知道日志用户的最佳方法是什么?

时间:2019-04-15 03:14:50

标签: c# asp.net-core-mvc entity-framework-core

你好,我有下一个设计问题:

在访问我的控制器之前,我有一个过滤器来检查身份验证和授权,因此,我必须了解用户。直到那里一切都完美无缺,但是当我想知道登录的用户时,问题就开始了,以便我可以做更多的事情。有什么想法吗?

[AdministratorAuth("DogController")] 
public class DogController : ControllerBase
{    
   [HttpGet]
   public IAction GetDogsOfUser()
   {
       return Ok(dogLogic.GetDogsOfUser());
   }
}

public class LoginAuth : Attribute, IActionFilter
    {
        public static Guid Token { get; private set; }

        public void OnActionExecuted(ActionExecutedContext context)
        {

        }

        public void OnActionExecuting(ActionExecutingContext context)
        {
            string headerToken = context.HttpContext.Request.Headers["Authorization"];

            if (headerToken is null) 
            {
                context.Result = new ContentResult()
                {
                    Content = "Token is required",
                };
            } else 
            {
                try 
                {
                    Guid token = Guid.Parse(headerToken);
                    VerifyToken(token, context);
                    Token = token;
                } catch (FormatException) 
                {
                    context.Result = new ContentResult()
                    {
                        Content = "Invalid Token format",
                    };
                }
            }
        }

        private void VerifyToken(Guid token, ActionExecutingContext context)
        {
            using (var sessions = GetSessionLogic(context)) 
            {
                if (!sessions.IsValidToken(token)) 
                {
                    context.Result = new ContentResult()
                    {
                        Content = "Invalid Token",
                    };
                }
            }
        }

        private ISessionLogic GetSessionLogic(ActionExecutingContext context) 
        {
            var typeOfSessionsLogic = typeof(ISessionLogic);
            return context.HttpContext.RequestServices.GetService(typeOfSessionsLogic) as ISessionLogic;
        }
    }

public class AdministratorAuth : LoginAuth
    {
        private readonly string permission;

        public AdministratorAuth(string permission)
        {
            this.permission = permission;
        }

        public void OnActionExecuted(ActionExecutedContext context)
        {

        }

        public void OnActionExecuting(ActionExecutingContext context)
        {
            base.OnActionExecuting(context);
            string headerToken = context.HttpContext.Request.Headers["Authorization"];
            Guid token = Guid.Parse(headerToken);

            using (var sessions = GetSessionLogic(context)) 
            {
                if (!sessions.HasLevel(token, permission)) 
                {
                    context.Result = new ContentResult()
                    {
                        Content = "The user hasn't the permission to access " + permission,
                    };   
                }
            }
        }

        private ISessionLogic GetSessionLogic(ActionExecutingContext context) 
        {
            var typeOfSessionsLogic = typeof(ISessionLogic);
            return context.HttpContext.RequestServices.GetService(typeOfSessionsLogic) as ISessionLogic;
        }
    }

因此,让我们想象一下,如果我想知道登录用户的狗,我该怎么办?

1 个答案:

答案 0 :(得分:-4)

您只需使用 Nlog log4net 功能,

创建一个包含以下内容的模型

Logged = DateTime.Now,
LoginHost = Request.Host.ToString(),
LoginIP = Request.HttpContext.Connection.LocalIpAddress.ToString(),
SessionId = Request.HttpContext.Session.Id
相关问题
最新问题