Ejemplo n.º 1
0
        /// <summary>
        /// 客户信息平台的接收邮箱认证解密地址
        /// 作者:周涛      时间:2009-9-09
        /// </summary>
        public static List <string> DecryptEmailURL(string URL, HttpContext context)
        {
            List <string> list = new List <string>();

            try
            {
                string[] arrTemp = URL.Split('=');
                URL = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(arrTemp[1]))));
                string[]      arrParam = URL.Split('$');
                SPInfoManager spInfo   = new SPInfoManager();
                Object        SPData   = spInfo.GetSPData(context, "SPData");
                string        key      = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
                string        Digest   = CryptographyUtil.GenerateAuthenticator(arrParam[0] + "$" + arrParam[1] + "$" + arrParam[2], key);
                if (Digest.Equals(arrParam[3]))
                {
                    for (int i = 0; i < arrParam.Length - 1; i++)
                    {
                        list.Add(arrParam[i]);
                    }
                }
                else
                {
                    list = null;
                }
            }
            catch (System.Exception ex)
            {
                list = null;
            }

            return(list);
        }
Ejemplo n.º 2
0
    public BasePage()
    {
        //
        // TODO: 在此处添加构造函数逻辑
        //
        String RealName, NickName, OuterID, CustType, LoginAuthenName, LoginAuthenType;
        HttpCookie cookie = HttpContext.Current.Request.Cookies[CookieName];
        if (cookie == null)
        {
            CommonBizRules.ErrorHappenedRedircet(result, ErrMsg, "您尚未登录,请登录", this.Context);
            return;
        }
        string strCIPToken = HttpContext.Current.Request.Cookies.Get(CookieName).Value;

        if (CommonUtility.IsEmpty(strCIPToken))
        {
            CommonBizRules.ErrorHappenedRedircet(result, ErrMsg, "您尚未登录,请登录", this.Context);
            return;
        }

        SPInfoManager spInfo = new SPInfoManager();
        Object SPData = spInfo.GetSPData(HttpContext.Current, "SPData");
        string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
        UserToken UT = new UserToken();
        result = UT.ParseUserToken(strCIPToken, key, out custID, out RealName, out userName, out NickName, out OuterID, out CustType, out LoginAuthenName, out LoginAuthenType, out ErrMsg);
        //如果验证成功则重新生成Cookie以更新超时时间
        if (result == 0)
        {
            string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, OuterID, CustType, LoginAuthenName, LoginAuthenType, key, out ErrMsg);

            PageUtility.SetCookie(CookieName, UserTokenValue);
        }
        //this.custID = "117663768";//117663768,26251932
    }
Ejemplo n.º 3
0
        /// <summary>
        /// 根据不同的业务系统提供的url对url参数进行解析
        /// 最终list<string>一次是:CustID、Email、Time和Digest
        /// </summary>
        public static List <String> DecryptEmailURL(String SPID, String CustID, String Email, String Url, HttpContext context)
        {
            List <String> list = new List <String>();

            try
            {
                String   urlParameter     = Url.Split('=')[1];
                String   decryptParameter = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(urlParameter))));
                String[] parArray         = decryptParameter.Split('$');
                //获取对应SPID的key
                SPInfoManager spInfo = new SPInfoManager();
                Object        SPData = spInfo.GetSPData(context, "SPData");
                String        key    = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
                string        Digest = CryptographyUtil.GenerateAuthenticator(parArray[0] + "$" + parArray[1] + "$" + parArray[2], key);
                if (Digest.Equals(parArray[3]))
                {
                    for (int i = 0; i < parArray.Length - 1; i++)
                    {
                        list.Add(parArray[i]);
                    }
                }
                else
                {
                    list = null;
                }
            }
            catch (Exception ex)
            {
                list = null;
            }

            return(list);
        }
Ejemplo n.º 4
0
        /// <summary>
        /// 解析积分商城登录(login2.aspx)的请求参数
        /// 比以前login.aspx多了AuthenName和Password
        /// </summary>
        public static int ParseJFLoginRequest(string SourceStr, HttpContext context, out string SPID, out string UAProvinceID,
                                              out string AuthenType, out string AuthenName, out string Password, out string ReturnURL, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;

            ErrMsg       = "";
            SPID         = "";
            UAProvinceID = "";
            AuthenType   = "";
            AuthenName   = "";
            Password     = "";
            ReturnURL    = "";
            string TimeStamp = "";
            string Digest    = "";

            try
            {
                string[] alSourceStr = SourceStr.Split('$');
                SPID = alSourceStr[0].ToString();

                SPInfoManager spInfo            = new SPInfoManager();
                Object        SPData            = spInfo.GetSPData(context, "SPData");
                string        ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
                // string ScoreSystemSecret = System.Configuration.ConfigurationManager.AppSettings["ScoreSystemSecret"]
                string EncryptSourceStr = alSourceStr[1].ToString();

                string   RequestStr = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret);
                string[] alRequest  = RequestStr.Split('$');
                //加密方式:Base64(Encrypt(UAProvinceID + “$” + SourceType+ “$”ReturnURL + “$”+ TimeStamp + “$”+ Digest))
                //Digest = Base64(Hash(UAProvinceID  + “$”+ SourceType + “$” + ReturnURL + “$”+ TimeStamp))

