第一步:https://open-dev.dingtalk.com/ 登入钉钉开放后台创建扫码登录应用授权
第二步:登录界面前端二维码展示:
前端页面引入:
<script src="https://g.alicdn.com/dingding/dinglogin/0.0.5/ddLogin.js"></script>
在需要显示二维码的区域加一个DIV
<div id="login_container"> </div>
在js脚本控制中加入代码
/* * 解释一下goto参数,参考以下例子: * var url = encodeURIComponent(‘http://localhost.me/index.php?test=1&aa=2‘); * var goto = encodeURIComponent(‘https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=appid&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=‘+url) */ var url = encodeURIComponent(‘@ViewData["URL"]‘); var goto = encodeURIComponent(‘https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=dingoa4wipntvngzokythz&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=‘+url) var obj = DDLogin({ id: "login_container",//这里需要你在自己的页面定义一个HTML标签并设置id,例如<div id="login_container"></div>或<span id="login_container"></span> goto: goto, //请参考注释里的方式 style: "border:none;background-color:rgba(128,128,128,0);color:#fff", width: "300", height: "300" }); var handleMessage = function (event) { var origin = event.origin; console.log("origin", event.origin); if(origin == "https://login.dingtalk.com" ) { //判断是否来自ddLogin扫码事件。 var loginTmpCode = event.data; layer.msg("扫码登入中...", { icon: 6, shade: 0.1, anim: 5, time:1000 }, function () { //获取到loginTmpCode后就可以在这里构造跳转链接进行跳转了 window.location.href ="https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid=dingoa4wipntvngzokythz&response_type=code&scope=snsapi_login&state=STATE&redirect_uri=" + url + "&loginTmpCode=" + loginTmpCode; }); } }; if (typeof window.addEventListener != ‘undefined‘) { window.addEventListener(‘message‘, handleMessage, false); } else if (typeof window.attachEvent != ‘undefined‘) { window.attachEvent(‘onmessage‘, handleMessage); }
解释一下 @ViewData["URL"] 是怎么来的,这个是服务端获取服务器 HOST 地址 然后返回到前端的,这样是为了不写死HOST地址。
服务端HOST的地址怎么地址如下:
[HttpGet] public IActionResult UserLogin() { string url = $"{this.Request.Scheme.ToString()}://{this.Request.Host.ToString()}/Login/DingDingLogin"; ViewData["URL"] = url; return View(); }
第三步:扫码后跳转到服务端(/Login/DingDingLogin)是怎么处理的
/// <summary> /// 钉钉扫码登录 /// </summary> /// <param name="code"></param> /// <returns></returns> [HttpGet] public IActionResult DingDingLogin(string code) { MsgModel msgObj = null; //通过LoginTmpCode获取 string appId = _LoginAppId; string appSecret = _LoginAppSecret; string timestamp = CommonHelper.GetTimeStamp(); string signature = CommonHelper.HmacSign(timestamp, appSecret); string url = $"https://oapi.dingtalk.com/sns/getuserinfo_bycode?accessKey={appId}×tamp={timestamp}&signature={signature}"; postData postData = new postData { tmp_auth_code = code }; string res = JDRMYY.Utility.HttpRequest.https_post_request(url, JsonConvert.SerializeObject(postData),"POST","application/json"); RequestUserInfo userInfo = JsonConvert.DeserializeObject<RequestUserInfo>(res); string unionId = userInfo.user_info.unionid; IDingTalkClient client_token = new DefaultDingTalkClient("https://oapi.dingtalk.com/gettoken"); OapiGettokenRequest req_token = new OapiGettokenRequest(); req_token.SetHttpMethod("GET"); req_token.Appkey = _Appkey; req_token.Appsecret = _Appsecret; OapiGettokenResponse res_token = client_token.Execute(req_token); RequestTokenModel token = JsonConvert.DeserializeObject<RequestTokenModel>(res_token.Body); IDingTalkClient client_userid = new DefaultDingTalkClient("https://oapi.dingtalk.com/user/getUseridByUnionid"); OapiUserGetUseridByUnionidRequest req_userid = new OapiUserGetUseridByUnionidRequest(); req_userid.Unionid = unionId; req_userid.SetHttpMethod("GET"); OapiUserGetUseridByUnionidResponse res_userid = client_userid.Execute(req_userid, token.access_token); RequestUserIdModel userid = JsonConvert.DeserializeObject<RequestUserIdModel>(res_userid.Body); IDingTalkClient client_userinfo = new DefaultDingTalkClient("https://oapi.dingtalk.com/user/get"); OapiUserGetRequest req_userinfo = new OapiUserGetRequest(); req_userinfo.Userid = userid.userid; req_userinfo.SetHttpMethod("GET"); OapiUserGetResponse res_userinfo = client_userinfo.Execute(req_userinfo, token.access_token); RequestUserModel user = JsonConvert.DeserializeObject<RequestUserModel>(res_userinfo.Body); //获取到user.JobNumber(工号)和系统的内部在用的人员数据表进行比对,如果找到人员,则说明有权限登录,否则则无法登录系统(发送钉钉消息给用户,并跳出错误页面)。 string sql = "SELECT * FROM `employee` WHERE `empId` = ?empId and `useflag` = 1"; EmployeeModel LoginUser = _mysqlService.DBFind<EmployeeModel>(_qasystem, sql, new EmployeeModel() { empId = user.jobNumber }); if (LoginUser != null) { SetEmployeeRoles(LoginUser);//设置用户权限 DI.WriteLogs(_mysqlService, _qasystem, new LogModel { log_content = "钉钉扫码登入", log_time = DateTime.Now, log_writer = LoginUser.empName }); return Redirect("/Index/Index"); } else { string Content = $"**质量管理系统:** \n 您尚未注册质量管理系统账户,请联系**质量管理办公室**注册!"; SendDingTalkMsg(user.mobile, Content); DI.WriteLogs(_mysqlService, _qasystem, new LogModel { log_content = $"钉钉扫码登入失败,{LoginUser.empId},未注册", log_time = DateTime.Now, log_writer = LoginUser.empName }); return Redirect("/Login/LoginError"); } return View(); }