public async Task <IActionResult> Logon(string username, string userpwd, string language, string returnUrl)
{
string errorMsg = string.Empty;
string currLanguage = language.IsMissing() ? "ZhCn" : language;
//管理员账号
var developer = FapPlatformConstants.Administrator;
//获取用户
FapUser loginUser = _loginService.Login(username);
Employee emp = null;
LocalRedirectResult errorResult = CheckUser();
if (errorResult != null)
{
return(errorResult);
}
LoginLogging();
var claimsPrincipal = CreateClaimsPrincipal();
var authenticationProperties = CreateAuthenticationProperties();
//设置当前角色为普通员工
//_applicationContext.CurrentRoleUid =FapPlatformConstants.CommonUserRoleFid;
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
claimsPrincipal, authenticationProperties).ConfigureAwait(false);
return(Redirect());
LocalRedirectResult CheckUser()
{
PasswordHasher passwordHasher = new PasswordHasher();
if (loginUser == null)
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_exist_user", "不存在此用户");
}
else if (loginUser.EnableState == 0)
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_forbidden_user", "该账户已被禁用");
}
else if (loginUser.IsLocked == 1)
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_lock_user", "该账户暂被锁定");
}
else if (!passwordHasher.VerifyHashedPassword(loginUser.UserPassword, userpwd))
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_password_error", "密码不正确");
//增加尝试次数,超过5次冻结
_loginService.AddTryTimes(loginUser);
}
else if (loginUser.UserIdentity.IsMissing() && loginUser.UserName != developer)
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_mapping_employee", "此用户没有关联人员信息");
}
else
{
if (loginUser.UserIdentity.IsMissing())
{
if (loginUser.UserName.EqualsWithIgnoreCase(developer))
{
emp = new Employee {
Fid = "00000000000000000000", EmpCode = "Administrator", EmpName = "Administrator"
};
}
else
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_find_mapping_employee", "用户关联的人员不存在");
}
}
else
{
emp = _dbContext.QueryFirstOrDefault <Employee>("select Fid,EmpCode,EmpName,DeptUid,DeptCode,EmpPhoto,GroupUid,OrgUid from Employee where Fid=@Fid", new Dapper.DynamicParameters(new { Fid = loginUser.UserIdentity }), true);
if (emp == null)
{
errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_find_mapping_employee", "用户关联的人员不存在");;
}
}
}
if (errorMsg.IsPresent())
{
string loginUrl = _configService.GetSysParamValue(LoginUrl);// FapPlatformConfig.PlatformLoginUrl;
if (loginUrl.IsMissing())
{
loginUrl = "~/";
}
return(LocalRedirect(loginUrl + "?msg=" + System.Net.WebUtility.UrlEncode(errorMsg)));
}
return(null);
}
void LoginLogging()
{
//更新最近登录时间
loginUser.LastLoginTime = DateTimeUtils.CurrentDateTimeStr;
loginUser.PasswordTryTimes = 0;
_loginService.UpdateLastLoginTime(loginUser);
}
ClaimsPrincipal CreateClaimsPrincipal()
{
//初始化身份卡片
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, loginUser.UserName), //用户名
new Claim(ClaimTypes.UserData, loginUser.Fid), //用户Fid
new Claim(ClaimTypes.NameIdentifier, loginUser.UserIdentity), //员工Fid
new Claim(ClaimTypes.Surname, emp.EmpName), //员工姓名
new Claim(ClaimTypes.PrimarySid, emp.DeptUid ?? "-"), //员工部门
new Claim(ClaimTypes.PrimaryGroupSid, emp.DeptCode ?? ""), //部门编码
new Claim(ClaimTypes.System, emp.DeptUidMC ?? ""), //部门名称
new Claim(ClaimTypes.DenyOnlyPrimaryGroupSid, emp.GroupUid ?? ""), //集团
new Claim(ClaimTypes.DenyOnlyPrimarySid, emp.OrgUid ?? ""), //组织
new Claim(ClaimTypes.Sid, currLanguage), //语言
new Claim(ClaimTypes.Actor, emp.EmpPhoto), //用户图像
new Claim(ClaimTypes.Role, loginUser.UserRole) //角色普通用户
};
//组装身份
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
return(new ClaimsPrincipal(claimsIdentity));
}
AuthenticationProperties CreateAuthenticationProperties()
{
return(new AuthenticationProperties
{
//AllowRefresh = <bool>,
// Refreshing the authentication session should be allowed.
//ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(1),
// The time at which the authentication ticket expires. A
// value set here overrides the ExpireTimeSpan option of
// CookieAuthenticationOptions set with AddCookie.
IsPersistent = true,
// Whether the authentication session is persisted across
// multiple requests. Required when setting the
// ExpireTimeSpan option of CookieAuthenticationOptions
// set with AddCookie. Also required when setting
// ExpiresUtc.
//IssuedUtc = <DateTimeOffset>,
// The time at which the authentication ticket was issued.
//RedirectUri = <string>
// The full path or absolute URI to be used as an http
// redirect response value.
});
}
LocalRedirectResult Redirect()
{
if (returnUrl.IsMissing())
{
if (userpwd == _configService.GetSysParamValue("employee.user.password"))
{
//等于默认密码需要跳转到修改密码页
return(LocalRedirect("~/Home/MainFrame#Home/ResetPassword/1"));
}
else
{
if (_rbacService.IsCEO(emp.Fid))
{
return(LocalRedirect("~/Home/MainFrame#System/Report/CEOChart"));
}
else
{
return(LocalRedirect(_configService.GetSysParamValue(HomeUrl)));
}
}
}
else
{
return(LocalRedirect(HttpUtility.UrlDecode(returnUrl)));
}
}
}
