public ActionResult Login(string data) { var _params = JsonConvert.DeserializeAnonymousType(data, new { userName = "", password = "" }); string userIdMd5 = _params.userName.Md5Sign();//查询UserId,需加密 string token = Guid.NewGuid().ToString();//token,用于加密 if (RedisHelper.Get(userIdMd5) == null)//写入缓存 { RedisHelper.Set(userIdMd5, new { token, _params.userName, _params.password }, TimeSpan.FromMinutes(20)); } else { token = JsonConvert.DeserializeAnonymousType(RedisHelper.Get(userIdMd5), new { token }).token; } Response.Cookies.Add(new HttpCookie("userIdMd5", userIdMd5)); return Json(new { token });//返回Token }
using cpf360.Common; using cpf360.DTO; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; namespace HanLiPrj.Filter { public class NeedLoginAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { if (!httpContext.Request.Cookies.AllKeys.Contains("userIdMd5") || RedisHelper.Get(httpContext.Request.Cookies["userIdMd5"].Value) == null) { httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code=1, message = "请登录" })); return false; } string userInfo = RedisHelper.Get(httpContext.Request.Cookies["userIdMd5"].Value); string token = JsonConvert.DeserializeAnonymousType(userInfo, new { token = "" }).token; if (!httpContext.Request.QueryString.AllKeys.Contains("sign") || !httpContext.Request.QueryString.AllKeys.Contains("timespan")) { httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code = 1, message = "请加权" })); return false; } if ((DateTime.Now - httpContext.Request.QueryString["timespan"].ToDateTime()).TotalSeconds > 300) { httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code = 1, message = "请求超时" })); return false; } string method = httpContext.Request.HttpMethod; string data = ""; if (method == "GET") { IDictionary<string, string> parameters = new Dictionary<string, string>(); for (int f = 0; f < httpContext.Request.QueryString.AllKeys.Count(); f++) { string key = httpContext.Request.QueryString.AllKeys[f]; if (key == "sign") continue; parameters.Add(key, httpContext.Request.QueryString[key]); } // 第二步:把字典按Key的字母顺序排序 IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters); IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator(); // 第三步:把所有参数名和参数值串在一起 StringBuilder query = new StringBuilder(); while (dem.MoveNext()) { string key = dem.Current.Key; string value = dem.Current.Value; if (!string.IsNullOrEmpty(key)) { query.Append(key).Append(value); } } data = query.ToString(); } else if (method == "POST") { data = httpContext.Request.Form["data"] + httpContext.Request.QueryString["timespan"]; } var md5String = (data + token).Md5Sign(); if (md5String != httpContext.Request.QueryString["sign"]) { httpContext.Response.Write(JsonConvert.SerializeObject(new OutputData { code = 1, message = "请加权" })); return false; } RedisHelper.Remove(httpContext.Request.Cookies["userIdMd5"].Value);//清除缓存 RedisHelper.Set(httpContext.Request.Cookies["userIdMd5"].Value, userInfo, TimeSpan.FromMinutes(20));//延长缓存时间 return true; } } }
