权限认证
1、继承IAuthorizationFilter接口
using GWHomeBigData.Cache; using GWHomeBigData.Model; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Authorization; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.Extensions.DependencyInjection; using System; using System.Linq; using System.Net; using System.Security.Claims; namespace GWHomeBigData.Statistics.WebApi.Filter { public class AuthFilter: IActionFilter, IAuthorizationFilter//AuthorizeFilter { public void OnActionExecuted(ActionExecutedContext context) { } public void OnActionExecuting(ActionExecutingContext context) { } public void OnAuthorization(AuthorizationFilterContext context) { //允许匿名访问 if (context.HttpContext.User.Identity.IsAuthenticated || context.Filters.Any(item => item is IAllowAnonymousFilter)) return; var cache = context.HttpContext.RequestServices.GetService<ICache>(); var _context = context.HttpContext; var claimsIdentity = _context.User.Identity as ClaimsIdentity; var _request = _context.Request; var _authorization = _request.Headers["Authorization"].ToString(); if(_authorization!=null && _authorization.Contains("BasicAuth")) { //获取请求头中传递的ticket var current_ticket = _authorization.Split(" ")[1]; string _key = Model.Util.GetRedis("token", current_ticket); var user = cache.Get<SysUserInfo>(_key); if (user==null) { _context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Result = new JsonResult(new {Ok=false,Error="token失效"}); return; } context.HttpContext.Items.Add("userInfo", user); context.HttpContext.Items.Add("redisUserKey",_key); return; } _context.Response.StatusCode =(int)HttpStatusCode.Unauthorized; context.Result = new JsonResult(new { Ok = false, Error = "token无效" }); } } }
2、Startup全局注册过滤器
public IServiceProvider ConfigureServices(IServiceCollection services) { string _timeOutStr = Configuration["HttpRequest.TimeOut"]; if (!int.TryParse(Configuration["HttpRequest.TimeOut"], out HttpRequest.Timeout)) { HttpRequest.Timeout = 5000; } services.AddCors(options => { options.AddPolicy("any", builder => { builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials(); }); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddJsonOptions(options => options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver()); services.AddMvc(m => { m.Filters.Add(typeof(AuthFilter)); }); services.AddScoped<PermissionFilter>(); return RegisterAutofac(services); }
3、登陆接口允许匿名登陆
/// <summary> /// 登陆 /// </summary> /// <param name="loginModel"></param> /// <returns></returns> [AllowAnonymous] [HttpPost] public IActionResult Post([FromBody]LoginModel loginModel) { try { string url =configuration["HttpRequestUrl.Report"] +"api/UserReport/login"; string parm = JsonConvert.SerializeObject(new {name=loginModel.Name,pwd=loginModel.Pwd}); string r = GWHomeReport.Util.HttpRequest.HttpPost(url, parm); if (string.IsNullOrWhiteSpace(r)) { return Ok(new {Ok=false,Error="用户名不存在或者密码错误!"}); } var sysUserInfo = JsonConvert.DeserializeObject<SysUserInfo>(r); string _token = Guid.NewGuid().ToString("N"); sysUserInfo.Token = _token; if (sysUserInfo.Power == 1) sysUserInfo.CurrentAdmDivCode = sysUserInfo.AdmDivCode.Substring(0, 2); else if(sysUserInfo.Power == 2) sysUserInfo.CurrentAdmDivCode = sysUserInfo.AdmDivCode.Substring(0,4); var user = new SysUserInfo { Name = "admin", Token = _token }; string _key = Model.Util.GetRedis("token", _token); cache.Insert(_key, sysUserInfo, DateTime.Now.AddHours(2)); #region 获取用户子部门 string getChildUnitUrl = configuration["HttpRequestUrl.Report"] + "api/sys/childunit"; string getChildUnitParam = JsonConvert.SerializeObject(new { UnitCode= sysUserInfo.UnitCode }); string childUnitStr = GWHomeReport.Util.HttpRequest.HttpPost(getChildUnitUrl, parm); string _childUnitKey = Model.Util.GetRedis("childunit", sysUserInfo.Name, sysUserInfo.UnitCode); cache.Insert(_childUnitKey, childUnitStr, DateTime.Now.AddHours(2)); #endregion return Ok(new { Ok=true,Data= sysUserInfo }); } catch (Exception ex) { logger.LogError(ex.Message); } return NoContent(); }
4.1、前端代码-登陆,写入cookie
$(function () { $("#btnSubmit").on("click", function () { var name = $("#name").val(); var pwd = $("#pwd").val(); var data = { Name: name, Pwd: pwd }; var url = commonData.rqDomain + "api/login"; $("#loginMsg").text(""); if ($.trim(name) == "" || $.trim(pwd) == "") { $("#loginMsg").text("用户名或者密码不能为空!"); return; } AjaxPostData(url, data, function (data) { if (data && data.Ok && data.Data) { window.location.href = "index.html"; $.cookie(commonData.cookieName, JSON.stringify(data.Data)); return; } var errorMsg = ""; if (data && !data.Ok) { errorMsg = data.Error; } $("#loginMsg").text(errorMsg); },true); }); $(document).keydown(function (event) { if (event.keyCode == 13) { $("#btnSubmit").click(); } }) })
function AjaxPostData(url, data, callback) { $.ajax({ type: "post", url: url, data: JSON.stringify(data), dataType: "json", contentType: "application/json", success: function (data, status) { console.log(data); if (status == 401 || status == 403) { window.location.href = "login.html"; return; } callback(data); }, error: function (err) { if (err.status == 401 || err.status == 403) { window.location.href = "login.html"; return; } console.log(err); } }); }
4.2、请求接口
function AjaxCheckIsLogin() { url = commonData.rqDomain + "api/login/checkislogin"; $.ajax({ type: "get", url: url, beforeSend: function (xhr) { try { var u = commonData.currentUser(); if (!u || !u.Token) { window.location.href = "login.html"; return; } xhr.setRequestHeader("Authorization", "BasicAuth " + u.Token); } catch (e) { window.location.href = "login.html"; } }, xhrFields: { withCredentials: true }, crossDomain: true, contentType: "application/json", success: function (data) { if (!data || !data.Ok) window.location.href = "login.html"; }, error: function (err) { if (err.status == 401 || err.status == 403) { window.location.href = "login.html"; return; } console.log(err); } }); }
var commonData = { rqDomain: 'http://localhost:5003/', echartTheme: [{ dark: "theme-dark", backgroundColor: "#242640" }], currentUser: function () { try { var uStr = $.cookie(commonData.cookieName); if (uStr) { return JSON.parse(uStr); } } catch (e) { } return { CurrentAdmDivCode:""}; }, cookieName:'gwhbduserinfo' };
浙公网安备 33010602011771号