                UAProvinceID = alRequest[0].ToString();
                AuthenType   = alRequest[1].ToString();
                AuthenName   = alRequest[2].ToString();
                Password     = alRequest[3].ToString();
                ReturnURL    = alRequest[4].ToString();
                TimeStamp    = alRequest[5].ToString();
                Digest       = alRequest[6].ToString();

                //校验摘要 Digest 信息
                string NewDigest = UAProvinceID + "$" + AuthenType + "$" + AuthenName + "$" + Password + "$" + ReturnURL + "$" + TimeStamp;
                NewDigest = CryptographyUtil.GenerateAuthenticator(NewDigest, ScoreSystemSecret);
                if (Digest != NewDigest)
                {
                    Result = ErrorDefinition.IError_Result_InValidAuthenticator_Code;
                    ErrMsg = "无效的Digest";
                    return(Result);
                }

                Result = 0;
            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }

            return(Result);
        }
Ejemplo n.º 5
0
        /// <summary>
        /// 根据SPID 获取SP外部系统ID
        /// </summary>
        public static string GetSPOuterIDBySPID(string SPID, HttpContext context)
        {
            string        Result = "";
            SPInfoManager spInfo = new SPInfoManager();
            Object        SPData = spInfo.GetSPData(context, "SPData");

            Result = spInfo.GetPropertyBySPID(SPID, "SPOuterID", SPData);
            return(Result);
        }
Ejemplo n.º 6
0
        /// <summary>
        /// 根据SPID对业务平台加密的数据进行验证
        /// </summary>
        public static Int32 ValidateSPIDData(String SPID, String encryptStr, out String ErrMsg)
        {
            Int32 result = ErrorDefinition.BT_IError_Result_UnknowError_Code;

            ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg;
            try
            {
                //根据SPID获取key
                SPInfoManager spinfo = new SPInfoManager();
                Object        SPData = spinfo.GetSPData(HttpContext.Current, "SPData");
                String        key    = spinfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

                //根据key无法解密则数据或key不正确
                String decryptStr = CryptographyUtil.Decrypt(encryptStr, key);
                if (String.IsNullOrEmpty(decryptStr))
                {
                    ErrMsg = "数据解密出错";
                    return(result);
                }

                //数组最少为2维:原始数据+Digest
                String[] tempArray = decryptStr.Split('$');
                Int32    len       = tempArray.Length;
                if (len <= 2)
                {
                    ErrMsg = "数据格式有误";
                    return(result);
                }

                String        Digest  = tempArray[len - 1];
                StringBuilder tempStr = new StringBuilder();
                Int32         i       = 0;
                foreach (String temp in tempArray)
                {
                    if (i == len - 1)
                    {
                        break;
                    }
                    tempStr.Append(temp + "$");
                    i++;
                }

                String newDigest = CryptographyUtil.Encrypt(tempStr.ToString().TrimEnd('$'), key);
                if (newDigest.Equals(Digest))
                {
                    result = 0;
                }
            }
            catch (Exception ex)
            {
                ErrMsg += ex.Message;
            }

            return(result);
        }
Ejemplo n.º 7
0
        /// <summary>
        /// 根据业务系统提供的URL加密并发送邮件
        /// </summary>
        public static String EncryptEmailURl_Client(String SPID, String CustID, String Email, String AuthenCode, HttpContext context)
        {
            String        timeTamp       = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
            SPInfoManager spInfo         = new SPInfoManager();
            Object        SPData         = spInfo.GetSPData(context, "SPData");
            String        key            = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
            String        Digest         = CryptographyUtil.GenerateAuthenticator(SPID + "$" + CustID + "$" + Email + "$" + AuthenCode + "$" + timeTamp, key);
            String        AuthenStrValue = CryptographyUtil.ToBase64String(Encoding.UTF8.GetBytes(CryptographyUtil.Encrypt(SPID + "$" + CustID + "$" + Email + "$" + AuthenCode + "$" + timeTamp + "$" + Digest)));

            return(AuthenStrValue);
        }
Ejemplo n.º 8
0
    protected void CreateSPTokenRequest()
    {
        SPInfoManager spInfo = new SPInfoManager();
        Object SPData = spInfo.GetSPData(this.Context, "SPData");
        string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

        String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); ;

        UserToken UT = new UserToken();
        newSPTokenRequest = UT.GenerateBestAccountMainUserTokenM(CustID, ReturnUrl, TimeStamp, ScoreSystemSecret, out ErrMsg);
        newSPTokenRequest = HttpUtility.UrlEncode(SPID + "$" + newSPTokenRequest);
    }
Ejemplo n.º 9
0
        /// <summary>
        /// IP是否允许访问
        /// 作者:苑峰      时间:2009-8-11
        /// 修改:          时间:
        /// </summary>
        public static int CheckIPLimit(string SPID, string IP, HttpContext context, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;

