Beispiel #1
0
        public void OnActionExecuting(ActionExecutingContext context)
        {
            string user = context.HttpContext.Session.GetString("User");

            if (user == null || user.Equals(string.Empty))
            {
                if (context.HttpContext.Request.Cookies["UserName"] != null && context.HttpContext.Request.Cookies["UserName"] != string.Empty && context.HttpContext.Request.Cookies["Password"] != null && context.HttpContext.Request.Cookies["Password"] != string.Empty)
                {
                    dataProtectorUtil.PrivateKeyJson = cookieSettings.CookiePrivateKeyJson;
                    User userObj = userService.GetUserByUserName(dataProtectorUtil.DecryptString(context.HttpContext.Request.Cookies["UserName"]));
                    if (userObj.Password.Equals(dataProtectorUtil.DecryptString(context.HttpContext.Request.Cookies["Password"])))
                    {
                        context.HttpContext.Session.SetString("User", Newtonsoft.Json.JsonConvert.SerializeObject(userObj));
                        userService.AddLoginTimes(userObj.Id);
                    }
                    else
                    {
                        context.Result = new RedirectResult("/User/Login");
                    }
                }
                else
                {
                    context.Result = new RedirectResult("/User/Login");
                }
            }
        }
Beispiel #2
0
        public bool ActivateUser(string code, string emailAddress, out string message)
        {
            // 解决get不能传“+”的问题
            code = code.Replace("_", "+");
            var user = userRepository.SelectByEmail(emailAddress);

            if (user == null)
            {
                message = "用户不存在!";
                return(false);
            }

            var email = emailRepository.SelectLastByUserId(user.Id, 0);

            // 使用RSA解密算法,解密code
            dataProtectorUtil.PrivateKeyJson = email.PrivateKeyJson;
            string deCode = "";

            try
            {
                deCode = dataProtectorUtil.DecryptString(code);
            }
            catch (FormatException)
            {
                message = "参数错误!";
                return(false);
            }
            if (user.IsActivate)
            {
                message = "已经激活过了!";
                return(false);
            }
            if (deCode.Equals(user.UserName + user.Password))
            {
                userRepository.UpdateStatus(user.Id, 1);  // 1状态表示已经激活,且可以正常使用的状态
            }
            else
            {
                message = "激活码错误!";
                return(false);
            }
            message = "激活成功!";
            return(true);
        }
        public IActionResult Login(string password)
        {
            if (password == null || password.Equals(string.Empty))
            {
                return(new JsonResult(new { IsSuccess = false, Message = "请填写密码!" }));
            }
            // 解密password
            dataProtectorUtil.PrivateKeyJson = HttpContext.Session.GetString("PrivateKeyJson");
            dataProtectorUtil.PublicKeyJson  = HttpContext.Session.GetString("PublicKeyJson");
            password = dataProtectorUtil.DecryptString(password);

            var configration = new ConfigurationBuilder().AddJsonFile("appGlobal.json").Build();
            var truePassword = configration["ManagerPassword"];

            if (password.Equals(truePassword))
            {
                HttpContext.Session.SetString("IsManagerLogin", true.ToString());
                return(new JsonResult(new { IsSuccess = true }));
            }
            else
            {
                return(new JsonResult(new { IsSuccess = false, Message = "密码错误!" }));
            }
        }
Beispiel #4
0
        public IActionResult Login(LoginViewModel model)
        {
            var result = new LoginResult();

            result.IsValidUserName = true;
            result.IsValidPassword = true;
            if (model.UserName == null || model.UserName.Equals(string.Empty))
            {
                result.UserNameErrorMessage = "登陆用户名不可为空!";
                result.IsValidUserName      = false;
            }
            if (model.Password == null || model.Password.Equals(string.Empty))
            {
                result.PasswordErrorMessage = "密码不可为空!";
                result.IsValidPassword      = false;
            }
            if (result.IsValidUserName && result.IsValidPassword)
            {
                // 使用非对称解密算法,获取用户登录名和密码
                dataProtectorUtil.PrivateKeyJson = HttpContext.Session.GetString("PrivateKeyJson");
                dataProtectorUtil.PublicKeyJson  = HttpContext.Session.GetString("PublicKeyJson");
                model.UserName = dataProtectorUtil.DecryptString(model.UserName);
                model.Password = dataProtectorUtil.DecryptString(model.Password);

                User user = userService.GetUserByUserName(model.UserName);

                if (user == null)
                {
                    result.IsValidUserName      = false;
                    result.UserNameErrorMessage = "该登陆用户名不存在!";
                }
                else
                {
                    result.IsValidUserName = true;
                    if (model.Password.Equals(user.Password))
                    {
                        if (!user.IsActivate)
                        {
                            result.IsSuccess = false;
                            result.message   = "该用户没有被激活!";
                            return(new JsonResult(result));
                        }
                        // 登陆信息正确,将用户信息写入Session
                        HttpContext.Session.SetString("User", Newtonsoft.Json.JsonConvert.SerializeObject(user));
                        result.IsValidPassword = true;
                        result.IsSuccess       = true;
                        userService.AddLoginTimes(user.Id);
                        // 如果用户选择下次自动登陆,则将用户密码和用户登录名使用公钥加密后写入Cookie中
                        // Cookie加密使用本机上设置的密钥,不用现在生成
                        if (model.IsRemember)
                        {
                            dataProtectorUtil.PublicKeyJson  = cookieSettings.CookiePublicKeyJson;
                            dataProtectorUtil.PrivateKeyJson = cookieSettings.CookiePrivateKeyJson;
                            HttpContext.Response.Cookies.Append("UserName", dataProtectorUtil.EncryptString(user.DisplayName), new CookieOptions()
                            {
                                Expires = DateTime.Now.AddDays(cookieSettings.ExpiresValue)
                            });
                            HttpContext.Response.Cookies.Append("Password", dataProtectorUtil.EncryptString(user.Password), new CookieOptions()
                            {
                                Expires = DateTime.Now.AddDays(cookieSettings.ExpiresValue)
                            });
                        }
                        return(new JsonResult(result));
                    }
                    else
                    {
                        result.IsValidPassword      = false;
                        result.PasswordErrorMessage = "密码不正确!";
                    }
                }
            }
            result.IsSuccess = false;
            return(new JsonResult(result));
        }