【新增】后端用户登录增加简单单点登录限制功能。

2025-12-06 16:03:25 +08:00 · 2024-07-30 00:50:24 +08:00
parent b0439968a9
commit ac4bcb2b7a
5 changed files with 52 additions and 0 deletions
--- a/CoreCms.Net.Auth/AuthorizationSetup.cs
+++ b/CoreCms.Net.Auth/AuthorizationSetup.cs
@@ -16,7 +16,9 @@ using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using CoreCms.Net.Auth.Policys;
+using CoreCms.Net.Caching.Manual;
 using CoreCms.Net.Configuration;
+using CoreCms.Net.Model.ViewModels.UI;
 using CoreCms.Net.Utility.Extensions;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -25,6 +27,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Tokens;
 using NETCore.Encrypt;
+using Newtonsoft.Json;

 namespace CoreCms.Net.Auth
 {
@@ -109,6 +112,39 @@ namespace CoreCms.Net.Auth
                             if (!string.IsNullOrEmpty(token.Trim()))
                             {
                                 context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
+
+                                 //简单单点登录校验
+                                 if (!string.IsNullOrEmpty(context.Token) && AppSettingsConstVars.UserSSO)
+                                 {
+                                     var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(context.Token);
+                                     var claimsIdentity = new ClaimsIdentity(jwtToken.Claims);
+                                     var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
+                                     var userid = claimsPrincipal?.Claims.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Jti)?.Value; //登录时存入claims的用户唯一标识
+                                     var mJwt = ManualDataCache.Instance.Get<string>("LoginUser:" + userid);
+                                     if (string.IsNullOrEmpty(mJwt))
+                                     {
+                                         context.Response.Headers.Append("Token-Error-Token", "UserLoginStatusError");
+                                         var jm = new AdminUiCallBack();
+                                         jm.code = 401;
+                                         jm.data = 401;
+                                         jm.msg = "Sorry, your login information could not be found.";
+                                         context.Response.WriteAsync(JsonConvert.SerializeObject(jm));
+                                         return Task.CompletedTask;
+                                     }
+                                     else
+                                     {
+                                         if (mJwt != token)
+                                         {
+                                             context.Response.Headers.Append("Token-Error-Token", "The current user logged in elsewhere");
+                                             var jm = new AdminUiCallBack();
+                                             jm.code = 401;
+                                             jm.data = 401;
+                                             jm.msg = "Sorry, your account has already been logged in elsewhere.";
+                                             context.Response.WriteAsync(JsonConvert.SerializeObject(jm));
+                                             return Task.CompletedTask;
+                                         }
+                                     }
+                                 }
                             }
                             else
                             {
--- a/CoreCms.Net.Auth/CoreCms.Net.Auth.csproj
+++ b/CoreCms.Net.Auth/CoreCms.Net.Auth.csproj
@@ -11,6 +11,7 @@
  </ItemGroup>

  <ItemGroup>
+    <ProjectReference Include="..\CoreCms.Net.Caching\CoreCms.Net.Caching.csproj" />
    <ProjectReference Include="..\CoreCms.Net.Configuration\CoreCms.Net.Configuration.csproj" />
    <ProjectReference Include="..\CoreCms.Net.IRepository\CoreCms.Net.IRepository.csproj" />
    <ProjectReference Include="..\CoreCms.Net.IServices\CoreCms.Net.IServices.csproj" />
--- a/CoreCms.Net.Configuration/AppSettingsConstVars.cs
+++ b/CoreCms.Net.Configuration/AppSettingsConstVars.cs
@@ -13,6 +13,12 @@ namespace CoreCms.Net.Configuration
    /// </summary>
    public static class AppSettingsConstVars
    {
+        #region 全局其他参数================================================================================
+        /// <summary>
+        /// 是否开启后台登录用户只能单点登录
+        /// </summary>
+        public static readonly bool UserSSO = AppSettingsHelper.GetContent("GlobalSetting", "UserSSO").ObjToBool();
+        #endregion

        #region 全局地址================================================================================
        /// <summary>
--- a/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs
+++ b/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs
@@ -17,6 +17,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using CoreCms.Net.Auth.OverWrite;
 using CoreCms.Net.Auth.Policys;
+using CoreCms.Net.Caching.Manual;
 using CoreCms.Net.Configuration;
 using CoreCms.Net.IRepository;
 using CoreCms.Net.IServices;
@@ -138,6 +139,10 @@ namespace CoreCms.Net.Web.Admin.Controllers
                    loginUrl = "Panel.html"
                };

+                //缓存登录数据
+                var cacheKey = $"LoginUser:{user.id}";
+                ManualDataCache.Instance.Set(cacheKey, auth.token);
+
                //插入登录日志
                var log = new SysLoginRecord();
                log.username = model.userName;
--- a/CoreCms.Net.Web.Admin/appsettings.json
+++ b/CoreCms.Net.Web.Admin/appsettings.json
@@ -8,6 +8,10 @@
    //"SqlConnection": "Server=127.0.0.1;Port=3306;Database=CoreShopProfessional;Uid=CoreShopProfessional;Pwd=CoreShopProfessional;CharSet=utf8;pooling=true;SslMode=None;Allow User Variables=true;Convert Zero Datetime=True;Allow Zero Datetime=True;"
    // Mysql数据库链接字符串，请保持后面的属性别少。经过测试，mysql版本需要5.7或以上
  },
+  //全局一些设置。
+  "GlobalSetting": {
+    "UserSSO": true //是否开启后台登录用户只能单点登录。
+  },
  //定时任务管理面板的账户密码
  "HangFire": {
    "Login": "CoreShopProfessional",