            ErrMsg = "";
            DataTable dt = null;

            try
            {
                string IsIPLimit = System.Configuration.ConfigurationManager.AppSettings["IsIPLimit"];
                //若不启用则返回允许
                if (IsIPLimit == "1")
                {
                    Result = 0;
                    return(Result);
                }
                //根据传入IP获取IPNumber
                long IPNumber = CommonBizRules.GetIPAddressIPNumber(IP);
                //从缓存中获取数据
                SPInfoManager spInfo       = new SPInfoManager();
                SPIPListData  SPIPListData = (SPIPListData)spInfo.GetSPData(context, "SPIPListData");

                dt = SPIPListData.Tables[SPIPListData.TableName];
                long StartIPIPNumber = 0;
                long EndIPIPNumber   = 0;
                for (int i = 0; i < dt.Rows.Count; i++)
                {
                    if (SPID == dt.Rows[i][SPIPListData.Field_SPID].ToString())
                    {
                        StartIPIPNumber = long.Parse(dt.Rows[i][SPIPListData.Field_StartIPNumber].ToString());
                        EndIPIPNumber   = long.Parse(dt.Rows[i][SPIPListData.Field_EndIPNumber].ToString());
                        //如果IP在限制列表中则成功
                        if (IPNumber >= StartIPIPNumber && IPNumber <= EndIPIPNumber)
                        {
                            Result = 0;
                            return(Result);
                        }
                    }
                }

                Result = ErrorDefinition.BT_IError_Result_BizIPLimit_Code;
                ErrMsg = ErrorDefinition.BT_IError_Result_BizIPLimit_Msg;
            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }

            return(Result);
        }
Ejemplo n.º 10
0
 protected void CreateSPTokenRequest()
 {
     SPID = "35433334";
     SPInfoManager spInfo = new SPInfoManager();
     Object SPData = spInfo.GetSPData(this.Context, "SPData");
     string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
     UAProvinceID = "02";
     SourceType = "4";
     ReturnURL = "http://114yg.cn";  // 这里问翼购要地址 wap的
     TimeStamp = DateTime.Now.ToString("yyyyMMddHHmmss");
     Digest = CryptographyUtil.GenerateAuthenticator(UAProvinceID + "$" + SourceType + "$" + ReturnURL + "$" + TimeStamp, ScoreSystemSecret);
     EncryptStr = CryptographyUtil.Encrypt(UAProvinceID + "$" + SourceType + "$" + ReturnURL + "$" + TimeStamp + "$" + Digest, ScoreSystemSecret);
     SPTokenRequest = HttpUtility.UrlEncode(SPID + "$" + EncryptStr);
 }
Ejemplo n.º 11
0
    protected void CreateNewSPTokenRequest()
    {
        SPInfoManager spInfo = new SPInfoManager();
        Object SPData = spInfo.GetSPData(this.Context, "SPData");
        string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

        //string RequestStr = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret);
        String _HeadFooter = "yes";
        String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); ;

        UserToken UT = new UserToken();
        newSPTokenRequest = UT.GenerateBestAccountMainUserToken(CustID, ReturnUrl, _HeadFooter, TimeStamp, ScoreSystemSecret, out ErrMsg);
        newSPTokenRequest = HttpUtility.UrlEncode(SPID + "$" + newSPTokenRequest);
    }
Ejemplo n.º 12
0
        /// <summary>
        /// 解析开通号码百事通账号SPTokenRequest
        /// </summary>

        public static int ParseBesttoneAccountPageRequest(string SourceStr, HttpContext context, out string SPID, out string CustID,
                                                          out string HeadFooter, out string ReturnURL, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;

            ErrMsg     = "";
            SPID       = "";
            CustID     = "";
            HeadFooter = "";
            ReturnURL  = "";
            string TimeStamp = "";
            string Digest    = "";

            try
            {
                string[] alSourceStr = SourceStr.Split('$');
                SPID = alSourceStr[0].ToString();
                SPInfoManager spInfo            = new SPInfoManager();
                Object        SPData            = spInfo.GetSPData(context, "SPData");
                string        ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
                string        EncryptSourceStr  = alSourceStr[1].ToString();
                string        RequestStr        = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret);
                string[]      alRequest         = RequestStr.Split('$');

                //加密顺序:URLEncoding(SPID + "$" + Base64(Encrypt(CustId + "$"  + ReturnURL + "$" + HeadFooter + "$" + TimeStamp + "$" + Digest)))
                //Digest = Base64(Encrypt(Hash(CustId + "$"+ReturnURL +"$"+ HeadFooter "$"+TimeStamp)))
                CustID     = alRequest[0].ToString();
                ReturnURL  = alRequest[1].ToString();
                HeadFooter = alRequest[2].ToString();
                TimeStamp  = alRequest[3].ToString();
                Digest     = alRequest[4].ToString();
                //校验摘要 Digest 信息
                string NewDigest = CryptographyUtil.GenerateAuthenticator(CustID + "$" + ReturnURL + "$" + HeadFooter + "$" + TimeStamp, ScoreSystemSecret);
                if (Digest != NewDigest)
                {
                    Result = ErrorDefinition.IError_Result_InValidAuthenticator_Code;
                    ErrMsg = "无效的Digest";
                    return(Result);
                }

