using Pcb.Business;
|
using Pcb.Common;
|
using Pcb.Common.Enum;
|
using System.Net.Http;
|
using System.Web.Http.Filters;
|
|
namespace Pcb.Api.Infrastructures
|
{
|
/// <summary>
|
/// Token验证拦截器
|
/// </summary>
|
public class UserTokenAttribute : AuthorizationFilterAttribute
|
{
|
/// <summary>
|
/// 用户验证
|
/// </summary>
|
/// <param name="actionContext"></param>
|
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
|
{
|
base.OnAuthorization(actionContext);
|
var crt = System.Web.HttpContext.Current;
|
var userid = crt.Request["UserId"].ToInt2();
|
if (userid==0)
|
{
|
goto ErrorResult;
|
}
|
var stoken = (string)crt.Session["Token"];
|
if (string.IsNullOrEmpty(stoken))
|
{
|
var utk = new UserBiz().GetUserToken(userid);
|
if (utk == null) { goto ErrorResult; }
|
stoken = utk.Token;
|
crt.Session["Token"] = stoken;
|
}
|
var tk = crt.Request["TmTk"];
|
var vc = crt.Request["VerifyCode"];
|
//LogHelper.Info("$$$$:userid=" + userid + ",stoken=" + stoken + ",tk=" + tk + ",vc=" + vc + ",svvc=" + EncryptUtils.MD5Encrypt(tk + stoken, false));
|
if (!vc.Equals(EncryptUtils.MD5Encrypt(tk + stoken, false)))
|
{
|
goto ErrorResult;
|
}
|
return;
|
|
ErrorResult:
|
actionContext.Response = AppResponseMessageHelper.OK(EnumApiStatusCode.Fail, "无权限访问");
|
}
|
|
private HttpResponseMessage Response(string content)
|
{
|
return new HttpResponseMessage() { StatusCode = System.Net.HttpStatusCode.Unauthorized, Content = new StringContent(content) };
|
}
|
}
|
}
|
