一:拦截对该服务器所有的http请求。
在config 中加,
<system.webServer> <modules> <add name="HttpAuthvalid" type="YGPT.Country.Auth.HttpAuthvalid"/> </modules> </system.webServer>
然后每次http请求都先进这个类(这个类需要继承
System.Web.IHttpModule
)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web;
using Newtonsoft.Json;
namespace YGPT.Country.Auth
{
/// <summary>
/// 权限验证
/// </summary>
public class HttpAuthvalid : System.Web.IHttpModule
{
public void Dispose()
{
//此处放置清除代码。
}
public void Init(HttpApplication context)
{
context.AcquireRequestState += new EventHandler(SystemProcess);
}
/// <summary>
/// 系统访问处理 (系统资源加载,权限验证等)
/// </summary>
void SystemProcess(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;// 获取应用程序
string url = application.Request.Url.AbsolutePath.ToString();// 获取Url
if (url == "/setToken")//如果是设置令牌
{
if (!string.IsNullOrEmpty(application.Context.Request["param"]))
{
HttpCookie cookie = application.Request.Cookies["YGPT_SESSIONID"];
if (cookie == null)
{
cookie = new HttpCookie("YGPT_SESSIONID");
}
//组合重置cookie 令牌
cookie.Value =
application.Context.Request["param"] +
YGPT.Country.Auth.EncryptDecrypt.AESEncrypt(YGPT.Country.Auth.Config.DesToValue + DateTime.Now.ToString("yyyyMMdd"), Config.DecryptKey);
cookie.HttpOnly = true;
cookie.Expires = DateTime.Now.AddDays(100);
application.Response.AppendCookie(cookie);
application.Response.Write("JsonpHandler({\"result\":\"1\"})");//成功
application.Response.End();
return;
}
else
{
application.Response.Write("JsonpHandler({\"result\":\"0\"})");//失败
application.Response.End();
return;
}
}
if (application.Request.Cookies["YGPT_SESSIONID"] == null || string.IsNullOrEmpty(application.Request.Cookies["YGPT_SESSIONID"].Value))
{
application.Response.Redirect(YGPT.Country.Auth.Config.TimeOutUrl);//跳转到超时页面
application.Response.End();
return;
}
//string PermisWeburl = System.Configuration.ConfigurationManager.AppSettings["PermisWeburl"];
//string[] pweburls = PermisWeburl.Split(‘,‘);
//for (int i = 0; i < pweburls.Length; i++)
//{
// if (url.Contains(pweburls[i]))//登录超时 没权限不做验证
// {
// return;
// }
//}
if (System.Configuration.ConfigurationManager.AppSettings["workingmode"] != "deve")
{
if (url.IndexOf(".aspx") >= 0)//页面权限
{
User myuser = CurrentUser.GetUser();
if (myuser.UserID.ToUpper() == "ADMIN")
{
return;
}
/*验证页面权限*/
YGPT.Country.Auth.SystypeValue sv = new SystypeValue();
sv.SysType = Config.SystemType;
sv.ValueName = url;
if (myuser.PageHandButton.PageCollect.Contains(sv))
{
///跳转到无权限页面
CurrentUser.Goto_NoPermission();
}
}
else if (url.IndexOf(".ashx") >= 0)//http请求权限
{
User myuser = CurrentUser.GetUser();
application.Response.ContentType = "text/plain";
application.Response.Buffer = true;
application.Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
application.Response.AddHeader("pragma", "no-cache");
application.Response.AddHeader("cache-control", "");
application.Response.CacheControl = "no-cache";
if (CurrentUser.Userid.ToUpper() == "ADMIN")
{
return;
}
//验证请求权限
////数据处理必须包含 req 参数
if (string.IsNullOrEmpty(application.Context.Request["req"]))
{
///跳转到无权限页面
application.Response.Write(JsonConvert.SerializeObject("NoPermission"));
application.Response.End();
}
string UrlAndQu = url + "?req=" + application.Context.Request["req"];
YGPT.Country.Auth.SystypeValue sv = new SystypeValue();
sv.SysType = Config.SystemType;
sv.ValueName = UrlAndQu;
if (myuser.PageHandButton.PageCollect.Contains(sv))
{
///返回无权限信息
application.Response.Write(JsonConvert.SerializeObject("NoPermission"));
application.Response.End();
return;
}
}
}
}
public void OnLogRequest(Object source, EventArgs e)
{
//可以在此放置自定义日志记录逻辑
}
}
}
时间: 2024-10-09 04:47:43