                Result = 0;
            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }
            return(Result);
        }
Ejemplo n.º 13
0
        /// <summary>
        /// ������ͨ�������ͨ�˺�SPTokenRequest
        /// </summary>
        public static int ParseBesttoneAccountPageRequest(string SourceStr, HttpContext context, out string SPID, out string CustID,
            out string HeadFooter,out string ReturnURL, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;
            ErrMsg = "";
            SPID = "";
            CustID = "";
            HeadFooter = "";
            ReturnURL = "";
            string TimeStamp = "";
            string Digest = "";
            try
            {
                string[] alSourceStr = SourceStr.Split('$');
                SPID = alSourceStr[0].ToString();
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(context, "SPData");
                string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
                string EncryptSourceStr = alSourceStr[1].ToString();
                string RequestStr = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret);
                string[] alRequest = RequestStr.Split('$');

                //����˳��URLEncoding(SPID + "$" + Base64(Encrypt(CustId + "$"  + ReturnURL + "$" + HeadFooter + "$" + TimeStamp + "$" + Digest)))
                //Digest = Base64(Encrypt(Hash(CustId + "$"+ReturnURL +"$"+ HeadFooter "$"+TimeStamp)))
                CustID = alRequest[0].ToString();
                ReturnURL = alRequest[1].ToString();
                HeadFooter = alRequest[2].ToString();
                TimeStamp = alRequest[3].ToString();
                Digest = alRequest[4].ToString();
                //У��ժҪ Digest ��Ϣ
                string NewDigest = CryptographyUtil.GenerateAuthenticator(CustID + "$" + ReturnURL + "$" + HeadFooter + "$" + TimeStamp, ScoreSystemSecret);
                if (Digest != NewDigest)
                {
                    Result = ErrorDefinition.IError_Result_InValidAuthenticator_Code;
                    ErrMsg = "����Digest";
                    return Result;
                }

                Result = 0;
            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }
            return Result;
        }
Ejemplo n.º 14
0
        /// <summary>
        /// 接口访问权限判断
        /// 作者:苑峰      时间:2009-8-11
        /// 修改:          时间:
        /// </summary>
        public static int CheckInterfaceLimit(string SPID, string InterfaceName, HttpContext context, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;

            ErrMsg = "";
            DataTable dt = null;

            try
            {
                string IsInterfaceLimit = System.Configuration.ConfigurationManager.AppSettings["IsInterfaceLimit"];
                //若不启用则返回允许
                if (IsInterfaceLimit == "1")
                {
                    Result = 0;
                    return(Result);
                }
                //从缓存中获取数据
                SPInfoManager        spInfo = new SPInfoManager();
                SPInterfaceLimitData SPInterfaceLimitData = (SPInterfaceLimitData)spInfo.GetSPData(context, "SPInterfaceLimitData");

                dt = SPInterfaceLimitData.Tables[SPInterfaceLimitData.TableName];
                string tmpInterfaceName = "";
                for (int i = 0; i < dt.Rows.Count; i++)
                {
                    if (SPID == dt.Rows[i][SPInterfaceLimitData.Field_SPID].ToString())
                    {
                        tmpInterfaceName = dt.Rows[i][SPInterfaceLimitData.Field_InterfaceName].ToString().Trim();
                        //如果IP在限制列表中则成功
                        if (tmpInterfaceName == InterfaceName)
                        {
                            Result = 0;
                            return(Result);
                        }
                    }
                }

                Result = ErrorDefinition.BT_IError_Result_BizInterfaceLimit_Code;
                ErrMsg = ErrorDefinition.BT_IError_Result_BizInterfaceLimit_Msg;
            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }

            return(Result);
        }
Ejemplo n.º 15
0
        /// <summary>
        /// �ӿڷ���Ȩ���ж�
        /// ���ߣ�Է��      ʱ�䣺2009-8-11
        /// �޸ģ�          ʱ�䣺
        /// </summary>
        public static int CheckInterfaceLimit(string SPID, string InterfaceName, HttpContext context, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;
            ErrMsg = "";
            DataTable dt = null;
            try
            {
                string IsInterfaceLimit = System.Configuration.ConfigurationManager.AppSettings["IsInterfaceLimit"];
                //��������򷵻�����
                if(IsInterfaceLimit=="1")
                {
                    Result = 0;
                    return Result;
                }
                //�ӻ����л�ȡ����
                SPInfoManager spInfo = new SPInfoManager();
                SPInterfaceLimitData SPInterfaceLimitData = (SPInterfaceLimitData)spInfo.GetSPData(context, "SPInterfaceLimitData");

                dt = SPInterfaceLimitData.Tables[SPInterfaceLimitData.TableName];
                string tmpInterfaceName = "";
                for (int i = 0; i < dt.Rows.Count; i++)
                {
                    if (SPID == dt.Rows[i][SPInterfaceLimitData.Field_SPID].ToString())
                    {
                        tmpInterfaceName = dt.Rows[i][SPInterfaceLimitData.Field_InterfaceName].ToString().Trim();
                        //����ɣ��������б�����ɹ�
                        if (tmpInterfaceName == InterfaceName)
                        {
                            Result = 0;
                            return Result;
                        }
                    }
                }

                Result = ErrorDefinition.BT_IError_Result_BizInterfaceLimit_Code;
                ErrMsg = ErrorDefinition.BT_IError_Result_BizInterfaceLimit_Msg;

