public ActionResult LoginAc(string userName, string pwd, string checkNub)
{
#region 1.判断验证是否正确
if (Session[Sessionvalues.LoginValideCode] != null && !checkNub.IsSame(Session[Sessionvalues.LoginValideCode].ToString()))
{
return(OpeCur.AjaxMsgNOOK("验证码输入错误"));
}
#endregion
#region 2.判断用户名密码是否正确
pwd = EncryptorManager.EncryptString(pwd, EncryptorType.MD5);
UserInfo userInfo = OpeCur.BllServices.UserInfoService.LoadEntities(c => c.UserName == userName && c.Pwd == pwd).SingleOrDefault();
if (userInfo == null)
{
return(OpeCur.AjaxMsgNOOK("用户名或密码错误"));
}
//后台是否有权限
if (!IsLoginBackSystem(userName))
{
return(OpeCur.AjaxMsgNOOK("没有权限登录后台"));
}
#region 设置为永久登录
OpeCur.CurrentUserInfo = userInfo;
OpeCur.UserMenus = OpeCur.BllServices.MenuService.GetUserPermission(userInfo.UserName);
OpeCur.UserNameCookie = userInfo.UserName;
#endregion
#endregion
return(OpeCur.AjaxMsgOK("登录成功了~", "/admin/base/MenuManage"));
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
#region 初始化
var context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"]; //获取传统context
var request = context.Request; //定义传统request对象
var paramStr = new StringBuilder();
var coll = new NameValueCollection();
if (request.HttpMethod.ToLower() == "get")
{
coll = request.QueryString;
}
else
{
coll = request.Form;
}
#endregion
#region 解析XML配置文件
var config = CacheConfigFile.ConfigFactory.Instance.GetConfig <ApiValidateModelConfig>().ApiValidateModelList.FirstOrDefault(i => i.AppKey == coll["AppKey"]);
if (config == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("AppKey不是合并的,请先去组织生成有效的Key", Encoding.GetEncoding("UTF-8"))
};
base.OnActionExecuting(actionContext);
return;
}
if (config.ExpireDate < DateTime.Now)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("AppKey不是合并的,密钥已过期", Encoding.GetEncoding("UTF-8"))
};
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 验证算法
var keys = new List <string>();
foreach (string param in coll.Keys)
{
if (!string.IsNullOrEmpty(param))
{
keys.Add(param.ToLower());
}
}
keys.Sort();
foreach (string p in keys)
{
if (p != "ciphertext")
{
if (!string.IsNullOrEmpty(coll[p]))
{
paramStr.Append(coll[p]);
}
}
}
paramStr.Append(DateTime.Now.ToUniversalTime().ToString("yyyyMMddHHmm"));
paramStr.Append(config.PassKey);
#endregion
if (EncryptorManager.EncryptString(paramStr.ToString(), EncryptorType.MD5)
!= request["cipherText"])
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("验证失败,请求非法", Encoding.GetEncoding("UTF-8"))
};
}
base.OnActionExecuting(actionContext);
}
