在system.serviceModel的client中添加endpoint节点,设置名称、地址、bingding类型、contract契约,并使用behaviorConfiguration传递用户信息。

<endpoint name="名称" address="http://test.svc" binding="basicHttpBinding" contract="契约" behaviorConfiguration="IdentityTransfer"/>

IdentityTransfer在behaviors的endpointBehaviors中添加。

<behavior name="IdentityTransfer">
        <IdentityClientTransfer/>
</behavior>

IdentityClientTransfer是自定义的扩展处理,在extensions中说明:

<behaviorExtensions>
        <add name="IdentityClientTransfer" type="命名空间.IdentityClientTransferBehavior, 程序集"/>
</behaviorExtensions>

以下直接帖相关的Class:

public class IdentityClientTransferBehavior : BehaviorExtensionElement, IEndpointBehavior
    {

        [ConfigurationProperty("authenticationType")]
        public string AuthenticationType
        {
            get { return (string)base["authenticationType"]; }
            set { base["authenticationType"] = value; }
        }

        [ConfigurationProperty("user")]
        public string User
        {
            get { return (string)base["user"]; }
            set { base["user"] = value; }
        }

        [ConfigurationProperty("password")]
        public string Password
        {
            get { return (string)base["password"]; }
            set { base["password"] = value; }
        }

        [ConfigurationProperty("domain")]
        public string Domain
        {
            get { return (string)base["password"]; }
            set { base["password"] = value; }
        }

        [ConfigurationProperty("cacheouttime", DefaultValue = 110D, IsRequired = false)]
        public double CacheOutTime
        {
            get { return (double)base["cacheouttime"]; }
            set { base["cacheouttime"] = value; }
        }

        public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
        {
            //nothing to do
        }

        public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
        {
            if (string.IsNullOrEmpty(AuthenticationType))
                clientRuntime.MessageInspectors.Add(new IdentityClientMessageInspector());
            else
                clientRuntime.MessageInspectors.Add(new IdentityClientMessageInspector(()=>GetUserIdentity()));
        }

        public void ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
        {
            //nothing to do
        }

        public void Validate(ServiceEndpoint endpoint)
        {
            //nothing to do
        }

        protected override object CreateBehavior()
        {
            return CreateInstance();
        }

        public override Type BehaviorType
        {
            get { return typeof(IdentityClientTransferBehavior); }
        }

        IdentityClientTransferBehavior CreateInstance()
        {
            return new IdentityClientTransferBehavior()
            {
                AuthenticationType = this.AuthenticationType,
                Domain = this.Domain,
                User = this.User,
                Password = this.Password,
                CacheOutTime = this.CacheOutTime
            };
        }

        UserIdentity GetUserIdentity()
        {
            Security.Dtos.UserIdentityDto userIdnetityDto = null;

            switch (AuthenticationType.Trim().ToUpper())
            {
                case AuthenticationTypes.ANONYMOUS://密码登陆
                    userIdnetityDto = new Security.SecurityClient().AnonymousLogin(Password);
                    break;
                case AuthenticationTypes.USER_PASSWORD://用户密码登陆
                    userIdnetityDto = new Security.SecurityClient().LoginByUserAccount(User, Password);
                    break;
                case AuthenticationTypes.ACTIVE_DIRECTORY://域账户登陆
                    userIdnetityDto = new Security.SecurityClient().LoginByDomainAccount(User, Password, Domain);
                    break;
                case AuthenticationTypes.WINDOWS_IDENTITY://系统集成登陆
                    userIdnetityDto = new Security.SecurityClient().LoginByWindowsIdentity(System.Security.Principal.WindowsIdentity.GetCurrent());
                    break;
            }

            var userIdentity = new Security.UserIdentity(userIdnetityDto);

            return userIdentity;
        }

    }
[Serializable]
    public class SecurityClient
    {
        public UserIdentityDto AnonymousLogin(string password)
        {
            return ClientFactory.CreateClient<ISecurityProviderService>().AnonymousLogin(password);
        }

        public UserIdentityDto LoginByUserAccount(string userName, string password)
        {
            return ClientFactory.CreateClient<ISecurityProviderService>().LoginByUserAccount(userName,password);
        }

        public UserIdentityDto LoginByDomainAccount(string domainAccountName, string password, string domainName)
        {
            return ClientFactory.CreateClient<ISecurityProviderService>().LoginByDomainAccount(domainAccountName, password, domainName);
        }