            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }

            return Result;
        }
Ejemplo n.º 16
0
        /// <summary>
        /// 客户信息平台的接收邮箱认证加密地址
        /// 作者:周涛      时间:2009-9-09
        /// </summary>
        public static string EncryptEmailURl(string CustID, string Email, HttpContext context)
        {
            StringBuilder URL = new StringBuilder();

            URL.Append(ConfigurationManager.AppSettings["EmailAuthenURL"].ToString());
            string        datetime       = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
            SPInfoManager spInfo         = new SPInfoManager();
            Object        SPData         = spInfo.GetSPData(context, "SPData");
            string        key            = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
            string        Digest         = CryptographyUtil.GenerateAuthenticator(CustID + "$" + Email + "$" + datetime, key);
            string        AuthenStrValue = CryptographyUtil.ToBase64String(Encoding.UTF8.GetBytes(CryptographyUtil.Encrypt(CustID + "$" +
                                                                                                                           Email + "$" + datetime + "$" + Digest)));

            URL.Append("=");
            URL.Append(HttpUtility.UrlEncode(AuthenStrValue));
            return(URL.ToString());
        }
Ejemplo n.º 17
0
        /// <summary>
        /// 生成返回字符串
        /// </summary>
        public static string GenerateResStr(string SPID, string CustID, int Result, string ErrMsg, HttpContext context)
        {
            string ResStr = "";

            SPInfoManager spInfo            = new SPInfoManager();
            Object        SPData            = spInfo.GetSPData(context, "SPData");
            string        ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

            // Digest = Base64(Hash(ExpireTime +“$” +CustID + “$”+Result + “$”+ErrMsg))
            int    SSOExpire  = int.Parse(ConfigurationSettings.AppSettings["SSOExpire"]);
            string ExpireTime = DateTime.Now.AddSeconds(SSOExpire).ToString("yyyy-MM-dd HH:mm:ss");

            StringBuilder sbDigest = new StringBuilder();

            sbDigest.Append(ExpireTime);
            sbDigest.Append("$");
            sbDigest.Append(CustID);
            sbDigest.Append("$");
            sbDigest.Append(Result.ToString());
            sbDigest.Append("$");
            sbDigest.Append(ErrMsg);

            string Digest = sbDigest.ToString();

            Digest = CryptographyUtil.GenerateAuthenticator(Digest, ScoreSystemSecret);

            StringBuilder sbRes = new StringBuilder();

            sbRes.Append(Result.ToString());
            sbDigest.Append("$");
            sbRes.Append(CustID);
            sbDigest.Append("$");
            sbRes.Append(ExpireTime);
            sbDigest.Append("$");
            sbRes.Append(ErrMsg);
            sbDigest.Append("$");
            sbRes.Append(Digest);
            ResStr = sbRes.ToString();
            ResStr = CryptographyUtil.Encrypt(ResStr, ScoreSystemSecret);
            //SPTokenResponseValue = URLEncoding(SPID + “$”+ Base64(Encrypt (Result + “$” + CustID + “$” + ExpireTime + “$”+ErrMsg + “$”+ Digest)))
            ResStr = HttpUtility.UrlEncode(SPID + "$" + ResStr);

            return(ResStr);
        }
Ejemplo n.º 18
0
    protected void Page_Load(object sender, EventArgs e)
    {
        top_welcome.InnerHtml = welcome;
        string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
        if (PageUtility.IsCookieExist(CookieName, this.Context))
        {
            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(this.Context, "SPData");
            string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
            UserToken UT = new UserToken();
            string strCIPToken = Request.Cookies.Get(CookieName).Value;
            string custID;
            string realName;
            string userName;
            string nickName;
            string outerID;
            string custType;
            string loginAuthenName;
            string loginAuthenType;
            string errMsg;
            int result = UT.ParseUserToken(strCIPToken, key, out custID, out realName, out userName, out nickName, out outerID, out custType, out loginAuthenName, out loginAuthenType, out errMsg);

            if (result==0){

                if (realName!=null&&! "".Equals(realName))
                {
                    top_name.InnerHtml = "您好," + realName;
                }
                else if (nickName != null && !"".Equals(nickName))
                {
                    top_name.InnerHtml = "您好," + nickName;
                }
                else if (userName != null && !"".Equals(userName))
                {
                    top_name.InnerHtml = "您好," + userName;
                }

            }

        }
    }
Ejemplo n.º 19
0
        /// <summary>
        /// ���ɷ����ַ���
        /// </summary>
        public static string GenerateResStr(string SPID, string CustID, int Result, string ErrMsg,HttpContext context)
        {
            string ResStr = "";

            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(context, "SPData");
            string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

            // Digest = Base64(Hash(ExpireTime +��$�� ��CustID + ��$��+Result + ��$��+ErrMsg))
            int SSOExpire = int.Parse(ConfigurationSettings.AppSettings["SSOExpire"]);
            string ExpireTime = DateTime.Now.AddSeconds(SSOExpire).ToString("yyyy-MM-dd HH:mm:ss");

            StringBuilder sbDigest = new StringBuilder();
            sbDigest.Append(ExpireTime);
            sbDigest.Append("$");
            sbDigest.Append(CustID);
            sbDigest.Append("$");
            sbDigest.Append(Result.ToString());
            sbDigest.Append("$");
            sbDigest.Append(ErrMsg);

            string Digest = sbDigest.ToString();
            Digest = CryptographyUtil.GenerateAuthenticator(Digest, ScoreSystemSecret);

