public ActionResult Login(User user) { User loginedUser; try { loginedUser = userService.Login(user.Username, user.Password); } catch (BizException e) { ModelState.AddModelError("", e.ToString()); return View(); } catch (Exception e) { ModelState.AddModelError("", "系统错误"); log.Error("登录错误", e); return View(); } if (user.RemeberMe) { HttpCookie cookie = new HttpCookie(UserAuthorizeAttribute.COOKIE_USER_REMEBER_KEY); cookie.Expires = DateTime.Now.AddDays(7); cookie[UserAuthorizeAttribute.COOKIE_USER_IDENTITY_KEY] = EncryptUtility.AESEncrypt(user.ID.ToString(), UserAuthorizeAttribute.COOKIE_SECURITY_ENCRYPT); Response.Cookies.Add(cookie); } AuthorizedUser author = new AuthorizedUser(loginedUser); author.Rights = userService.GetUserRights(loginedUser.ID); Session[UserAuthorizeAttribute.AUTHORITY_USER_SESSION_KEY] = author; return RedirectToAction("Index", "Home"); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { //验证SESSION if (httpContext.Request.RawUrl.Contains("/Home/Login")) return true; //if (httpContext.Request.RawUrl.Contains("/File/Upload")) // return true; //HttpCookie IdenUser = httpContext.Request.Cookies.Get("JJY_REMEBER_USER"); //string ident = IdenUser["USER_IDENTIY"]; if (httpContext.Session[AUTHORITY_USER_SESSION_KEY] == null) { HttpCookie IdenUser = httpContext.Request.Cookies.Get(COOKIE_USER_REMEBER_KEY); if (IdenUser != null) { string ident = IdenUser[COOKIE_USER_IDENTITY_KEY]; UserService userService = new UserService(); User user = userService.GetUser(Convert.ToInt32(EncryptUtility.AESDecrypt(ident, COOKIE_SECURITY_ENCRYPT))); AuthorizedUser authorizedUser = new AuthorizedUser(user); authorizedUser.Rights = userService.GetUserRights(authorizedUser.ID); httpContext.Session["Authority"] = authorizedUser; } else { return false; } //return false; } string UserName = httpContext.User.Identity.Name; //当前登录用户的用户名 //查询当前用户是否拥有权限 if (UserName.ToLower().Trim() == "admin") return true; return true; }