using System.Data;
using CSFrameworkV4_5.Common;
using CSFrameworkV4_5.Core.SystemSecurity;
using CSFrameworkV4_5.Models;
using CSFrameworkV4_5.Server.DataAccess.DAL_Permission;
namespace CSFrameworkV4_5.WCFContract
{
/// <summary>
///服务端:WCF服务层安全检查核心类
/// </summary>
public static class WebSecurity
{
/// <summary>
/// 检查客户端恶意访问后台
/// </summary>
private static bool _AttackValidation =
false;
/// <summary>
/// 是否检查客户端恶意攻击
/// </summary>
public static bool AttackValidation
{
get {
return _AttackValidation; }
set { _AttackValidation =
value; }
}
/// <summary>
/// 用户登录的验证码,防止用户恶意攻击Login接口.
/// </summary>
/// <param name="identity">验证码</param>
/// <returns></returns>
public static bool ValidateLoginIdentity(
byte[] identity)
{
//是否连续攻击
if (WebSecurity.AttackValidation) AttackRecorder.IsAttack();
bool isIdentity =
WebServiceSecurity.ValidateLoginIdentity(identity);
return isIdentity;
}
public static Loginer ValidateLoginer(
byte[] loginTicket)
{
//是否连续攻击
if (WebSecurity.AttackValidation) AttackRecorder.IsAttack();
//加密令牌解析成功
Loginer user =
WebServiceSecurity.ValidateLoginer(loginTicket);
//检查用户名及密码
if (!
ActivityUserCache.ValidateUser(user.Account, user.Password))
throw new CustomException(
"用户名或密码不正确!");
return user;
}
/// <summary>
/// 检查用户登录凭证,并且检查两次访问时间
/// </summary>
/// <param name="loginer">用户登录凭证</param>
/// <param name="checkAttack">检查连续调用方法攻击</param>
/// <returns></returns>
public static Loginer ValidateLoginer(
byte[] loginTicket,
bool checkAttack)
{
if (checkAttack) AttackRecorder.IsAttack();
//加密令牌解析成功
Loginer user =
WebServiceSecurity.ValidateLoginer(loginTicket);
//检查用户名及密码
if (!
ActivityUserCache.ValidateUser(user.Account, user.Password))
throw new CustomException(
"用户名或密码不正确!");
return user;
}
}
}
转载于:https://www.cnblogs.com/Jeely/p/11350266.html
相关资源:JAVA上百实例源码以及开源项目
