().WriteToken(token),
profilePicBinary = user.ProfilePicBinary,
UserName = user.UserName,
ModuleList = ModuleList,
MenuList = MenuList
}));
}
/// <summary>
/// 判断权限
/// </summary>
/// <returns></returns>
public static bool CheckPower(string actionName, string controllerName)
{
if (string.IsNullOrEmpty(controllerName))
{
string redirectOnSuccess = HttpContext.Current.Request.Url.AbsolutePath;
string[] localPathArr = redirectOnSuccess.Split('/');
if (localPathArr.Length - 2 > 0)
{
controllerName = localPathArr[localPathArr.Length - 2];
}
else
{
controllerName = "Home";
}
}
//登录默认就可以拥有的权限
List <string> powerlist = new List <string> {
"account/logout",
"account/index"
};
VUsers user = HttpContext.Current.Session["userinfo"] as VUsers;
if (user == null)
{
return(false);
}
else
{
//pass 登录相关
if (powerlist.Where(s => s == (controllerName + "/" + actionName)).Any())
{
return(true);
}
List <Power> powerList = user.PowerList;
if (powerList == null)
{
return(false);
}
string roules = (controllerName + "/" + actionName).ToLower().Trim();
//没有权限直接不反馈任何东西
//return true;
return(powerList.Where(p => p.path == roules && p.path != null).Any());
}
}
/// <summary>
/// 访问控制
/// </summary>
/// <param name="filterContext"></param>
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
string controller = filterContext.RouteData.Values["controller"].ToString().ToLower();
string action = filterContext.RouteData.Values["action"].ToString().ToLower();
//白名单,不需要验证
if (WhiteList.Any(w => w.ToLower() == controller + "/" + action) || WhiteList.Any(w => w.ToLower() == controller))
{
return;
}
if (Session["userinfo"] == null)
{
filterContext.Result = new RedirectResult("/Account/Login");
}
else
{
GlobalUser = Session["userinfo"] as VUsers;
}
}
public ActionResult Login(string username, string password)
{
SouNewsDBEntities db = new SouNewsDBEntities();
string pwd = string.Empty;
if (password.Length == 32)
{
pwd = password;
}
else
{
pwd = SecurityHelper.MD5(password);
}
VUsers vuser = new VUsers();
var user = db.Users.Where(w => w.username == username && w.password == pwd).FirstOrDefault();
if (user != null)
{
List <Power> powerlist = null;
//获取权限列表
var roleIds = db.UserRole.Where(w => w.userId == user.id).Select(w => w.roleId).ToList();
var roles = string.Join(",", db.Role.Where(w => roleIds.Contains(w.id)).Select(w => w.name).ToList());
if (roles.Contains("管理员"))
{
powerlist = db.Power.ToList();
}
else
{
powerlist = (from a in db.Power
join b in db.RolePower on a.id equals b.powerId
where roleIds.Contains(b.roleId)
select a).ToList();
}
vuser.LoginUser = user;
vuser.Roles = roles;
vuser.PowerList = powerlist;
Session["userinfo"] = vuser;
return(Content("{'message':'ok','t':'" + pwd + "'}"));
}
return(Content("{'message':'no','t':''}"));
}
public Users Post([FromBody] VUsers _VUsers)
{
var _Users = new Users();
try
{
_Users.Id = _VUsers.Id;
_Users.Email = _VUsers.Email;
_Users.UserName = _VUsers.UserName;
_Users.EmailConfirmed = _VUsers.EmailConfirmed;
_Users.PhoneNumber = _VUsers.PhoneNumber;
_Users.LastLoginDateUtc = DateTime.UtcNow;
_Users.Active = _VUsers.Active;
_Users.CreatedOnUtc = DateTime.UtcNow;
_Users.FullName = _VUsers.FullName;
if (_VUsers.ProfilePicBinary != null)
{
_Users.ProfilePicBinary = _VUsers.ProfilePicBinary;
}
_Users.MimeType = _VUsers.MimeType;
_Users.Password = System.Text.Encoding.ASCII.GetBytes(_VUsers.Password);
if (_Users.Id == 0)
{
service.AddUser(_Users);
}
else
{
service.UpdateUser(_Users);
}
}
catch (Exception ex)
{
throw ex;
}
return(_Users);
}