        public UserIdentityDto LoginByWindowsIdentity(WindowsIdentity windowsIdentity)
        {
            return ClientFactory.CreateClient<ISecurityProviderService>(typeof(ISecurityProviderService).FullName + ".WindowsIntegration").LoginByWindowsIdentity();
        }

        public UserPrincipalDto GetUserPrincipalByToken(string userToken)
        {
            return ClientFactory.CreateClient<ISecurityProviderService>().GetUserPrincipalByToken(userToken);
        }

        public void Logout(string userToken)
        {
            ClientFactory.CreateClient<ISecurityProviderService>().Logout(userToken);
        }

        public bool CheckUserToken(string userToken)
        {
            return ClientFactory.CreateClient<ISecurityProviderService>().CheckUserToken(userToken);    
        }
    }
public class IdentityClientMessageInspector : IClientMessageInspector
    {
        private Func<UserIdentity> _getUserIdentity { get; set; }

        private const string USER_IDENTITY_TOKEN = "User_Identity_Token";

        public IdentityClientMessageInspector()
        { }

        public IdentityClientMessageInspector(Func<UserIdentity> getUserIndentity)
        {
            _getUserIdentity = getUserIndentity;
        }

        public void AfterReceiveReply(ref Message reply, object correlationState)
        {

        }

        public object BeforeSendRequest(ref Message request, System.ServiceModel.IClientChannel channel)
        {
            //If there is a user identity that be passed in, assign the current context identity as ClientUser, and then transfer it to server side;
            //Otherwise transfer the current context identity to server side. 

            UserIdentity userIdentity = null;

            if (_getUserIdentity != null)
            {
                //Get user identity for each request to prevent from the token expiration exception  
                userIdentity = _getUserIdentity.Invoke();

                if (UserIdentity.Current != null)
                    userIdentity.ClientUser = UserIdentity.Current.ClientUser.Clone();
            }
            else
            {
                userIdentity = UserIdentity.Current;
            }

            //Add user identity token into message headers
            if (userIdentity != null)
            {
                request.Headers.Add(MessageHeader.CreateHeader(
                            USER_IDENTITY_TOKEN,
                            string.Empty,
                            userIdentity.Serialize()));
            }

            return null;
        }
    }
[Serializable]
    public class UserIdentity : IIdentity, IDisposable
    {
        /// <summary>
        /// Current User Id
        /// </summary>
        public int UserId { get; set; }

        /// <summary>
        /// Current user account
        /// </summary>
        public string Account { get; set; }

        /// <summary>
        /// Current user name
        /// </summary>
        public string Name { get; set; }

        /// <summary>
        /// Current user AuthenticationType. Current custom AuthenticationType:<see cref="AuthenticationTypes"/>
        /// </summary>
        public string AuthenticationType { get; set; }

        /// <summary>
        /// Is current user authenicatd
        /// </summary>
        public bool IsAuthenticated { get; set; }

        /// <summary>
        /// Current login user's usertoken. When user hasn't login the system, the usertoken is empty.
        /// </summary>
        public string UserToken { get; set; }

        public bool NeedToChangePassword { get; set; }

        public string ClientIP { get; set; }

        public UserIdentity ClientUser { get; set; }

        /// <summary>
        /// Instance UserIdentity by user identity data transfer object.
        /// </summary>
        /// <param name="dto">User identity data transfer object</param>
        public UserIdentity(UserIdentityDto dto)
        {
            InitialUserIndentity(dto);
        }

        public UserIdentity() { }

        #region Login

        /// <summary>
        /// Instance UserIdentity by user account. User will call login service and login system by user account while instance UserIdenity in this mode.
        /// </summary>
        /// <param name="userName">User account name</param>
        /// <param name="password">Account password</param>
        public UserIdentity(string userName, string password)
        {
            var client = new SecurityClient();
            UserIdentityDto dto = client.LoginByUserAccount(userName, password);
            InitialUserIndentity(dto);
        }

        /// <summary>
        /// Instance UserIdentity by current windows identity. User will call login service and login system by current windows identity 
        /// while instance UserIdenity in this mode.
        /// </summary>
        /// <param name="windowsIdentity">WindowsIdentity<see cref="WindowsIdentity"/></param>
        public UserIdentity(WindowsIdentity windowsIdentity)
        {
            var client = new SecurityClient();
            UserIdentityDto dto = client.LoginByWindowsIdentity(windowsIdentity);
            InitialUserIndentity(dto);
        }

