.net 授权验证
授权部分
namespace xxxxxx { /// <summary> /// 身份验证类 /// </summary> /// <typeparam name="TUserData"></typeparam> public class ConsumerAuthentication<TUserData> where TUserData : class, new() { //Cookie保存是时间 private const int CookieSaveDays = 14; /// <summary> /// 用户登录成功时设置Cookie /// </summary> /// <param name="username">用户名称</param> /// <param name="userData">用户实体</param> /// <param name="rememberMe">是否记住用户(true:记住)</param> public static void SetAuthCookie(string username, TUserData userData, bool rememberMe) { if (userData == null) { throw new ArgumentNullException("userData"); } string data = (new JavaScriptSerializer()).Serialize(userData); //用户实体json串 //为提供的用户名提供一个身份验证的票据 FormsAuthentication.SetAuthCookie(username, true, FormsAuthentication.FormsCookiePath); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, username, DateTime.Now, DateTime.Now.AddDays(CookieSaveDays), rememberMe, data); //创建ticket string cookieValue = FormsAuthentication.Encrypt(ticket); //加密ticket //创建Cookie var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue) { HttpOnly = false, Secure = FormsAuthentication.RequireSSL, Domain = FormsAuthentication.CookieDomain, Path = FormsAuthentication.FormsCookiePath, }; if (rememberMe) { cookie.Expires = DateTime.Now.AddDays(CookieSaveDays); } //写入Cookie HttpContext.Current.Response.Cookies.Remove(cookie.Name); HttpContext.Current.Response.Cookies.Add(cookie); } /// <summary> /// 从Request中解析出Ticket,UserData /// </summary> /// <param name="request">当前上下文中的HttpRequest</param> /// <returns></returns> public static ConsumerFormsPrincipal<TUserData> TryParsePrincipal(HttpRequest request) { if (request == null) { throw new ArgumentNullException("request"); } //1. 读登录Cookie HttpCookie cookie = request.Cookies[FormsAuthentication.FormsCookieName]; //获取cookie中的登陆信息 if (cookie == null || string.IsNullOrEmpty(cookie.Value)) return null; try { // 2. 解密Cookie值,获取FormsAuthenticationTicket对象 var ticket = FormsAuthentication.Decrypt(cookie.Value); if (ticket != null && !string.IsNullOrEmpty(ticket.UserData)) { var userData = (new JavaScriptSerializer()).Deserialize<TUserData>(ticket.UserData); if (userData != null) { return new ConsumerFormsPrincipal<TUserData>(ticket, userData); } } return null; } catch { /* 有异常也不要抛出,防止攻击者试探。 */ return null; } } } }
实体
UserRoles
namespace LightMarketingSystem.Web.InSevers { /// <summary> /// 用户角色对象 /// </summary> public class UserRoles { /// <summary> /// 用户编号 /// </summary> public int UserId { get; set; } /// <summary> /// 用户的角色编号 /// </summary> public int RoleId { get; set; } } }
/// <summary> /// Manger用户对象 /// </summary> public class ManagerUserDataPrincipal : IPrincipal { /// <summary> /// 用户编号 /// </summary> public int UserId { get; set; } /// <summary> /// 手机号 /// </summary> public string Moblie { get; set; } /// <summary> /// 电子邮箱地址 /// </summary> public string Mail { get; set; } /// <summary> /// 用户名称 /// </summary> public string Name { get; set; } /// <summary> /// 用户所有角色 /// </summary> public List<int> RoleId { get; set; } /// <summary> /// 用户组(名称) /// </summary> public string RoleGorup { get; set; } /// <summary> /// 是否必须修改密码 /// </summary> public bool MandatoryPass { get; set; } //用户的角色源集合 public List<UserRoles> mingshiDb = new List<UserRoles>(); /// <summary> /// 当使用Authorize特性时,会调用该方法验证角色 /// </summary> /// <param name="role"></param> /// <returns></returns> public bool IsInRole(string role) { if (string.IsNullOrEmpty(role)) return true; //找出用户所有所属角色 var roles = role.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); //角色要求 return (from s in roles from userrole in RoleId where s.Equals(userrole.ToString()) select s).Any(); //查找 } /// <summary> /// 验证用户信息 /// </summary> /// <param name="user"></param> /// <returns></returns> public bool IsInUser(string user) { //找出用户所有所属角色组 var users = user.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); return users.Contains(RoleGorup); } [ScriptIgnore] //在序列化的时候忽略该属性 public IIdentity Identity { get { throw new NotImplementedException(); } } } }
CustomerUserDataPrincipal
namespace xxxxx { /// <summary> /// 用户对象的基本功能 /// </summary> public class CustomerUserDataPrincipal : IPrincipal { /// <summary> /// 用户编号 /// </summary> public int UserId { get; set; } /// <summary> /// 机构编号 /// </summary> public int AgencyId { get; set; } /// <summary> /// 手机号 /// </summary> public string Moblie { get; set; } public string Mail { get; set; } public string Name { get; set; } //这里可以定义其他一些属性 public List<int> RoleId { get; set; } /// <summary> /// 用户组 /// </summary> public string RoleGorup { get; set; } //用户的角色源集合 public List<UserRoles> mingshiDb = new List<UserRoles>(); /// <summary> /// 当使用Authorize特性时,会调用该方法验证角色 /// </summary> /// <param name="role"></param> /// <returns></returns> public bool IsInRole(string role) { if (string.IsNullOrEmpty(role)) return true; //找出用户所有所属角色 var roles = role.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); //角色要求 return (from s in roles from userrole in RoleId where s.Equals(userrole.ToString()) select s).Any(); //查找 } /// <summary> /// 验证用户信息 /// </summary> /// <param name="user"></param> /// <returns></returns> public bool IsInUser(string user) { //找出用户所有所属角色组 var users = user.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); return users.Contains(RoleGorup); // return mingshiDb.Any(u => users.Contains(u.RoleGp)); } [ScriptIgnore] //在序列化的时候忽略该属性 public IIdentity Identity { get { throw new NotImplementedException(); } } } }
