using Core.Web.WebHelper; using Core.Web.WebHelper.UserRight; using CRM.Core.BLL.Base; using CRM.Core.BLL.Util; using CRM.Core.Common.WebHelper; using CRM.Core.DTO; using CRM.Core.Model.Entity; using CRM.Core.Model.Enum; using CRM.Core.Model.QueryModels; using System; using System.Collections.Generic; using System.Configuration; using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.Security; using System.Web.Util; using WX.CRM.Common; using static CRM.Core.Model.QueryModels.SSORequest; namespace Core.Web.Controllers { public class AccountSSOController : Controller { CACHE_BL _cacheQ = new CACHE_BL(); BAS_INNERUSER_BL user_dal = new BAS_INNERUSER_BL(); // GET: Account public ActionResult LogOn() { return View(); } [HttpGet] public ActionResult LogOn(string returnUrl) { this.ViewBag.ReturnUrl = returnUrl; var ssoUrl = System.Configuration.ConfigurationManager.AppSettings["SSOUrl"]; if (string.IsNullOrEmpty(ssoUrl)) { int int_error = _cacheQ.GetValue_Parameter(Parameter.Sys_Environment_LogOn).GetInt(1); if (Session["LogOnErrorNum"] != null && (int)Session["LogOnErrorNum"] >= int_error) { ViewBag.ShowSnCode = true; } return this.RedirectByAuthentication(returnUrl); } else { var authority = getAuthorityUrl(HttpContext.Request); var reUrl = new Uri($"http://{authority}{returnUrl}"); var col = Utility.GetQueryString(reUrl.Query); if (col == null || col.Count == 0) { col = Utility.GetQueryString(HttpContext.Request.Url.Query); } var authToken = col["authToken"]; var appid = System.Configuration.ConfigurationManager.AppSettings["appid"]; if (!string.IsNullOrEmpty(authToken)) { var url = $"{ssoUrl}/v1/api/open/sso/token"; var param = new { appId = appid, grantType = 1, token = authToken }; var result = Utility.PostAjaxData(url, JsonHelper.ObjDivertToJson(param), System.Text.Encoding.UTF8); var response = JsonHelper.JsonDivertToObj>(result); if (response != null && response.Ret == 0) { if (response.Data != null && !string.IsNullOrEmpty(response.Data.EmployeeId)) { var user = this.user_dal.GetModelByEid(decimal.Parse(response.Data.EmployeeId)); if (user != null) { if (!int.TryParse(response.Data.ExtensionNumber, out int extensionNumber)) { user.map_FJH = null; } else { user.map_FJH = extensionNumber; } //string appSecret = ConfigurationManager.AppSettings["appSecret"].ToString(); //mytokenKey = Utility.EncryptMD5(appSecret + "@" + encTicket);//md5 //RedisString rdb = new RedisString(mytokenKey); //TimeSpan span = new TimeSpan(1, 0, 0, 0, 0);//保留1天 //if (rdb.Set(encTicket, span)) //{//设置Redis, 可以考虑在加密 // //mytokenKey = Utility.; //} HttpContext.Response.Cookies.Add(new HttpCookie("AuthToken", response.Data.AccessToken)); HttpContext.Response.Cookies.Add(new HttpCookie("refreshToken", response.Data.refreshToken));//刷新token HttpContext.Response.Cookies.Add(new HttpCookie("expireTime", response.Data.ExpireTime));//过期时间 return RedirectToMain(user.PKID, user.EID, returnUrl, user.PASSWORD, user.map_FJH); } else { return UnAuthorized("查无此用户"); } } } } return this.RedirectByAuthentication(returnUrl); } } [HttpPost] public ActionResult LogOn(BAS_INNERUSER user, string returnUrl, string RememberMe) { this.ViewBag.ReturnUrl = returnUrl; try { //ModelState.Clear(); // ModelState.Remove("map_PASSWORD"); //user.map_CPASSWORD = user.map_PASSWORD; ModelState.Remove("map_PASSWORD3"); ModelState.Remove("map_PASSWORD2"); ModelState.Remove("map_PASSWORD"); ModelState.Remove("map_CPASSWORD"); ModelState.Remove("map_CPASSWORD2"); ModelState.Remove("map_SnCode"); //if (ModelState.IsValid) //{ if (Session["LogOnErrorNum"] != null && (Session["ValidateCode"] == null || user.map_SnCode == null || user.map_SnCode.ToUpper() != Session["ValidateCode"].ToString())) { this.ViewBag.LogOnError = "验证码错误!"; } else { //Bas_inneruserModel getuser = null; string error = string.Empty; int userId = 0; bool success = this.user_dal.ValidateUser(user.EID, user.PASSWORD, out error, out userId); if (success) { Session["LogOnErrorNum"] = null; //remenberMe(user.EID, user.PASSWORD, RememberMe); return