            StringBuilder sbRes = new StringBuilder();
            sbRes.Append(Result.ToString());
            sbDigest.Append("$");
            sbRes.Append(CustID);
            sbDigest.Append("$");
            sbRes.Append(ExpireTime);
            sbDigest.Append("$");
            sbRes.Append(ErrMsg);
            sbDigest.Append("$");
            sbRes.Append(Digest);
            ResStr = sbRes.ToString();
            ResStr = CryptographyUtil.Encrypt(ResStr, ScoreSystemSecret);
            //SPTokenResponseValue = URLEncoding(SPID + ��$��+ Base64(Encrypt (Result + ��$�� + CustID + ��$�� + ExpireTime + ��$��+ErrMsg + ��$��+ Digest)))
            ResStr = HttpUtility.UrlEncode(SPID + "$" + ResStr);

            return ResStr;
        }
Ejemplo n.º 20
0
        /// <summary>
        /// ����SPID��ҵ��ƽ̨���ܵ����ݽ�����֤
        /// </summary>
        public static Int32 ValidateSPIDData(String SPID,String encryptStr,out String ErrMsg)
        {
            Int32 result = ErrorDefinition.BT_IError_Result_UnknowError_Code;
            ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg;
            try
            {
                //����SPID��ȡkey
                SPInfoManager spinfo = new SPInfoManager();
                Object SPData = spinfo.GetSPData(HttpContext.Current, "SPData");
                String key = spinfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

                //����key�޷����������ݻ�key����ȷ
                String decryptStr = CryptographyUtil.Decrypt(encryptStr, key);
                if (String.IsNullOrEmpty(decryptStr))
                {
                    ErrMsg = "���ݽ��ܳ���";
                    return result;
                }

                //��������Ϊ2ά��ԭʼ����+Digest
                String[] tempArray = decryptStr.Split('$');
                Int32 len = tempArray.Length;
                if (len <= 2)
                {
                    ErrMsg = "���ݸ�ʽ����";
                    return result;
                }

                String Digest = tempArray[len - 1];
                StringBuilder tempStr = new StringBuilder();
                Int32 i = 0;
                foreach (String temp in tempArray)
                {
                    if (i == len - 1)
                        break;
                    tempStr.Append(temp + "$");
                    i++;
                }

                String newDigest = CryptographyUtil.Encrypt(tempStr.ToString().TrimEnd('$'), key);
                if (newDigest.Equals(Digest))
                    result = 0;
            }
            catch (Exception ex)
            {
                ErrMsg += ex.Message;
            }

            return result;
        }
Ejemplo n.º 21
0
    void DoCallback()
    {
        StringBuilder strLog = new StringBuilder();

            if (CommonUtility.IsParameterExist("ReturnUrl", this.Page))
            {
                ReturnUrl = Request["ReturnUrl"];
            }
            else {
                //Logs.logSave("没有ReturnUrl返回");
                strLog.AppendFormat("没有ReturnUrl返回\r\n");
            }

            if(CommonUtility.IsParameterExist("code", this.Page))
            {
                code = Request["code"];

            }else
            {
                //Logs.logSave("没有code返回");
                strLog.AppendFormat("没有code返回\r\n");
            }
            if (CommonUtility.IsParameterExist("openid", this.Page))
            {
                openid = Request["openid"];
            }else
            {
                //Logs.logSave("没有openid返回");
                strLog.AppendFormat("没有openid返回\r\n");
            }
            if (CommonUtility.IsParameterExist("openkey", this.Page))
            {
                openkey = Request["openkey"];
            }else
            {
                //Logs.logSave("没有openkey返回");
                strLog.AppendFormat("没有openkey返回\r\n");
            }

            //写日志
            //Logs.logSave("返回CODE结果:" + code+",返回的openid:"+openid+",返回的openkey:"+openkey);
            strLog.AppendFormat("返回CODE结果:" + code + ",返回的openid:" + openid + ",返回的openkey:" + openkey+"\r\n");
            //==============通过Authorization Code和基本资料获取Access Token=================
            send_url = "https://open.t.qq.com/cgi-bin/oauth2/access_token?grant_type=authorization_code&client_id=" + client_id + "&client_secret=" + client_secret + "&code=" + code + "&state=" + state + "&redirect_uri=" + Utils.UrlEncode(redirect_uri);
            //https://open.t.qq.com/cgi-bin/oauth2/access_token?client_id=APP_KEY&client_secret=APP_SECRET&redirect_uri=http://www.myurl.com/example&grant_type=authorization_code&code=CODE
            send_url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&client_id=" + client_id + "&client_secret=" + client_secret + "&code=" + code + "&state=" + state + "&redirect_uri=" + Utils.UrlEncode(redirect_uri);
            //写日志
            //Logs.logSave("第二步,通过Authorization Code获取Access Token,发送URL:" + send_url);
            strLog.AppendFormat("第二步,通过Authorization Code获取Access Token,发送URL:" + send_url+"\r\n");
            //发送并接受返回值
            rezult = HttpMethods.HttpGet(send_url);
            // 返回内容:access_token=7a0fae7d2183c0c54ef18589fffe6475&expires_in=604800&refresh_token=15a0d166120bda818cd0782c0b7a8c1a&name=huoxintang
            //写日志
            //Logs.logSave("取得返回结果:" + rezult);
            strLog.AppendFormat("取得返回结果:" + rezult+"\r\n");
            //如果失败
            if (rezult.Contains("error"))
            {
                //出错了
                //写日志
                //Logs.logSave("出错了:" + rezult);
                strLog.AppendFormat("出错了:" + rezult+"\r\n");
                HttpContext.Current.Response.End();
            }
            else
            {

