#region
|
|
using CSFrameworkV5.Common;
|
using CSFrameworkV5.Core;
|
using CSFrameworkV5.Core.SystemSecurity;
|
|
#endregion
|
|
namespace CSFrameworkV5.WCFContract
|
{
|
/// <summary>
|
/// 服务端:WCF服务层安全检查核心类
|
/// </summary>
|
public static class WebSecurity
|
{
|
/// <summary>
|
/// 检查客户端恶意访问后台
|
/// </summary>
|
private static bool _AttackValidation;
|
|
/// <summary>
|
/// 是否检查客户端恶意攻击
|
/// </summary>
|
public static bool AttackValidation
|
{
|
get => _AttackValidation;
|
set => _AttackValidation = value;
|
}
|
|
public static Loginer ValidateLoginer(byte[] loginTicket)
|
{
|
//是否连续攻击
|
if (AttackValidation) AttackRecorder.IsAttack();
|
|
//加密令牌解析成功
|
var user = WebServiceSecurity.ValidateLoginer(loginTicket);
|
|
//检查用户名及密码
|
if (!ActivityUserCache.ValidateUser(user.Account, user.Password))
|
throw new CustomException("用户名或密码不正确!");
|
|
return user;
|
}
|
|
/// <summary>
|
/// 检查用户登录凭证,并且检查两次访问时间
|
/// </summary>
|
/// <param name="loginer">用户登录凭证</param>
|
/// <param name="checkAttack">检查连续调用方法攻击</param>
|
/// <returns></returns>
|
public static Loginer ValidateLoginer(byte[] loginTicket,
|
bool checkAttack)
|
{
|
if (checkAttack) AttackRecorder.IsAttack();
|
|
//加密令牌解析成功
|
var user = WebServiceSecurity.ValidateLoginer(loginTicket);
|
|
//检查用户名及密码
|
if (!ActivityUserCache.ValidateUser(user.Account, user.Password))
|
throw new CustomException("用户名或密码不正确!");
|
|
return user;
|
}
|
|
/// <summary>
|
/// 用户登录的验证码,防止用户恶意攻击Login接口.
|
/// </summary>
|
/// <param name="identity">验证码</param>
|
/// <returns></returns>
|
public static bool ValidateLoginIdentity(byte[] identity)
|
{
|
//是否连续攻击
|
if (AttackValidation) AttackRecorder.IsAttack();
|
|
var isIdentity = WebServiceSecurity.ValidateLoginIdentity(identity);
|
return isIdentity;
|
}
|
}
|
}
|