        /// <summary>
        /// Instance UserIdentity by domain account. User will call login service and login system by domain account
        /// while instance UserIdenity in this mode.
        /// </summary>
        /// <param name="domainAccountName">Domain account name</param>
        /// <param name="password">Domain account password</param>
        /// <param name="domainName">Domain name</param>
        public UserIdentity(string domainAccountName, string password, string domainName)
        {
            var client = new SecurityClient();
            UserIdentityDto dto = client.LoginByDomainAccount(domainAccountName, password, domainName);

            InitialUserIndentity(dto);
        }

        public UserIdentity(string password)
        {
            var client = new SecurityClient();
            UserIdentityDto dto = client.AnonymousLogin(password);
            InitialUserIndentity(dto);
        }

        public bool CheckUserToken()
        {
            var client = new SecurityClient();
            return client.CheckUserToken(this.UserToken);
        }

        public string Serialize()
        {
            return De.Framework.Utility.Serialization.XmlObjSerializer.Serialize(this);
        }

        public static UserIdentity Deserialize(string userIdentityContent)
        {
            return De.Framework.Utility.Serialization.XmlObjSerializer.Deserialize<UserIdentity>(userIdentityContent);
        }

        /// <summary>
        /// Get current user identity from the current user principal.
        /// If there is not the information, return null;
        /// </summary>
        public static UserIdentity Current
        {
            get
            {
                if (UserPrincipal.Current == null)
                    return null;

                return UserPrincipal.Current.Identity as UserIdentity;
            }
        }

        /// <summary>
        /// Initial current user identity
        /// </summary>
        /// <param name="dto">User identity data transfer object</param>
        private void InitialUserIndentity(UserIdentityDto dto)
        {
            this.UserId = dto.UserId;
            this.IsAuthenticated = dto.IsAuthenticated;
            this.Account = dto.UserAccount;
            this.Name = dto.UserName;
            this.UserToken = dto.UserToken;
            this.AuthenticationType = dto.AuthenticationType;
            this.NeedToChangePassword = dto.NeedToChangePassword;

            System.Net.IPAddress[] address = System.Net.Dns.GetHostAddresses(System.Net.Dns.GetHostName());
            if (address != null)
            {
                foreach (var item in address)
                {
                    if (item.AddressFamily.Equals(AddressFamily.InterNetwork))
                    {
                        this.ClientIP = item.ToString();
                        break;
                    }
                }
            }

            if (this.ClientUser == null)
                this.ClientUser = this.Clone();
        }

        /// <summary>
        /// Dispose current user identity and logout the system.
        /// </summary>
        public void Dispose()
        {
            //var client = new SecurityClient();
            //client.Logout(UserToken);
        }

        public UserIdentity Clone()
        {
            return this.MemberwiseClone() as UserIdentity;
        }

        #endregion

        public static string GetClientIP()
        {
            var userIdentity = UserIdentity.Current;

            if (userIdentity != null && userIdentity.ClientUser != null)
            {
                return userIdentity.ClientUser.ClientIP;
            }

            return string.Empty;
        }
    }
/// <summary>
    /// User principal, inherit from IPrincipal.<see cref="IPrincipal"/>
    /// UserPrincpal contains user identity and user roles, used for authentication and authrization.
    /// </summary>
    [Serializable]
    public class UserPrincipal : IPrincipal, IDisposable
    {
        private const string USER_PRINCIPAL = "__USER_PRINCIPAL";

        /// <summary>
        /// <see cref="UserIdentity"/>
        /// </summary>
        private UserIdentity _identity;

        /// <summary>
        /// <see cref="Identity"/>
        /// </summary>
        public IIdentity Identity
        {
            get { return _identity; }
        }

        private List<Role> _roles;
        public List<Role> Roles
        {
            get { return _roles; }
            set { _roles = value; }
        }

        private List<Permission> _permissions;
        public List<Permission> Permissions
        {
            get { return _permissions; }
            set { _permissions = value; }
        }

        /// <summary>
        /// Current login user principal. If haven't login the system, the UserPrincipal.Current is null.
        /// </summary>
        public static UserPrincipal Current
        {
            get
            {
                UserPrincipal userPrincipal = null;

                if (OperationUserPrincipalContext.Current != null)
                {
                    userPrincipal = OperationUserPrincipalContext.Current.UserPrincipal;
                }
                else
                {
                    userPrincipal = CallContext.LogicalGetData(USER_PRINCIPAL) as UserPrincipal;

                    if (userPrincipal == null)
                        userPrincipal = AppDomain.CurrentDomain.GetData(USER_PRINCIPAL) as UserPrincipal;
                }

                return userPrincipal;
            }
            set
            {
                if (OperationUserPrincipalContext.Current != null)
                {
                    OperationUserPrincipalContext.Current.UserPrincipal = value;
                }
                else
                {
                    CallContext.LogicalSetData(USER_PRINCIPAL, value);