                //======================通过Access Token来获取用户的OpenID 这一步不需要 =======graph需要=======

                string[] parm = rezult.Split('&');

                //取得 access_token
                access_token = parm[0].Split('=')[1];
                //取得 过期时间
                expires_in = parm[1].Split('=')[1];

                //refresh_token = parm[2].Split('=')[1];  用graph 可能没有refresh_token

                //拼接url
                send_url = "https://graph.qq.com/oauth2.0/me?access_token=" + access_token;
                //发送并接受返回值
                rezult = HttpMethods.HttpGet(send_url);
                //写日志
                //Logs.logSave("第三步,发送 access_token:" + send_url);
                strLog.AppendFormat("第三步,发送 access_token:" + send_url+"\r\n");
                //如果失败
                if (rezult.Contains("error"))
                {
                    //出错了
                    //写日志
                    //Logs.logSave("出错了:" + rezult);
                    strLog.AppendFormat("出错了:" + rezult+"\r\n");
                    HttpContext.Current.Response.End();
                }
                //写日志
                //Logs.logSave("得到返回结果:" + rezult);
                strLog.AppendFormat("得到返回结果:" + rezult+"\r\n");

                //取得文字出现
                int str_start = rezult.IndexOf('(') + 1;
                int str_last = rezult.LastIndexOf(')') - 1;

                //取得JSON字符串
                rezult = rezult.Substring(str_start, (str_last - str_start));
                //反序列化JSON
                Dictionary<string, string> _dic = JsonConvert.DeserializeObject<Dictionary<string, string>>(rezult);

                //取值
                _dic.TryGetValue("client_id", out new_client_id);
                _dic.TryGetValue("openid", out openid);

                //储存获取数据用到的信息
                HttpContext.Current.Session["access_token"] = access_token;
                HttpContext.Current.Session["client_id"] = client_id;
                HttpContext.Current.Session["openid"] = openid;
                HttpContext.Current.Session["openkey"] = openkey;

                // 这里张剑锋还拿到了  Level,NickName,Gender

                //========继续您的业务逻辑编程==========================================

                //取到 openId
                //openId与您系统的user数据进行关联
                //一个openid对应一个QQ,一个openid也要对应到您系统的一个账号:QQ--OpenId--User;
                //这个时候有两种情况:
                //【1】您让用户绑定系统已有的用户,那么让用户输入用户名密码,找到该用户,然后绑定OpenId
                //【2】为用户生成一个系统用户,直接绑定OpenId

                //上面完成之后,设置用户的登录状态,完整绑定和登录

                //=============通过Access Token和OpenID来获取用户资料  ====
                send_url = "https://open.t.qq.com/api/user/info?access_token=" + access_token + "&oauth_consumer_key=" + client_id + "&openid=" + openid + "&openkey=" + openkey + "&oauth_version=2.a";
                //https://open.t.qq.com/api/user/info?access_token=7a0fae7d2183c0c54ef18589fffe6475&oauth_consumer_key=801210600&openid=65FCC7BC2B69619BC13BCF6C16FB06C3&oauth_version=2.a&openkey=05FB5E1C75119B141BAD0444C6EA41CE
                send_url = "https://graph.qq.com/user/get_user_info?access_token=" + access_token + "&oauth_consumer_key=" + client_id + "&openid=" + openid + "&openkey=" + openkey + "&oauth_version=2.a";

                //发送并接受返回值
                //Logs.logSave("发送send_url:" + send_url);
                strLog.AppendFormat("发送send_url:" + send_url+"\r\n");
                rezult = HttpMethods.HttpGet(send_url);
                //写日志
                //Logs.logSave("第四步,通过get_user_info方法获取数据:" + send_url);
                //Logs.logSave("rezult:" + rezult);
                strLog.AppendFormat("第四步,通过get_user_info方法获取数据:" + send_url+"\r\n");
                strLog.AppendFormat("rezult:" + rezult+"\r\n");
                //反序列化JSON

                /**
                Dictionary<string, object> _data = JsonConvert.DeserializeObject<Dictionary<string, object>>(rezult);
                object jsondata = null;
                _data.TryGetValue("data", out jsondata);
                string js_data = jsondata.ToString();
                Dictionary<string, object> useinfo_data = JsonConvert.DeserializeObject<Dictionary<string, object>>(js_data);
                object nick = null;
                object j_openid = null;
                object sex = null;
                object province_code = null;
                object head = null;
                object j_name = null;
                useinfo_data.TryGetValue("nick", out nick);
                useinfo_data.TryGetValue("openid", out j_openid);
                useinfo_data.TryGetValue("sex", out sex);
                useinfo_data.TryGetValue("province_code", out province_code);
                useinfo_data.TryGetValue("head", out head);
                useinfo_data.TryGetValue("name", out j_name);
                Logs.logSave("=====================");
                Logs.logSave("nickname:" + nick.ToString());
                Logs.logSave("openid:"+j_openid.ToString());
                Logs.logSave("sex:"+sex.ToString());
                Logs.logSave("Province_code:" + province_code.ToString());
                Logs.logSave("head:" + head.ToString());
                Logs.logSave("name:" + j_name.ToString());
                //Logs.logSave("jsondata:" + jsondata);

