上一篇文章主要讲了经销商注册的仓储和领域逻辑的实现,我们先把应用服务协调完成经销商注册这部分暂停一下,后面文章统一讲。
这篇文章主要讲讲经销商登录的仓储和相关逻辑的实现。
在现代应用程序前后端分离的实现中,通常不是将用户登录的信息存储在服务器端Session,因为会存在服务器Session无法传递的情况,也存在WebApi调用时
无法通过Authorize Attribute判断用户是否已经登录并获取用户身份信息的问题。所以现代应用程序都是由服务器后端返回Token给客户端,客户端将Token存储在客户端
Session中,客户端在请求后端接口时,带上Token,服务器端就能够识别客户端是否经过身份验证,而且可以直接拿到客户端的身份。
要实现经销商的登录,主要由以下几个步骤组成。
1.实现经销商登录时信息查询的仓储。
2.在应用服务中,单独建立一个查询文件夹放置经销商登录的查询逻辑。
3.在登录WebApi中,调用应用服务的查询逻辑并分发Token。
1.实现经销商登录时信息查询的仓储:
public interface ILoginRepository
{
Guid UserLogin(string tel, string password);
}
public class LoginEFCoreRepository : ILoginRepository
{
private readonly DbContext context;
public LoginEFCoreRepository(DbContext context)
{
this.context = context;
}
public Guid UserLogin(string tel, string password)
{
var dealercontext = this.context as DealerEFCoreContext;
var enpassword = MD5Encrption.GetMd5Str(password);
var logindealer=
dealercontext.Login.Where(p => p.Code == tel && p.Password == enpassword).FirstOrDefault();
if (logindealer != null)
{
return logindealer.DealerId;
}
return Guid.Empty;
}
}
2.应用服务中调用仓储完成用户登录的查询
public class UserLoginQuery:BaseAppSrv
{
private readonly IRepository irepository;
private readonly ILoginRepository iloginrepository;
public UserLoginQuery(IRepository irepository, ILoginRepository iloginrepository)
{
this.iloginrepository = iloginrepository;
this.irepository = irepository;
}
public Guid Login(UserLoginDTO userlogindto)
{
try
{
using (irepository)
{
return iloginrepository.UserLogin(userlogindto.Telphone, userlogindto.Password);
}
}
catch(Exception error)
{
throw error;
}
}
}
3.在登录WebApi中调用应用服务,并分发令牌
[AllowAnonymous]
[HttpPost]
[Route("UserLogin")]
public ResultEntity<UserLoginResultDTO> UserLogin([FromBody] UserLoginDTO userlogindto)
{
var result = new ResultEntity<UserLoginResultDTO>();
var idealercontext = servicelocator.GetService<IDealerContext>();
var irepository =
servicelocator.GetService<IRepository>(new ParameterOverrides { { "context", idealercontext } });
var iloginrepository = servicelocator.GetService<ILoginRepository>(new ParameterOverrides { { "context", idealercontext } });
UserLoginQuery userloginquery = new UserLoginQuery(irepository, iloginrepository);
try
{
var dealerid = userloginquery.Login(userlogindto);
if (dealerid != Guid.Empty)
{
var token = new JwtTokenBuilder()
.AddSecurityKey(JwtSecurityKey.Create("msshcjsecretmsshcjsecret"))
.AddSubject(userlogindto.Telphone)
.AddIssuer("DDD1ZXSystem")
.AddAudience("DDD1ZXSystem")
.AddClaim("role", "NormalUser")
.AddExpiry(600)
.Build();
var userloginresultdto = new UserLoginResultDTO();
userloginresultdto.Tel = userlogindto.Telphone;
userloginresultdto.DealerId = dealerid;
userloginresultdto.Token = token.Value;
result.IsSuccess = true;
result.Data = userloginresultdto;
result.Msg = "登录成功!";
}
else
{
result.ErrorCode = 300;
result.Msg = "登录失败!";
}
}
catch (Exception error)
{
result.ErrorCode = 200;
result.Msg = error.Message;
}
return result;
}
这里的UserLoginDTO定义如下:
public class UserLoginDTO
{
public string Telphone { get; set; }
public string Password { get; set; }
}
这里的UserLoginResultDTO定义如下:
public class UserLoginResultDTO
{
public string Tel { get; set; }
public Guid DealerId { get; set; }
public string Token { get; set; }
}
这里的JwtTokenBuilder定义如下:
public class JwtTokenBuilder
{
private SecurityKey securityKey = null;
private string subject = "";
private string issuer = "";
private string audience = "";
private Dictionary<string, string> claims = new Dictionary<string, string>();
private int expiryInMinutes = 5;
public JwtTokenBuilder AddSecurityKey(SecurityKey securityKey)
{
this.securityKey = securityKey;
return this;
}
public JwtTokenBuilder AddSubject(string subject)
{
this.subject = subject;
return this;
}
public JwtTokenBuilder AddIssuer(string issuer)
{
this.issuer = issuer;
return this;
}
public JwtTokenBuilder AddAudience(string audience)
{
this.audience = audience;
return this;
}
public JwtTokenBuilder AddClaim(string type,string value)
{
this.claims.Add(type, value);
return this;
}
public JwtTokenBuilder AddExpiry(int expiryInMinutes)
{
this.expiryInMinutes = expiryInMinutes;
return this;
}
public JwtToken Build()
{
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub,this.subject),
new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
}.Union(this.claims.Select(item => new Claim(item.Key, item.Value)));
var token = new JwtSecurityToken(issuer: this.issuer, audience: this.audience, claims: claims,
expires: DateTime.UtcNow.AddMinutes(this.expiryInMinutes), signingCredentials:
new SigningCredentials(this.securityKey, SecurityAlgorithms.HmacSha256));
return new JwtToken(token);
}
}
这里的BearerUserInfo定义如下:
public class BearerUserInfo:Controller
{
public string GetUserName()
{
var principal = HttpContext.User as ClaimsPrincipal;
if (principal != null)
{
foreach(var claim in principal.Claims)
{
if (claim.Subject != null)
{
var subjectclaims = claim.Subject.Claims as List<Claim>;
return subjectclaims[0].Value;
}
}
}
return null;
}
}
这里的JwtSecurityKey定义如下:
public static class JwtSecurityKey
{
public static SymmetricSecurityKey Create(string secret)
{
return new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
}
}
这里的JwtToken定义如下:
public class JwtToken
{
private JwtSecurityToken token;
public JwtToken(JwtSecurityToken token)
{
this.token = token;
}
public DateTime ValidTo => token.ValidTo;
public string Value => new JwtSecurityTokenHandler().WriteToken(this.token);
}
以上采用了.net core中关于OWIN的使用,具体不清楚的属性和方法,可以参考OWIN中.net core的实现标准,这里就不累述了,具体可以参考微信公众号中的视频讲解。