// PUT api/password/{username} // 用于修改自己的密码 public void Put(string id, Password_API_Put password) { this.CheckUserName(id); this.CheckAdministrator(id); //解密出明文密码 string strPwdToSet = WebApiServerHelper.DecodeConfidentialMessage(password.Password, this.GetUserTwiceMd5Pwd()); if (string.IsNullOrEmpty(strPwdToSet) || !Regex.IsMatch(password.Password, Verifier.REG_EXP_PASSWORD)) { throw new WebApiException(WebApiExceptionCode.IncorrectArgument, Verifier.ERRMSG_REG_EXP_PASSWORD); } Managers.s_userManager.SetPassword(id, strPwdToSet); }
protected WebApiPrincipal GetWebApiPrincipal(string strName, string strKey, HttpActionContext actionContext) { //获取用户基本信息(包括经过二次MD5加密的密码) UserInfo_BLL userBll = Managers.s_userManager.GetUser(strName); if (userBll != null) { string strEncryptedPassword = Managers.s_userManager.GetEncryptedPwdOfUser(strName); try { Guid guidRequest = Guid.Empty; if (!WebApiServerHelper.VerifyAuthKey(strName, strKey, actionContext.Request.RequestUri.ToString(), strEncryptedPassword, ref guidRequest)) { return(null); } //判断GUID防止重发攻击 if (!GlobalServerData.s_guidsetRequest.IsExistAndAdd(guidRequest)) { return(null); } return(new WebApiPrincipal(new WebApiIdentity { Name = userBll.UserName, DispName = userBll.RealName, Password = strEncryptedPassword, Role = userBll.Role })); } catch (Exception) { //Ignore any exception } } return(null); }