asp.net MVC 通用登入驗證模組
阿新 • • 發佈:2019-01-09
原文:
asp.net MVC 通用登入驗證模組
用法:
還是希望讀者把原始碼看懂,即可運用自如。重點是,為什麼有個UserType!!!
登入使用者資訊:
namespace MVCCommonAuth { [Serializable] public class LoginUser { private const string DESKEY = "12345678"; public int ID { get; set; } public string UserName { get; set; }public string Roles { get; set; } public DateTime Expires { get; set; } public readonly static string CookieNamePrefix = "authcookie"; public void Login(string userType, string domain = null, string path = null) { var keyName = CookieNamePrefix + userType;var json = JsonConvert.SerializeObject(this); var value = EncryptString(json, DESKEY); HttpCookie cookie = new HttpCookie(keyName, value); cookie.Expires = Expires; if (!string.IsNullOrWhiteSpace(domain)) { cookie.Domain= domain; } if (path != null) { cookie.Path = path; } HttpContext.Current.Items[keyName] = this; HttpContext.Current.Response.Cookies.Add(cookie); } /// <summary> /// 從cookie讀取使用者資訊 /// </summary> /// <param name="cookieName"></param> private static LoginUser BuildUser(string keyName) { var cookie = HttpContext.Current.Request.Cookies[keyName]; if (cookie != null && !string.IsNullOrEmpty(cookie.Value)) { try { var json = DecryptString(cookie.Value, DESKEY); var loginuser = JsonConvert.DeserializeObject<LoginUser>(json); if (loginuser != null) { if (loginuser.Expires >= DateTime.Now) { return loginuser; } } } catch { //do nothing } } return null; } public static LoginUser GetUser(string userType) { var keyName = CookieNamePrefix + userType; if (!HttpContext.Current.Items.Contains(keyName)) { var user = BuildUser(keyName); HttpContext.Current.Items[keyName] = user; return user; } else { return HttpContext.Current.Items[keyName] as LoginUser; } } public static int GetUserID(string userType) { var user = GetUser(userType); if (user != null) return user.ID; return 0; } /// <summary> /// 退出cookie登入 /// </summary> public static void Logout(string userType) { var keyName = CookieNamePrefix + userType; HttpCookie cookie = new HttpCookie(keyName, string.Empty); cookie.Expires = DateTime.Now.AddMonths(-1); HttpContext.Current.Response.Cookies.Add(cookie); } #region 字串加密 /// <summary> /// 利用DES加密演算法加密字串(可解密) /// </summary> /// <param name="plaintext">被加密的字串</param> /// <param name="key">金鑰(只支援8個位元組的金鑰)</param> /// <returns>加密後的字串</returns> private static string EncryptString(string plaintext, string key) { //訪問資料加密標準(DES)演算法的加密服務提供程式 (CSP) 版本的包裝物件 DESCryptoServiceProvider des = new DESCryptoServiceProvider(); des.Key = ASCIIEncoding.ASCII.GetBytes(key); //建立加密物件的金鑰和偏移量 des.IV = ASCIIEncoding.ASCII.GetBytes(key); //原文使用ASCIIEncoding.ASCII方法的GetBytes方法 byte[] inputByteArray = Encoding.Default.GetBytes(plaintext);//把字串放到byte陣列中 MemoryStream ms = new MemoryStream();//建立其支援儲存區為記憶體的流 //定義將資料流連結到加密轉換的流 CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); //上面已經完成了把加密後的結果放到記憶體中去 StringBuilder ret = new StringBuilder(); foreach (byte b in ms.ToArray()) { ret.AppendFormat("{0:X2}", b); } ret.ToString(); return ret.ToString(); } /// <summary> /// 利用DES解密演算法解密密文(可解密) /// </summary> /// <param name="ciphertext">被解密的字串</param> /// <param name="key">金鑰(只支援8個位元組的金鑰,同前面的加密金鑰相同)</param> /// <returns>返回被解密的字串</returns> private static string DecryptString(string ciphertext, string key) { try { DESCryptoServiceProvider des = new DESCryptoServiceProvider(); byte[] inputByteArray = new byte[ciphertext.Length / 2]; for (int x = 0; x < ciphertext.Length / 2; x++) { int i = (Convert.ToInt32(ciphertext.Substring(x * 2, 2), 16)); inputByteArray[x] = (byte)i; } des.Key = ASCIIEncoding.ASCII.GetBytes(key); //建立加密物件的金鑰和偏移量,此值重要,不能修改 des.IV = ASCIIEncoding.ASCII.GetBytes(key); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); //建立StringBuild物件,createDecrypt使用的是流物件,必須把解密後的文字變成流物件 StringBuilder ret = new StringBuilder(); return System.Text.Encoding.Default.GetString(ms.ToArray()); } catch (Exception) { return "error"; } } #endregion } }
Action驗證過濾器:
namespace MVCCommonAuth { [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] public class AuthFilterAttribute : ActionFilterAttribute { public AuthFilterAttribute() { } public AuthFilterAttribute(string roles,string userType) { this.Roles = roles; this.UserType = userType; } public bool Allowanonymous { get; set; } public string Roles { get; set; } public string Users { get; set; } public string UserType { get; set; } public sealed override void OnActionExecuting(ActionExecutingContext filterContext) { if (Allowanonymous) return; if (IsAuth()) return; UnauthorizedRequest(filterContext); } public sealed override void OnActionExecuted(ActionExecutedContext filterContext) { base.OnActionExecuted(filterContext); } public sealed override void OnResultExecuting(ResultExecutingContext filterContext) { base.OnResultExecuting(filterContext); } public sealed override void OnResultExecuted(ResultExecutedContext filterContext) { base.OnResultExecuted(filterContext); } private bool IsAuth() { var user = LoginUser.GetUser(UserType); if (user != null) { return AuthorizeCore(user.UserName, user.Roles); } else { return false; } } private void UnauthorizedRequest(ActionExecutingContext filterContext) { if (filterContext.HttpContext.Request.IsAjaxRequest()) UnauthorizedAjaxRequest(filterContext); else UnauthorizedGenericRequest(filterContext); } protected virtual bool AuthorizeCore(string userName, string userRoles) { var separator = new char[] { ',' }; var options = StringSplitOptions.RemoveEmptyEntries; if (!string.IsNullOrWhiteSpace(Users)) { return Users.Split(separator, options).Contains(userName); } if (!string.IsNullOrWhiteSpace(Roles)) { var allowRoles = Roles.Split(separator, options); var hasRoles = userRoles.Split(separator, options); foreach (var role in hasRoles) { if (allowRoles.Contains(role)) { return true; } } return false; } return true; } protected virtual void UnauthorizedGenericRequest(ActionExecutingContext filterContext) { //根據Roles、Users、UserType資訊分別跳轉 filterContext.Result = new RedirectResult("/Account/login?returnurl=" + filterContext.HttpContext.Request.Url.PathAndQuery); } protected virtual void UnauthorizedAjaxRequest(ActionExecutingContext filterContext) { var acceptTypes = filterContext.HttpContext.Request.AcceptTypes; if (acceptTypes.Contains("*/*") || acceptTypes.Contains("application/json")) { filterContext.Result = new JsonResult { Data = new { code = 0, msg = "nologin" }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } else { filterContext.Result = new ContentResult { Content = "nologin" }; } } } }