public bool LoginYes(string Account, string Password, out string roles) { UserInfo userInfo = new UserInfo(); try { userInfo = User_dal.GetPswAndRoleAndSaltModel(Account); } catch (Exception e) { throw new Exception("查询出错 UserLogin_bll LoginYes"); } string Salt = userInfo.salt; string realPassword = userInfo.passwords; //将盐值加在密码的后面,并转化为二进制 byte[] pwdAndSaltBytes = System.Text.Encoding.UTF8.GetBytes(Password + Salt); //经过哈希算法加密后得到的二进制值 byte[] hashBytes = new System.Security.Cryptography.SHA256Managed().ComputeHash(pwdAndSaltBytes); string hashPassword = Convert.ToBase64String(hashBytes); //判断密码是否正确 roles = userInfo.roles; if (realPassword == hashPassword) { return(true); } else { return(false); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { string account = (string)filterContext.HttpContext.Session["Account"]; if (account == null) { filterContext.Result = new RedirectResult("/Login/SALogin"); } else { UserInfo user = User_dal.GetPswAndRoleAndSaltModel(account); if (user.roles != "管理员") { filterContext.Result = new RedirectResult("/Login/SALogin"); } } base.OnActionExecuting(filterContext); }