// PUT api/password/{username}
// 用于修改自己的密码
public void Put(string id, Password_API_Put password)
{
this.CheckUserName(id);
this.CheckAdministrator(id);
//解密出明文密码
string strPwdToSet = WebApiServerHelper.DecodeConfidentialMessage(password.Password, this.GetUserTwiceMd5Pwd());
if (string.IsNullOrEmpty(strPwdToSet) || !Regex.IsMatch(password.Password, Verifier.REG_EXP_PASSWORD))
{
throw new WebApiException(WebApiExceptionCode.IncorrectArgument, Verifier.ERRMSG_REG_EXP_PASSWORD);
}
Managers.s_userManager.SetPassword(id, strPwdToSet);
}
protected WebApiPrincipal GetWebApiPrincipal(string strName, string strKey, HttpActionContext actionContext)
{
//获取用户基本信息(包括经过二次MD5加密的密码)
UserInfo_BLL userBll = Managers.s_userManager.GetUser(strName);
if (userBll != null)
{
string strEncryptedPassword = Managers.s_userManager.GetEncryptedPwdOfUser(strName);
try
{
Guid guidRequest = Guid.Empty;
if (!WebApiServerHelper.VerifyAuthKey(strName, strKey, actionContext.Request.RequestUri.ToString(),
strEncryptedPassword, ref guidRequest))
{
return(null);
}
//判断GUID防止重发攻击
if (!GlobalServerData.s_guidsetRequest.IsExistAndAdd(guidRequest))
{
return(null);
}
return(new WebApiPrincipal(new WebApiIdentity
{
Name = userBll.UserName,
DispName = userBll.RealName,
Password = strEncryptedPassword,
Role = userBll.Role
}));
}
catch (Exception)
{
//Ignore any exception
}
}
return(null);
}
