wyw/mh_lcmk_sms_service
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
mh_lcmk_sms_service/APT.Utility/Providers/ApiAuthorize.cs
wyw d87b46fa2d first commit
2024-07-12 16:37:09 +08:00

105 lines
4.1 KiB
C#
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using System.Web.Security;
using LDX.BaseData.Domain.IServices;
using LDX.Core;
using LDX.Core.Caching;
using LDX.MES.Domain.IServices.FM;
namespace LDX.WebApi
{
/// <summary>
/// 指定用于验证请求的 System.Security.Principal.IPrincipal 的Api授权筛选器。
/// </summary>
public class ApiAuthorizeAttribute : System.Web.Http.AuthorizeAttribute, IOverrideFilter
{
/// <summary>
/// 是否需要登录
/// </summary>
public bool NeedLogin { get; set; }
/// <summary>
/// 为操作授权时调用。
/// </summary>
/// <param name="actionContext">上下文。</param>
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
//var authorization = actionContext.Request.Headers.Authorization;
//if ((authorization != null) && (authorization.Parameter != null))
//{
// //解密用户ticket,并校验用户名密码是否匹配
// var encryptTicket = authorization.Parameter;
// if (ValidateTicket(encryptTicket))
// {
// base.IsAuthorized(actionContext);
// }
// else
// {
// HandleUnauthorizedRequest(actionContext);
// }
//}
////如果取不到身份验证信息并且不允许匿名访问则返回未验证401
//else
//{
// var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
// bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
// if (isAnonymous) base.OnAuthorization(actionContext);
// else HandleUnauthorizedRequest(actionContext);
//}
}
//校验用户名密码(正式环境中应该是数据库校验)
private bool ValidateTicket(string encryptTicket)
{
var token= FormsAuthentication.Decrypt(encryptTicket);
if(token.Expired)
throw new Exception("令牌已过期");
//解密Ticket
var strTicket = token.UserData;
//从Ticket里面获取用户名和密码
//var index = strTicket.IndexOf("&");
//var strUser = new Guid(strTicket.Substring(0, index));
//string strPwd = strTicket.Substring(index + 1);
var strArray = strTicket.Split('&');
if (strArray.Length != 3)
throw new Exception("令牌参数数量不正确!");
var strUser = new Guid(strArray[0]);
string strPwd = strArray[1];
string type = strArray[2];
ServiceLocator locator = ServiceLocator.Instance;
var userService = locator.GetService<IFMUserService>();
//var platformService = locator.GetService<IPlatformUserService>();
if (type == "0")
{
var user = userService.Get(i => i.ID == strUser && i.PASSWORD == strPwd);
return user == null ? false : true;
}
else {
//var platformServiceInfo = platformService.Get(i => i.ID == strUser && i.PASSWORD == strPwd);
//return platformServiceInfo == null ? false : true;
return false;
}
}
private static bool SkipAuthorization(HttpActionContext actionContext)
{
return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any<AllowAnonymousAttribute>()
|| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any<AllowAnonymousAttribute>();
}
#region IOverrideFilter
public Type FiltersToOverride
{
get { return typeof(IAuthorizationFilter); }
}
#endregion
}
}
Reference in New Issue View Git Blame Copy Permalink