                    AppDomain.CurrentDomain.SetData(USER_PRINCIPAL, value);
                }
            }
        }

        /// <summary>
        /// Instance UserPrincipal by UserIdentity.<see cref="UserIdentity"/>
        /// </summary>
        /// <param name="userIdentity">User identity</param>
        /// <param name="isLoggingin">Yes:user logging in the system. No:calling service</param>
        public UserPrincipal(UserIdentity userIdentity)
        {
            if (userIdentity == null)
                throw new ArgumentNullException("userIdentity");

            var client = new SecurityClient();
            InitialUserPrincipal(client.GetUserPrincipalByToken(userIdentity.UserToken));
        }

        /// <summary>
        /// Instance UserPrincipal by user principal data transfer object after calling the service.
        /// </summary>
        /// <param name="dto">User principal data transfer object</param>
        public UserPrincipal(UserPrincipalDto dto)
        {
            InitialUserPrincipal(dto);
        }

        public UserPrincipal(string userToken)
        {
            var client = new SecurityClient();
            UserPrincipalDto dto = client.GetUserPrincipalByToken(userToken);
            if (dto != null)
            {
                _identity = new UserIdentity(dto.UserIdentityDto);

                InitialUserPrincipal(dto);
            }
        }

        /// <summary>
        /// Initial UserPrincipal by user principal data transfer object.
        /// </summary>
        /// <param name="dto">User principal data transfer object</param>
        private void InitialUserPrincipal(UserPrincipalDto dto)
        {
            _identity = new UserIdentity(dto.UserIdentityDto);

            if (_permissions == null)
                _permissions = new List<Permission>();

            foreach (SecurityRoleDto securityRoleDto in dto.RoleDtoList)
            {
                var permissions = securityRoleDto.GetPermissions();
                permissions.ForEach(o => _permissions.Add(new Permission(o)));
            }

            if (_roles == null)
                _roles = new List<Role>();

            dto.RoleDtoList.ForEach(a => _roles.Add(new Role(a)));
        }

        /// <summary>
        /// Is current user the specified role type
        /// </summary>
        /// <param name="role">Specified role code</param>
        /// <returns>True, is the specified role type. else, not</returns>
        public bool IsInRole(string role)
        {
            return Roles.Any(o => o.Code.ToLower() == role.ToLower());
        }

        /// <summary>
        /// Does current user have right to the specified system resource with the specified operation
        /// </summary>
        /// <param name="systemResourceCode">The specified system resource</param>
        /// <param name="systemAccessCode">The specified operation</param>
        /// <returns>True, has right. else, not</returns>
        public bool HasRight(string systemResourceCode, string systemAccessCode)
        {
            return
                Permissions.Any(
                    o => o.SystemResourceCode.ToLower() == systemResourceCode.ToLower() && o.SystemAccessCode.ToLower() == systemAccessCode.ToLower());
        }

        public void Dispose()
        {
            new SecurityClient().Logout(_identity.UserToken);
        }
    }
public class OperationUserPrincipalContext
    {
        static System.Collections.Concurrent.ConcurrentDictionary<int, OperationUserPrincipalContext> _contexts = new System.Collections.Concurrent.ConcurrentDictionary<int, OperationUserPrincipalContext>();

        public UserPrincipal UserPrincipal { get; set; }

        public int OperationContextHashCode { get; private set; }

        private OperationUserPrincipalContext(int operationContextHashCode)
        {
            OperationContextHashCode = operationContextHashCode;
        }

        public static OperationUserPrincipalContext Current
        {
            get
            {
                if (OperationContext.Current == null)
                    return null;

                var operationContextHashCode = OperationContext.Current.GetHashCode();

                var currentContext = _contexts.GetOrAdd(operationContextHashCode, (id) =>
                    {
                        //Listen operation completed event
                        OperationContext.Current.OperationCompleted += (s, e) =>
                            {
                                //Release OperationUserPrincipalContext
                                OperationUserPrincipalContext context;
                                _contexts.TryRemove(id, out context);
                            };

                        return new OperationUserPrincipalContext(operationContextHashCode);
                    });

                return currentContext;
            }
        }
    }

WCF服务端直接使用UserIdentity.Current即可获取当前访问用户。

posted on 2018-03-05 15:46  庭前竹  阅读(165)  评论(0编辑  收藏  举报