public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { //不管是否设置检查权限,都必须是已认证身份,否则返回401 if (context.HttpContext.User.IsNull() || context.HttpContext.User.Claims.IsNullOrEmpty()) { context.Result = _401or403(context.HttpContext, 401); } if (!context.HttpContext.User.IsCissyAuthenticated()) { context.Result = _401or403(context.HttpContext, 401); } if (this.CissyAuthority.IsNotNull() && this.CissyAuthority.Power != 0) { AuthorityContext ac = context.HttpContext.GetAuthorityContext(); if (ac.IsNotNull()) { var AskScopeAuthority = ac.AskScopeAuthority; if (AskScopeAuthority.IsNotNullAndEmpty()) { if (AskScopeAuthority.TryGetValue(this.CissyAuthority.PermitId, out int k)) { if (k.Contains(this.CissyAuthority.Power)) { ac.OK = true; } } } } else { context.Result = _401or403(context.HttpContext, 401); } } await Task.CompletedTask; }
public static AuthorityContext GetAuthorityContext(this HttpContext httpContext) { AuthorityContext context = default; if (httpContext.Items.TryGetValue(AuthorityContext.AuthorityContextKey, out object ac)) { context = ac as AuthorityContext; } return(context); }
public async Task InvokeAsync(HttpContext context) { string token = string.Empty; if (Option.AuthenticationType == AuthenticationTypes.Cookie) { token = context.Request.Cookies[AuthenticationHelper.BuildCookieName(Option.Scheme)]; } else if (Option.AuthenticationType == AuthenticationTypes.Token) { string tokenAuthentication = context.Request.Headers["Authorization"]; if (tokenAuthentication != null && tokenAuthentication.Contains(Option.Scheme)) { token = tokenAuthentication.Trim().Split(" ")[1]; } } if (token.IsNotNullAndEmpty()) { DefaultJwtPrincipalBuilder builder = new DefaultJwtPrincipalBuilder(this.AppConfig.AuthSecret); var claimsPrincipal = builder.GetPrincipal(Option.Scheme, token); if (claimsPrincipal.IsNotNull()) { context.User = claimsPrincipal; AuthorityContext ac = new AuthorityContext(); ac.User = claimsPrincipal; var cl = claimsPrincipal.Claims.FirstOrDefault(m => m.Type == CissyClaimTypes.Permits); if (cl.IsNotNull())//开始构建权限上下文 { //step1,收集当前身份具有的权限集 string[] vs = cl.Value.Split(AuthoritySeparators.Top, StringSplitOptions.RemoveEmptyEntries); foreach (string v in vs) { string[] ms = v.Split(AuthoritySeparators.FirstLevel); if (!ac.AuthorityScopes.TryGetValue(ms[0], out Dictionary <int, int> dic)) { dic = new Dictionary <int, int>(); ac.AuthorityScopes[ms[0]] = dic; } dic[int.Parse(ms[1])] = int.Parse(ms[2]); } //step2,搜索权限请求范围 var scope = _getAuthorityScope(context); scope = scope.IsNullOrEmpty() ? AuthoritySeparators.DefaultScope : scope.Trim(); ac.AskScope = scope; } context.Items[AuthorityContext.AuthorityContextKey] = ac; } } await _next.Invoke(context); }