SSOController.cs
5.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
// ***********************************************************************
// <summary>
// 基础控制器
// 继承该控制器可以防止未登录查看
// 继承该控制器后,如果想访问控制器中存在,但模块配置里面没有的Action(如:Home/Git),请使用AnonymousAttribute
// </summary>
// ***********************************************************************
using System;
using System.Linq;
using Hh.Mes.Common.config;
using Hh.Mes.Common.log;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using WebRepository;
namespace WebApp
{
public class SSOController : Controller
{
public const string token = "Token";
public const string referer = "Referer";
public const string origin = "Origin";
public AuthStrategyContext authStrategyContext = null;
protected LoginInfo _loginInfo;
protected IAuth _authUtil;
private HttpRequest httpContext { get; set; }
public SSOController(IAuth authUtil)
{
_authUtil = authUtil;
authStrategyContext = _authUtil.GetCurrentUser();
if (authStrategyContext != null)
{
_loginInfo = new LoginInfo
{
Id = authStrategyContext.User.Id,
Account = authStrategyContext.User.Account,
Name = authStrategyContext.User.Name,
};
}
else
{
LoginResult(token);
}
}
/// <summary>
/// 会话丢失,跳转到登录页面
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
ActionBefore(filterContext);
}
public virtual ContentResult LoginResult(string falg)
{
var msg = "";
switch (falg)
{
case token:
msg = "Token登入失效,点击确定后将返回登入页面";
break;
case referer:
case origin:
msg = "安全检验不通过!";
break;
}
var js = $"alert('{msg}');parent.window.location.href = '/Login/Index'; ";
var Content = new ContentResult
{
Content = $"<script type='text/javascript'>{js}</script>",
ContentType = "text/html;charset=utf-8",
StatusCode = 200
};
return Content;
}
public void ActionBefore(ActionExecutingContext filterContext)
{
httpContext = filterContext.HttpContext.Request;
var temp = ConfigRead.GetInstance.GetAppsetConnection().ServerIPList;
var ServersIPList = temp.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList();
//验证Referer
string userReferer = filterContext.HttpContext.Request.Headers[referer];
if (string.IsNullOrEmpty(userReferer))
{
filterContext.Result = LoginResult(referer);
return;
}
if (!ServersIPList.Exists(t => userReferer.StartsWith("https://" + t)))
{
filterContext.Result = LoginResult(referer); ;
return;
}
//验证Origin
string userOrigin = filterContext.HttpContext.Request.Headers[origin];
if (string.IsNullOrEmpty(userOrigin))
{
if (filterContext.HttpContext.Request.Method != "GET" && filterContext.HttpContext.Request.Method != "HEAD")
{
filterContext.Result = LoginResult(origin); ;
return;
}
}
else
{
if (!ServersIPList.Exists(t => userOrigin.StartsWith("https://" + t)))
{
filterContext.Result = LoginResult(origin); ;
return;
}
}
if (AopAllowed())
{
base.OnActionExecuting(filterContext);
return;
}
//验证Cookies
string userToken = filterContext.HttpContext.Request.Cookies[token];
if (string.IsNullOrEmpty(userToken) || _loginInfo == null)
{
filterContext.Result = LoginResult(token);
return;
}
if (_authUtil.CheckLogin(userToken) == false)
{
filterContext.Result = LoginResult(token);
return;
}
base.OnActionExecuting(filterContext);
}
/// <summary>
/// 当前url 是否匹配 忽略拦截的 配置路径
/// </summary>
/// <returns></returns>
private bool AopAllowed()
{
var allowedUrl = ConfigRead.GetInstance.GetAppsetConnection().allowed;
if (allowedUrl == null || allowedUrl.Length == 0) return false;
var url = httpContext.Path.Value;
return allowedUrl.Any(item => url.IndexOf(item, StringComparison.Ordinal) > -1);
}
}
}