投稿

YbSoftwareFactory 代码生成插件【十三】:Web API 的安全性

优速盾-小U 行业资讯 阅读 415

private bool AuthorizeRequest(HttpRequestMessage request)
        {
            //匿名用户的权限验证
            AuthenticationHeaderValue authValue = request.Headers.Authorization;

            //Base Authenticated 是否无效
            var isNotValidatedBaseAuthenticated = authValue == null
                                        || string.IsNullOrWhiteSpace(authValue.Parameter)
                                        || string.IsNullOrWhiteSpace(authValue.Scheme)
                                        || authValue.Scheme.Equals(BasicAuthResponseHeaderValue);
            //客户端授权标记 有效,则创建Principal并附加到HttpContext.Current.User
            if (!isNotValidatedBaseAuthenticated)
            {
                string[] parsedHeader = ParseAuthorizationHeader(authValue.Parameter);
                if (parsedHeader != null)
                {
                    IPrincipal principal = null;
                    if (TryCreatePrincipal(parsedHeader[0], parsedHeader[1], out principal))
                    {
                        HttpContext.Current.User = principal;
                    }
                }
            }

            //HttpContent未授权,则检查匿名用户的权限
            if (!HttpContext.Current.User.Identity.IsAuthenticated)
            {
                string roleKey = string.Format(CacheKeyList.PERMISSION_ROOT_BY_ROLE_KEY, EveryOne);
                var permissionKeys = _cacheManager.Get(roleKey, () =>
                {
                    var permissionsOfEveryOne = PermissionApi.GetPermissionsInRole(EveryOne);
                    if (permissionsOfEveryOne == null || permissionsOfEveryOne.Length == 0)
                        return new string[] { };
                    var list = permissionsOfEveryOne.Select(c => c.PermissionKey).ToArray();
                    return list;
                });

                return CheckPermission(request, permissionKeys);
            }
            
            //未设置权限Key,则任何已授权用户均可访问
            if (string.IsNullOrWhiteSpace(PermissionKey)) return true;

            //登录用户的权限验证
            string userKey = string.Format(CacheKeyList.PERMISSION_CHILDREN_BY_USER_KEY, HttpContext.Current.User.Identity.Name);
            var allowPermissionKeys = _cacheManager.Get(userKey, () =>
            {
                var permissions = PermissionApi.GetPermissionsForUser();
                if (permissions == null || permissions.Length == 0)
                    return new string[] { };
                var list = permissions.Select(c => c.PermissionKey).ToArray();
                return list;
            });

            return CheckPermission(request, allowPermissionKeys);
        }
private string[] ParseAuthorizationHeader(string authHeader)
        {
            string[] credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader)).Split(new[] {:});
            if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0]) || string.IsNullOrEmpty(credentials[1]))
                return null;
            return credentials;
        }

原文链接:https://www.cnblogs.com/gyche/p/3106311.html

原创文章,作者:优速盾-小U,如若转载,请注明出处:https://www.cdnb.net/bbs/archives/17546

(0)
优速盾-小U优速盾-小U
0 0
上一篇 2023年1月12日
下一篇 2023年1月12日

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

优速盾注册领取大礼包www.cdnb.net
/sitemap.xml