public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if(ModelState.IsValid) { Tuple<KoalaBlogIdentityObject, SignInStatus, string> result = await Services.SecurityClient.SignInAsync(model.UserName, model.Password, model.RememberMe); var identityObj = result.Item1; var signInStatus = result.Item2; var accessToken = result.Item3; switch (signInStatus) { case SignInStatus.Succeeded: KoalaBlogSecurityManager.SetAuthCookie(accessToken); KoalaBlogIdentity identity = new KoalaBlogIdentity(identityObj); KoalaBlogPrincipal principal = new KoalaBlogPrincipal(identity); System.Threading.Thread.CurrentPrincipal = principal; return RedirectToLocal(returnUrl); case SignInStatus.NotYetEmailConfirmed: ConfirmEmailViewModel cevModel = new ConfirmEmailViewModel() { UserID = identityObj.UserID, Email = identityObj.Email, IsEmailConfirmed = false }; return View("ConfirmEmail", cevModel); case SignInStatus.LockedOut: return View("LockedOut"); case SignInStatus.Failure: AddErrors("账号密码错误"); break; } } return View(model); }
public void OnAuthentication(AuthenticationContext filterContext) { if(filterContext == null) { throw new ArgumentNullException("filterContext"); } //1. If there are define allow Anonymous attribute, do nothing. if (IsDefinedAllowAnonymous(filterContext)) { return; } //2. If there are no credentials, set the error result. if(string.IsNullOrEmpty(KoalaBlogSecurityManager.GetAuthCookie())) { filterContext.Result = new AuthenticationFailureResult(); } else { //3. Check the credentials. KoalaBlogIdentityObject identityObj = ClientContext.Clients.CreateSecurityClient().GetIdentityObj(); //4. If the credentials are bad, set the error result. if(identityObj == null) { filterContext.Result = new AuthenticationFailureResult(); } else { KoalaBlogIdentity identity = new KoalaBlogIdentity(identityObj); KoalaBlogPrincipal principal = new KoalaBlogPrincipal(identity); filterContext.Principal = principal; } } }
/// <summary> /// 验证Bearer Token /// </summary> /// <param name="userAccountId">用户ID</param> /// <param name="accessToken">令牌</param> /// <returns></returns> public async Task<IPrincipal> AuthenticateBearerTokenAsync(string accessToken) { //1. 根据条件获取Token对象。 Token bearerToken = await Fetch(x => x.AccessToken == accessToken && !x.IsRevoked && x.ExpirationDate > DateTime.Now).SingleOrDefaultAsync(); if(bearerToken != null) { //2. 如果Token对象不为空,则为Token验证成功,建立Principal。 KoalaBlogIdentityObject identityObj = new KoalaBlogIdentityObject(); UserAccountXPersonHandler uaxpHandler = new UserAccountXPersonHandler(_dbContext); //3. 获取UserAccountXPerson对象。 UserAccountXPerson uaxp = await uaxpHandler.LoadByUserAccountIDIncludeUserAccountAndPersonAsync(bearerToken.UserAccountID); if(uaxp != null) { if (uaxp.UserAccount != null) { identityObj.UserID = uaxp.UserAccount.ID; identityObj.UserName = uaxp.UserAccount.UserName; identityObj.Email = uaxp.UserAccount.Email; identityObj.Status = uaxp.UserAccount.Status; } if (uaxp.Person != null) { identityObj.PersonID = uaxp.Person.ID; identityObj.PersonNickName = uaxp.Person.NickName; identityObj.Introduction = uaxp.Person.Introduction; } } else { UserAccountHandler uaHandler = new UserAccountHandler(_dbContext); //4. 如果UserAccountXPerson对象为空,意味着可能是用户注册还没完成,则根据用户名获取UserAccount对象,赋值IdentityObject通用Property。 UserAccount userAccount = await uaHandler.GetByIdAsync(bearerToken.UserAccountID); if (userAccount != null) { identityObj.UserID = userAccount.ID; identityObj.UserName = userAccount.UserName; identityObj.Email = userAccount.Email; identityObj.Status = userAccount.Status; } } KoalaBlogIdentity identity = new KoalaBlogIdentity(identityObj); KoalaBlogPrincipal principal = new KoalaBlogPrincipal(identity); return principal; } return null; }