Ejemplo n.º 1
0
        public ActionResult Login(string username, string password, string shop, string returnUrl)
        {
            try
            {

                var user = UserExtension.Instance.GetUserInfo(username, shop) as App.Framework.Security.User;

                if (user != null)
                    SecurityPortal.ValidateUser(username,user.UserDescription, password, shop, UserExtension.Instance);
                else
                    throw new SecurityExceptionToUser("用户不存在");
                //BusinessPortal.Execute(new SaveAudit()
                //                           {
                //                               ACTION_TYPE = AcionType.LOGIN.ToString(),
                //                               SHOP_CODE = shop,
                //                               USER_ID = UserExtension.Instance.GetUserInfo(username, shop).UserIdentity.AsInt()

                //                           });
                GetUserByUserName u = new GetUserByUserName()
                {
                    UserName = username
                };

                GetUserLoginIp loginIP = new GetUserLoginIp()
                {
                    USER_ID = user.UserId
                };
                BusinessPortal.Execute(loginIP);
                var enableFlag = "false";//System.Configuration.ConfigurationManager.AppSettings["EnableUserLoginLock"];
                if (enableFlag.Equals("true", StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(loginIP.LOGIN_IP) && loginIP.LOGIN_IP != Request.UserHostAddress)
                {
                    FormsAuthentication.SignOut();
                    throw new SecurityExceptionToUser(string.Format(CSC.Resources.Account.UserLoginedIPFormat, loginIP.LOGIN_IP));
                }

                UserIP userIp = new UserIP()
                {
                    USER_ID = user.UserId,
                    IP = Request.UserHostAddress
                };
                System.Text.RegularExpressions.Regex reg = new System.Text.RegularExpressions.Regex(@"(\d{1,3}.){3}\d{1,3}");
                if (reg.IsMatch(userIp.IP))
                    BusinessPortal.Execute(userIp);

                //Initial logon password change
                if (SecurityPortal.InitialLogonChangePassword)
                {
                    if (UserExtension.Instance.CheckInitialLogin(user.UserId))
                    {
                        var rolteValues = App.Framework.Web.Pager.Util.GetRouteValueDictionary(HttpContext, null);

                        return RedirectToAction("InitialPwdChange", rolteValues);
                    }
                }

                if (string.IsNullOrEmpty(shop))
                {
                    var rolteValues = App.Framework.Web.Pager.Util.GetRouteValueDictionary(HttpContext, null);

                    return RedirectToAction("LogInToShop", rolteValues);
                }

                if (string.IsNullOrEmpty(returnUrl))
                    return Redirect("~/");
                return Redirect(returnUrl);
            }
            catch (SecurityExceptionToUser ex)
            {
                ModelState.AddModelError("err", ex.Message);
            }

            return Login();
        }
Ejemplo n.º 2
0
        public ActionResult SignOut(string returnUrl)
        {
            if (string.IsNullOrEmpty(returnUrl) == true)
                returnUrl = "~/Account/Login";

            //取消身份验证
            FormsAuthentication.SignOut();

            UserIP uIp = new UserIP()
            {
                USER_ID = App.Framework.Security.User.Current.UserId,
                IP = null
            };

            BusinessPortal.Execute(uIp);

            Session.Abandon();
            Session.Clear();
            //清除用户权限缓存
            PermissionsProviderFactory.ProvidePermissions.ClearUserIdentity(HttpContext.User.Identity.Name);

            return Redirect(returnUrl);
        }