using System.Data; using CSFrameworkV4_5.Common; using CSFrameworkV4_5.Core.SystemSecurity; using CSFrameworkV4_5.Models; using CSFrameworkV4_5.Server.DataAccess.DAL_Permission; namespace CSFrameworkV4_5.WCFContract { /// <summary> ///服务端:WCF服务层安全检查核心类 /// </summary> public static class WebSecurity { /// <summary> /// 检查客户端恶意访问后台 /// </summary> private static bool _AttackValidation = false; /// <summary> /// 是否检查客户端恶意攻击 /// </summary> public static bool AttackValidation { get { return _AttackValidation; } set { _AttackValidation = value; } } /// <summary> /// 用户登录的验证码,防止用户恶意攻击Login接口. /// </summary> /// <param name="identity">验证码</param> /// <returns></returns> public static bool ValidateLoginIdentity(byte[] identity) { //是否连续攻击 if (WebSecurity.AttackValidation) AttackRecorder.IsAttack(); bool isIdentity = WebServiceSecurity.ValidateLoginIdentity(identity); return isIdentity; } public static Loginer ValidateLoginer(byte[] loginTicket) { //是否连续攻击 if (WebSecurity.AttackValidation) AttackRecorder.IsAttack(); //加密令牌解析成功 Loginer user = WebServiceSecurity.ValidateLoginer(loginTicket); //检查用户名及密码 if (!ActivityUserCache.ValidateUser(user.Account, user.Password)) throw new CustomException("用户名或密码不正确!"); return user; } /// <summary> /// 检查用户登录凭证,并且检查两次访问时间 /// </summary> /// <param name="loginer">用户登录凭证</param> /// <param name="checkAttack">检查连续调用方法攻击</param> /// <returns></returns> public static Loginer ValidateLoginer(byte[] loginTicket, bool checkAttack) { if (checkAttack) AttackRecorder.IsAttack(); //加密令牌解析成功 Loginer user = WebServiceSecurity.ValidateLoginer(loginTicket); //检查用户名及密码 if (!ActivityUserCache.ValidateUser(user.Account, user.Password)) throw new CustomException("用户名或密码不正确!"); return user; } } }