public IActionResult Authenticate([FromBody] VUsers userDto) { var _Users = new Users(); _Users.LastLoginDateUtc = DateTime.UtcNow; _Users.Password = System.Text.Encoding.ASCII.GetBytes(userDto.Password); var user = _context.Users.FirstOrDefaultAsync(a => a.Email == userDto.Email && a.Password == _Users.Password).Result; List <MstMenuList> MenuList = new List <MstMenuList>(); List <MstModuleList> ModuleList = new List <MstModuleList>(); if (user != null) { MenuList = _context.MstMenuList.Where(t => t.UserId == user.Id).ToList(); //pass userid for the get menu list from paricular user. ModuleList = _context.MstModuleList.ToList(); } if (user == null) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.Name, userDto.Email) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecurityKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: _configuration["Issuer"], audience: _configuration["Audience"], claims: claims, expires: DateTime.Now.AddMinutes(30), signingCredentials: creds ); // return basic user info(without password) and token to store client side return(Ok(new { Id = user.Id, FullName = user.FullName, Email = user.Email, Token = new JwtSecurityTokenHandler().WriteToken(token), profilePicBinary = user.ProfilePicBinary, UserName = user.UserName, ModuleList = ModuleList, MenuList = MenuList })); }
/// <summary> /// 判断权限 /// </summary> /// <returns></returns> public static bool CheckPower(string actionName, string controllerName) { if (string.IsNullOrEmpty(controllerName)) { string redirectOnSuccess = HttpContext.Current.Request.Url.AbsolutePath; string[] localPathArr = redirectOnSuccess.Split('/'); if (localPathArr.Length - 2 > 0) { controllerName = localPathArr[localPathArr.Length - 2]; } else { controllerName = "Home"; } } //登录默认就可以拥有的权限 List <string> powerlist = new List <string> { "account/logout", "account/index" }; VUsers user = HttpContext.Current.Session["userinfo"] as VUsers; if (user == null) { return(false); } else { //pass 登录相关 if (powerlist.Where(s => s == (controllerName + "/" + actionName)).Any()) { return(true); } List <Power> powerList = user.PowerList; if (powerList == null) { return(false); } string roules = (controllerName + "/" + actionName).ToLower().Trim(); //没有权限直接不反馈任何东西 //return true; return(powerList.Where(p => p.path == roules && p.path != null).Any()); } }
/// <summary> /// 访问控制 /// </summary> /// <param name="filterContext"></param> protected override void OnActionExecuting(ActionExecutingContext filterContext) { string controller = filterContext.RouteData.Values["controller"].ToString().ToLower(); string action = filterContext.RouteData.Values["action"].ToString().ToLower(); //白名单,不需要验证 if (WhiteList.Any(w => w.ToLower() == controller + "/" + action) || WhiteList.Any(w => w.ToLower() == controller)) { return; } if (Session["userinfo"] == null) { filterContext.Result = new RedirectResult("/Account/Login"); } else { GlobalUser = Session["userinfo"] as VUsers; } }
public ActionResult Login(string username, string password) { SouNewsDBEntities db = new SouNewsDBEntities(); string pwd = string.Empty; if (password.Length == 32) { pwd = password; } else { pwd = SecurityHelper.MD5(password); } VUsers vuser = new VUsers(); var user = db.Users.Where(w => w.username == username && w.password == pwd).FirstOrDefault(); if (user != null) { List <Power> powerlist = null; //获取权限列表 var roleIds = db.UserRole.Where(w => w.userId == user.id).Select(w => w.roleId).ToList(); var roles = string.Join(",", db.Role.Where(w => roleIds.Contains(w.id)).Select(w => w.name).ToList()); if (roles.Contains("管理员")) { powerlist = db.Power.ToList(); } else { powerlist = (from a in db.Power join b in db.RolePower on a.id equals b.powerId where roleIds.Contains(b.roleId) select a).ToList(); } vuser.LoginUser = user; vuser.Roles = roles; vuser.PowerList = powerlist; Session["userinfo"] = vuser; return(Content("{'message':'ok','t':'" + pwd + "'}")); } return(Content("{'message':'no','t':''}")); }
public Users Post([FromBody] VUsers _VUsers) { var _Users = new Users(); try { _Users.Id = _VUsers.Id; _Users.Email = _VUsers.Email; _Users.UserName = _VUsers.UserName; _Users.EmailConfirmed = _VUsers.EmailConfirmed; _Users.PhoneNumber = _VUsers.PhoneNumber; _Users.LastLoginDateUtc = DateTime.UtcNow; _Users.Active = _VUsers.Active; _Users.CreatedOnUtc = DateTime.UtcNow; _Users.FullName = _VUsers.FullName; if (_VUsers.ProfilePicBinary != null) { _Users.ProfilePicBinary = _VUsers.ProfilePicBinary; } _Users.MimeType = _VUsers.MimeType; _Users.Password = System.Text.Encoding.ASCII.GetBytes(_VUsers.Password); if (_Users.Id == 0) { service.AddUser(_Users); } else { service.UpdateUser(_Users); } } catch (Exception ex) { throw ex; } return(_Users); }