diff --git a/CoreCms.Net.Auth/AuthorizationSetup.cs b/CoreCms.Net.Auth/AuthorizationSetup.cs index bb9b78b4..2dad8c74 100644 --- a/CoreCms.Net.Auth/AuthorizationSetup.cs +++ b/CoreCms.Net.Auth/AuthorizationSetup.cs @@ -16,7 +16,9 @@ using System.Security.Claims; using System.Text; using System.Threading.Tasks; using CoreCms.Net.Auth.Policys; +using CoreCms.Net.Caching.Manual; using CoreCms.Net.Configuration; +using CoreCms.Net.Model.ViewModels.UI; using CoreCms.Net.Utility.Extensions; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.JwtBearer; @@ -25,6 +27,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; using NETCore.Encrypt; +using Newtonsoft.Json; namespace CoreCms.Net.Auth { @@ -109,6 +112,39 @@ namespace CoreCms.Net.Auth if (!string.IsNullOrEmpty(token.Trim())) { context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + + //简单单点登录校验 + if (!string.IsNullOrEmpty(context.Token) && AppSettingsConstVars.UserSSO) + { + var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(context.Token); + var claimsIdentity = new ClaimsIdentity(jwtToken.Claims); + var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); + var userid = claimsPrincipal?.Claims.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Jti)?.Value; //登录时存入claims的用户唯一标识 + var mJwt = ManualDataCache.Instance.Get("LoginUser:" + userid); + if (string.IsNullOrEmpty(mJwt)) + { + context.Response.Headers.Append("Token-Error-Token", "UserLoginStatusError"); + var jm = new AdminUiCallBack(); + jm.code = 401; + jm.data = 401; + jm.msg = "Sorry, your login information could not be found."; + context.Response.WriteAsync(JsonConvert.SerializeObject(jm)); + return Task.CompletedTask; + } + else + { + if (mJwt != token) + { + context.Response.Headers.Append("Token-Error-Token", "The current user logged in elsewhere"); + var jm = new AdminUiCallBack(); + jm.code = 401; + jm.data = 401; + jm.msg = "Sorry, your account has already been logged in elsewhere."; + context.Response.WriteAsync(JsonConvert.SerializeObject(jm)); + return Task.CompletedTask; + } + } + } } else { diff --git a/CoreCms.Net.Auth/CoreCms.Net.Auth.csproj b/CoreCms.Net.Auth/CoreCms.Net.Auth.csproj index f3302e26..649aaace 100644 --- a/CoreCms.Net.Auth/CoreCms.Net.Auth.csproj +++ b/CoreCms.Net.Auth/CoreCms.Net.Auth.csproj @@ -11,6 +11,7 @@ + diff --git a/CoreCms.Net.Configuration/AppSettingsConstVars.cs b/CoreCms.Net.Configuration/AppSettingsConstVars.cs index 5633c072..0d210d96 100644 --- a/CoreCms.Net.Configuration/AppSettingsConstVars.cs +++ b/CoreCms.Net.Configuration/AppSettingsConstVars.cs @@ -13,6 +13,12 @@ namespace CoreCms.Net.Configuration /// public static class AppSettingsConstVars { + #region 全局其他参数================================================================================ + /// + /// 是否开启后台登录用户只能单点登录 + /// + public static readonly bool UserSSO = AppSettingsHelper.GetContent("GlobalSetting", "UserSSO").ObjToBool(); + #endregion #region 全局地址================================================================================ /// diff --git a/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs b/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs index ee5777cf..9ca2ec7c 100644 --- a/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs +++ b/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs @@ -17,6 +17,7 @@ using System.Security.Claims; using System.Threading.Tasks; using CoreCms.Net.Auth.OverWrite; using CoreCms.Net.Auth.Policys; +using CoreCms.Net.Caching.Manual; using CoreCms.Net.Configuration; using CoreCms.Net.IRepository; using CoreCms.Net.IServices; @@ -138,6 +139,10 @@ namespace CoreCms.Net.Web.Admin.Controllers loginUrl = "Panel.html" }; + //缓存登录数据 + var cacheKey = $"LoginUser:{user.id}"; + ManualDataCache.Instance.Set(cacheKey, auth.token); + //插入登录日志 var log = new SysLoginRecord(); log.username = model.userName; diff --git a/CoreCms.Net.Web.Admin/appsettings.json b/CoreCms.Net.Web.Admin/appsettings.json index aaaead47..c79588ef 100644 --- a/CoreCms.Net.Web.Admin/appsettings.json +++ b/CoreCms.Net.Web.Admin/appsettings.json @@ -8,6 +8,10 @@ //"SqlConnection": "Server=127.0.0.1;Port=3306;Database=CoreShopProfessional;Uid=CoreShopProfessional;Pwd=CoreShopProfessional;CharSet=utf8;pooling=true;SslMode=None;Allow User Variables=true;Convert Zero Datetime=True;Allow Zero Datetime=True;" // Mysql数据库链接字符串,请保持后面的属性别少。经过测试,mysql版本需要5.7或以上 }, + //全局一些设置。 + "GlobalSetting": { + "UserSSO": true //是否开启后台登录用户只能单点登录。 + }, //定时任务管理面板的账户密码 "HangFire": { "Login": "CoreShopProfessional",