SlickOne 敏捷开发框架介绍(二) -- 多用户/多租户/SAAS软件基础框架实现 - 分析设计

TOP

SlickOne 敏捷开发框架介绍(二) -- 多用户/多租户/SAAS软件基础框架实现(二)

2019-09-17 18:56:11 【大中小】浏览:65次

2.4 登录验证后的票据存储

用户登录之后，需要将其基本身份信息和关联的角色或权限数据存储下来。而且作为前后端分离的系统，服务端需要使用这些票据数据，前端也需要通过Cookie对象访问用户信息，作为权限控制的审核来源。

 //create form ticket
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, loginName, DateTime.Now, DateTime.Now.AddMinutes(240),
                true, userDataContent, FormsAuthentication.FormsCookiePath);

            string ticString = FormsAuthentication.Encrypt(ticket);

            //write cookies in response
            //SetAuthCookie mark identity status true
            HttpContext.Current.Response.Cookies.Add(new HttpCookie("SlickOneWebCookie", ticString));

3. Mvc页面及WebAPI安全访问

3.1 Mvc页面授权访问

页面控制器统一继承于页面基类，基类中重载方法OnActionExecuting()，读取用户身份信息，并存储到Session对象，如果是非授权用户，则跳转到登录页面。代码示例如下：

/// <summary>
        /// Authentication Verify When Action Executing
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var attr = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true);
            bool isAnonymous = attr.Any(a => a is AllowAnonymousAttribute);
            if (isAnonymous == false)
            {
                var session = filterContext.HttpContext.Session;
                this.SessionManager.SetSession(session);

                var user = this.SessionManager.GetLogonUser() as WebLogonUser;
                if (user == null)
                {
                    var webCookie = base.Request.Cookies["SlickOneWebCookie"];
                    if (webCookie != null && !string.IsNullOrEmpty(webCookie.Value))
                    {
                        var encryptTicket = webCookie.Value;
                        SaveUserSession(encryptTicket);
                    }
                    else
                    {
                        //Not a Valid Logon User, Need To Be Login Agagin
                        var formRedirectUrl = WebConfigurationManager.AppSettings["FormAuthenticationRedirectUrl"].ToString();
                        string url = string.Format("{0}?ReturnUrl={1}", formRedirectUrl, Request.RawUrl);
                        filterContext.HttpContext.Response.Redirect(url, true);
                    }
                }
            }
            base.OnActionExecuting(filterContext);
        }

3.2 WebAPI 接口安全访问

WebAPI控制器增加属性过滤器，用于验证是否是授权访问的接口，其中需要从Cookie中读取票据信息，验证审核用户是否是合法授权用户。

/// <summary>
        /// check authorizaton information when action executing
        /// </summary>
        /// <param name="actionContext"></param>
        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            //get authentication cookie from request
            var authCookie = actionContext.Request.GetCookie("SlickOneWebCookie");
            if (!String.IsNullOrEmpty(authCookie))
            {
                //decrypted user ticket information
                if (ValidateUserTicket(authCookie))
                    base.OnActionExecuting(actionContext);
                else
                    actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
            }
            else
            {
                //verify webapi security setting
                bool isRquired = (WebConfigurationManager.AppSettings["WebApiSecurityEnabled"].ToString() == "true");
                if (isRquired)
                {
                    //check anonymous attribute
                    var attr = actionContext.ActionDescriptor.GetCusto

首页上一页 1 2 3 下一页尾页 2/3/3
【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】

上一篇：spring boot实现ssm(1)功能	下一篇：理论篇：关注点分离(Separation o..