MVC 登陆鉴权
2024-09-04 13:07:32
public ActionResult Login(string data)
{
var _params = JsonConvert.DeserializeAnonymousType(data, new { userName = "", password = "" });
string userIdMd5 = _params.userName.Md5Sign();//查询UserId,需加密
string token = Guid.NewGuid().ToString();//token,用于加密
if (RedisHelper.Get(userIdMd5) == null)//写入缓存
{
RedisHelper.Set(userIdMd5, new { token, _params.userName, _params.password }, TimeSpan.FromMinutes());
}
else
{
token = JsonConvert.DeserializeAnonymousType(RedisHelper.Get(userIdMd5), new { token }).token;
}
Response.Cookies.Add(new HttpCookie("userIdMd5", userIdMd5));
return Json(new { token });//返回Token
}
using cpf360.Common;
using cpf360.DTO;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc; namespace HanLiPrj.Filter
{
public class NeedLoginAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.Request.Cookies.AllKeys.Contains("userIdMd5") || RedisHelper.Get(httpContext.Request.Cookies["userIdMd5"].Value) == null)
{
httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code=, message = "请登录" }));
return false;
} string userInfo = RedisHelper.Get(httpContext.Request.Cookies["userIdMd5"].Value);
string token = JsonConvert.DeserializeAnonymousType(userInfo, new { token = "" }).token;
if (!httpContext.Request.QueryString.AllKeys.Contains("sign") || !httpContext.Request.QueryString.AllKeys.Contains("timespan"))
{
httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code = , message = "请加权" }));
return false;
}
if ((DateTime.Now - httpContext.Request.QueryString["timespan"].ToDateTime()).TotalSeconds > )
{
httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code = , message = "请求超时" }));
return false;
}
string method = httpContext.Request.HttpMethod;
string data = "";
if (method == "GET")
{
IDictionary<string, string> parameters = new Dictionary<string, string>();
for (int f = ; f < httpContext.Request.QueryString.AllKeys.Count(); f++)
{
string key = httpContext.Request.QueryString.AllKeys[f];
if (key == "sign") continue;
parameters.Add(key, httpContext.Request.QueryString[key]);
} // 第二步:把字典按Key的字母顺序排序
IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters);
IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator(); // 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
}
else if (method == "POST")
{
data = httpContext.Request.Form["data"] + httpContext.Request.QueryString["timespan"];
}
var md5String = (data + token).Md5Sign();
if (md5String != httpContext.Request.QueryString["sign"])
{
httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code = , message = "请加权" }));
return false;
} RedisHelper.Remove(httpContext.Request.Cookies["userIdMd5"].Value);//清除缓存
RedisHelper.Set(httpContext.Request.Cookies["userIdMd5"].Value, userInfo, TimeSpan.FromMinutes());//延长缓存时间
return true;
}
}
}
最新文章
- BZOJ 3289: Mato的文件管理[莫队算法 树状数组]
- 安卓app设计规范整理和Android APP设计篇(转)
- ACM2123(一个简单的问题)
- javascript 数组 排除null, undefined, 和不存在的元素
- 从类的继承看socketserver源码
- 奔小康赚大钱(km)
- Sql SUBSTR函数
- linux下使用select实现精确定时器
- SOCKET网络编程细节问题1
- 网络信息安全攻防学习平台 上传,解密通关writeup
- input输入框限制输入正整数、小数、字母、文字
- EBS开发技术之Patch安装
- uclibc,eglibc,glibc,Musl-libc之间的区别和联系
- hdu 4825 && acdream 1063 01字典树异或问题
- 【mongo】可以用localhost启动,无法用ip启动问题的解决
- 队列&广搜
- DNS之BIND使用小结(Forward转发)
- C++ error LNK2001
- ORA-12638: 身份证明检索失败 的解决办法
- SpringMVC中@RestController的用法