你的位置:主页 > 赛场实况 >

单点登录(二):功用完成详解

2020-04-03 | 人围观

  using System;

  using System.Linq;

  using System.Threading.Tasks;

  using Microsoft.Owin.Security;

  using Microsoft.Owin.Security.Infrastructure;

  using sso.Ticket;

  using sso.Utils;

  namespace sso.Authentication

  {

  internal class SsoAuthenticationHandler : AuthenticationHandler

  {

  protected override async Task AuthenticateCoreAsync()

  {

  string requestCookie= Context.Request.Cookies[Options.CookieName];

  if (requestCookie.IsNullOrWhiteSpace()) return null;

  TicketInfo ticketInfo;

  if (Options.SessionStore !=null)

  {

  ticketInfo =await Options.SessionStore.RetrieveAsync(requestCookie);

  if (!CheckAllowHost(ticketInfo)) return null;

  //假设超越一半的有效期,则刷新

  DateTime now= DateTime.Now;

  DateTime issuedTime =ticketInfo.LastRefreshTime ticketInfo.CreationTime;

  DateTime expireTime = ticketInfo.ExpireTime;

  TimeSpan t1 =now - issuedTime;

  TimeSpan t2 =expireTime - now;

  if (t1 > t2)

  {

  ticketInfo.LastRefreshTime = now;

  ticketInfo.ExpireTime =now.Add(t1 + t2);

  await Options.SessionStore.RenewAsync(requestCookie, ticketInfo);

  }

  }

  else

  {

  //未启用散布式存储器,需求前端按时恳求刷新token

  ticketInfo= Options.TicketInfoProtector.UnProtect(requestCookie);

  if (!CheckAllowHost(ticketInfo)) return null;

  }

  if (ticketInfo !=null && !ticketInfo.UserId.IsNullOrWhiteSpace())

  {

  var identity= ticketInfo.ToClaimsIdentity();

  AuthenticationTicket ticket =new AuthenticationTicket(identity, new AuthenticationProperties());

  return ticket;

  }

  return null;

  }

  protected override Task ApplyResponseChallengeAsync()

  {

  if (Response.StatusCode !=401 || Options.LoginPath.IsNullOrWhiteSpace())

  {

  return Task.FromResult(0);

  }

  var loginUrl=$"{Options.LoginPath}?{Options.ReturnUrlParameter}={Request.Uri}";

  Response.Redirect(loginUrl);

  return Task.FromResult(null);

  }

  private bool CheckAllowHost(TicketInfo ticketInfo)

  {

  var claim=ticketInfo.Claims.FirstOrDefault(p=> p.Name== SsoClaimTypes.AllowHosts);

  if (claim==null) return false;

  var allowHosts=claim.Value.Split(",", StringSplitOptions.RemoveEmptyEntries);

  return allowHosts.Contains(Request.Host.ToString());

标签:

相关内容推荐:

Top