ConsumerFormsPrincipal<TUserData>
namespace xxxxxx { /// <summary> /// 通用的用户实体 /// </summary> /// <typeparam name="TUserData"></typeparam> public class ConsumerFormsPrincipal<TUserData> : IPrincipal where TUserData : class, new() { /// <summary> /// 当前用户实例 /// </summary> public IIdentity Identity { get; private set; } /// <summary> /// 用户数据 /// </summary> public TUserData UserData { get; private set; } /// <summary> /// 使用用户票据和用户信息构建通用的用户实体 /// </summary> /// <param name="ticket"></param> /// <param name="userData"></param> public ConsumerFormsPrincipal(FormsAuthenticationTicket ticket, TUserData userData) { if (ticket == null) throw new ArgumentNullException("ticket"); if (userData == null) throw new ArgumentNullException("userData"); Identity = new FormsIdentity(ticket); UserData = userData; } /// <summary> /// 角色验证 /// </summary> /// <param name="role"></param> /// <returns></returns> public bool IsInRole(string role) { var userData = UserData as CustomerUserDataPrincipal; if (userData == null) throw new NotImplementedException(); return userData.IsInRole(role); } /// <summary> /// 用户名验证 /// </summary> /// <param name="user"></param> /// <returns></returns> public bool IsInUser(string user) { var userData = UserData as CustomerUserDataPrincipal; if (userData == null) throw new NotImplementedException(); return userData.IsInUser(user); } } }
特性
namespace xxxxxx { /// <summary> /// 验证角色和用户名的类 /// </summary> public class ConsumerAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { var user = httpContext.User as ConsumerFormsPrincipal<CustomerUserDataPrincipal>; //获取登陆的用户信息 if (user != null) { return (user.IsInRole(Roles) || user.IsInUser(Users)); //验证角色信息 } return false; } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { if (filterContext.HttpContext.Request.IsAjaxRequest()) //ajax调用方式 { filterContext.Result = new ContentResult(); filterContext.HttpContext.Response.StatusCode = Convert.ToInt32(System.Net.HttpStatusCode.Forbidden); } else { //验证不通过,直接跳转到相应页面,注意:如果不使用以下跳转,则会继续执行Action方法 string returnUrl = filterContext.HttpContext.Request.Url.AbsolutePath; //获取当期请求的地址 string redirectUrl = string.Format("?ReturnUrl={0}", returnUrl); string loginUrl = FormsAuthentication.LoginUrl + redirectUrl; //响应当前请求 filterContext.HttpContext.Response.Redirect(loginUrl, true); } } } }
使用
登录部分
1 if (user.IsPause == 0) 2 { 3 //构造用户数据(可以添加更多数据,这里只保存用户Id) 4 List<int> roleIdList = new List<int>(); 5 roleIdList.Add(user.RoleId); 6 7 //用户:consumer 8 var userData = new CustomerUserDataPrincipal { UserId = user.Id, RoleId = roleIdList, AgencyId = user.AgencyId, Mail = user.EMail, Moblie = user.Moblie, Name = user.Name, RoleGorup = "consumer" }; //定义用户对象 9 //保存Cookie 10 ConsumerAuthentication<CustomerUserDataPrincipal>.SetAuthCookie(user.Name, userData, rememberMe); 11 //设置 12 result.Result = user; 13 } 14 else 15 { 16 result.AddErrorCode("账号已被停用!"); 17 }
1 /// <summary> 2 /// 获取当前登录的客户信息 3 /// </summary> 4 /// <param name="context">当前请求的上下文对象</param> 5 /// <returns></returns> 6 public static U_Staff GetCurrentContextUser(System.Web.HttpContextBase httpContext) 7 { 8 if (httpContext == null) return null; 9 if (httpContext.User != null) 10 { 11 12 U_Staff staff = new U_Staff(); 13 //转换用户 14 ConsumerFormsPrincipal<CustomerUserDataPrincipal> userData = (ConsumerFormsPrincipal<CustomerUserDataPrincipal>)httpContext.User; 15 staff.Id = userData.UserData.UserId; 16 staff.AgencyId = userData.UserData.AgencyId; 17 staff.Moblie = userData.UserData.Moblie; 18 staff.EMail = userData.UserData.Mail; 19 staff.Name = userData.UserData.Name; 20 staff.IsPause = userData.UserData.AgencyId; 21 22 return staff; 23 } 24 return null; 25 }
action 特性过滤器
[ConsumerAuthorize(Users = "consumer")] //要求登录,并且是这两种角色 public class ConsumerController : Controller { }
/// <summary> /// 使安全模块对请求进行身份验证 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Application_PostAuthenticateRequest(object sender, System.EventArgs e) { var formsIdentity = HttpContext.Current.User.Identity as FormsIdentity; if (formsIdentity != null && formsIdentity.IsAuthenticated && formsIdentity.AuthenticationType == "Forms") { //获取当前登陆的用户 HttpContext.Current.User = ConsumerAuthentication<CustomerUserDataPrincipal>.TryParsePrincipal(HttpContext.Current.Request); } }
浙公网安备 33010602011771号