RedirectToMain(userId, user.EID, returnUrl, user.PASSWORD); } else { if (Session["LogOnErrorNum"] == null) Session["LogOnErrorNum"] = 1; else { Session["LogOnErrorNum"] = (int)Session["LogOnErrorNum"] + 1; } this.ViewBag.LogOnError = error; } } int int_error = _cacheQ.GetValue_Parameter(Parameter.Sys_Environment_LogOn).GetInt(1);//出错多少次就 需要验证码 if (Session["LogOnErrorNum"] != null && (int)Session["LogOnErrorNum"] >= int_error) { ViewBag.ShowSnCode = true; } Session["ValidateCode"] = null; //} //else //{ // this.ViewBag.LogOnError = "验证不通过"; //} } catch (Exception ex) { this.ViewBag.LogOnError = ex.Message; LogHelper.Error("AccountController:" + ex.ToString()); } return View(user); } private ActionResult RedirectToMain(int userId, int EID, string returnUrl, string password, int? fjh = null) { string[] userrights = { }; LoginHelper login = new LoginHelper(); decimal logPkId = login.CreateLoginLog(userId, EID, 0); string userinfo = login.setUserinfo(userId, EID, fjh, logPkId, ref userrights);//设置登陆这的所有信息 string encTicket = login.SetCookie(userId.ToString(), false, userinfo); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); cookie.Expires = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day).AddDays(1); this.Response.Cookies.Add(cookie); //写入认证信息 //GenericPrincipal prin = new GenericPrincipal(this.HttpContext.User.Identity, userinfo.userRightId); //this.HttpContext.User = prin; if (userrights != null && userrights.Count() > 0) { //存入缓存 string userInfoCache = "Cache_UserInfo_" + userId.ToString(); CacheHelper.Set(userInfoCache, userrights); int checkpwd = Utility.PasswordStrength(password); if (checkpwd > 0) { return Redirect("/Base/Account/simplePwd?type=" + checkpwd); } else { if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return this.RedirectToAction("Index", "Home"); } } } else { return this.RedirectToAction("Index", "Home"); //return this.RedirectToAction("NoRightView", "Error"); } } [NonAction] private ActionResult RedirectByAuthentication(string returnUrl) { if (this.HttpContext.Request.IsAuthenticated) { // 如果已经登录 if (!string.IsNullOrEmpty(returnUrl)) { // 跳转到前一个访问的页面 return this.Redirect(returnUrl); } else { // 跳转到首页 return this.RedirectToAction("Index", "Home"); } } else { BAS_INNERUSER user = null; // return View(user); // SSO跳转 var ssoUrl = System.Configuration.ConfigurationManager.AppSettings["SSOUrl"]; var appid = System.Configuration.ConfigurationManager.AppSettings["appid"]; if (string.IsNullOrEmpty(ssoUrl)) { LogHelper.Error("请配置SSO地址,未配置地址无法使用功能!"); return View(user); } Session["AuthToken"] = null; var authority = getAuthorityUrl(HttpContext.Request); var uri = $"http://{authority}/accountsso/logOn?returnUrl={returnUrl}"; var url = $"{ssoUrl}/v1/api/open/sso/authorize?appid={appid}&&redirect={HttpUtility.UrlEncode(uri)}"; return Redirect(url); } } /// /// 随机生成验证码 /// /// public ActionResult GetValidateCode() { Session["ValidateCode"] = null; SnCodeHelper code = new SnCodeHelper(); //生成随机数字 string codeStr = Utility.CreateRandomSatl(5); //保存在session 用于验证正确用 Session["ValidateCode"] = codeStr.ToUpper(); //生成图片 byte[] bytes = code.CreateValidateImage(codeStr); return File(bytes, @"image/gif"); } [HttpGet] // [NonAction] public ActionResult LogOff() { string cacheKey = "Cache_UserInfo_" + this.HttpContext.User.Identity.Name; CacheHelper.Remove(cacheKey); Session["AuthorizeSession"] = null; FormsAuthentication.SignOut(); return RedirectToAction("LogOn", "Account"); } public ActionResult UnAuthorized(string type) { if (string.IsNullOrEmpty(type)) { return View(); } else { retMsg ret = new retMsg { result = false, retcode = 500, retmsg = "抱歉,您没有权限访问!" + type }; return Json(ret, JsonRequestBehavior.AllowGet); } } private String getAuthorityUrl(HttpRequestBase httpRequest) { if (httpRequest.Url.DnsSafeHost == "hg.soft.dn8188.com") { return HttpContext.Request.Url.DnsSafeHost; } String hostHeader = httpRequest.Headers.Get("HOST"); if(!string.IsNullOrEmpty(hostHeader)) { return hostHeader; } return httpRequest.Url.Authority; } } }