#region
using CSFrameworkV5.Common;
using CSFrameworkV5.Core;
using CSFrameworkV5.Core.SystemSecurity;
#endregion
namespace CSFrameworkV5.WCFContract
{
///
/// 服务端:WCF服务层安全检查核心类
///
public static class WebSecurity
{
///
/// 检查客户端恶意访问后台
///
private static bool _AttackValidation;
///
/// 是否检查客户端恶意攻击
///
public static bool AttackValidation
{
get => _AttackValidation;
set => _AttackValidation = value;
}
public static Loginer ValidateLoginer(byte[] loginTicket)
{
//是否连续攻击
if (AttackValidation) AttackRecorder.IsAttack();
//加密令牌解析成功
var user = WebServiceSecurity.ValidateLoginer(loginTicket);
//检查用户名及密码
if (!ActivityUserCache.ValidateUser(user.Account, user.Password))
throw new CustomException("用户名或密码不正确!");
return user;
}
///
/// 检查用户登录凭证,并且检查两次访问时间
///
/// 用户登录凭证
/// 检查连续调用方法攻击
///
public static Loginer ValidateLoginer(byte[] loginTicket,
bool checkAttack)
{
if (checkAttack) AttackRecorder.IsAttack();
//加密令牌解析成功
var user = WebServiceSecurity.ValidateLoginer(loginTicket);
//检查用户名及密码
if (!ActivityUserCache.ValidateUser(user.Account, user.Password))
throw new CustomException("用户名或密码不正确!");
return user;
}
///
/// 用户登录的验证码,防止用户恶意攻击Login接口.
///
/// 验证码
///
public static bool ValidateLoginIdentity(byte[] identity)
{
//是否连续攻击
if (AttackValidation) AttackRecorder.IsAttack();
var isIdentity = WebServiceSecurity.ValidateLoginIdentity(identity);
return isIdentity;
}
}
}