                **/

                Dictionary<string, string> _dic2 = JsonConvert.DeserializeObject<Dictionary<string, string>>(rezult);

                string ret = "", msg = "", nickname = "", face = "", sex = "",ret_openid="",ret_name="";

                //取值
                _dic2.TryGetValue("ret", out ret);
                _dic2.TryGetValue("msg", out msg);

                //如果失败
                if (ret != "0")
                {
                    //出错了
                    //写日志
                    //Logs.logSave("出错了:" + rezult);
                    strLog.AppendFormat("出错了:" + rezult+"\r\n");
                    //HttpContext.Current.Response.Write(rezult);
                    HttpContext.Current.Response.End();
                }

                _dic2.TryGetValue("nickname", out nickname);
                _dic2.TryGetValue("head", out face);

                _dic2.TryGetValue("gender", out sex);
                _dic2.TryGetValue("openid", out ret_openid);
                _dic2.TryGetValue("name", out ret_name);

                //写日志
                ///Logs.logSave("得到返回结果:" + rezult);
                strLog.AppendFormat("得到返回结果:" + rezult+"\r\n");
                //string newline = "<br>";
                //string str = "";
                //str += "openid:" + openid + newline;
                //str += "昵称:" + nickname + newline;
                //str += "名称:" + ret_name + newline;
                //str += "性别:" + sex + newline;
                //str += "默认头像:" + face + newline;

                //页面输出结果:
                //HttpContext.Current.Response.Write("返回结果如下:" + rezult + newline + newline);

                //HttpContext.Current.Response.Write("经过处理后:" + newline + str);

                /**
                string newline = "<br>";
                string str = "";
                str += "openid:" + j_openid.ToString() + newline;
                str += "昵称:" + nick.ToString() + newline;
                str += "名称:" + j_name.ToString() + newline;
                str += "性别:" + sex.ToString() + newline;
                str += "默认头像:" + head.ToString() + newline;
                str += "省份:" + province_code.ToString() + newline;
                **/

                //页面输出结果:
                //HttpContext.Current.Response.Write("返回结果如下:" + rezult + newline + newline);

                //HttpContext.Current.Response.Write("经过处理后:" + newline + str);

                string CustID = QueryByOpenID(openid);
                if (String.IsNullOrEmpty(CustID)) // 已有绑定关系
                {
                    //直接单点登录
                    string AuthenName = "";
                    string AuthenType = "";
                    string RealName = "";
                    string NickName = "";
                    string UserName = "";
                    string OutID = "";
                    string UserAccount = "";
                    string CustType = "";
                    string ProvinceID = "";

                    string _connectionString = WebConfigurationManager.ConnectionStrings["BestToneCenterConStr"].ConnectionString;

                    SqlConnection con = new SqlConnection(_connectionString);
                    SqlCommand cmd = new SqlCommand("select  RealName,UserName,NickName,OuterID,CustType,SourceSPID from custinfo where custid=@CustID", con);
                    cmd.Parameters.Add("@CustID", SqlDbType.NVarChar, 16).Value = CustID;
                    using (con)
                    {
                        con.Open();
                        SqlDataReader reader = cmd.ExecuteReader();
                        while (reader.Read())
                        {
                             RealName = (string)reader["RealName"];
                             UserName  = (string)reader["UserName"];
                             NickName = (string)reader["NickName"];
                             OutID = (string)reader["OuterID"];
                             CustType = (string)reader["CustType"];
                             SPID = (string)reader["SourceSPID"];
                        }
                    }

                    SPInfoManager spInfo = new SPInfoManager();
                    Object SPData = spInfo.GetSPData(this.Context, "SPData");
                    string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
                    string ErrMsg = "";
                    //生成token并保存
                    UserToken UT = new UserToken();
                    string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, OutID, CustType, AuthenName, AuthenType, key, out ErrMsg);
                    string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
                    PageUtility.SetCookie(CookieName, UserTokenValue);

                    TokenValidate.IsRedircet = false;
                    TokenValidate.Validate();

                    //begin
                    this.ssoFunc();
                    //Response.Redirect(ReturnUrl, true);
                    //end

                }
                else { // 未有绑定关系 (可能有号百账号-则去绑定,可能没有号百账号,则注册)
                    string SelectOauthAssertion = System.Configuration.ConfigurationManager.AppSettings["SelectOauthAssertion"];
                    SelectOauthAssertion = SelectOauthAssertion + "?code=" + openid + "&returnUrl=" + ReturnUrl+"&oauthtype=0";    // 0 代表qq 1代表sina
                    Response.Redirect(SelectOauthAssertion, true);  //SelectOauthAssertion 指向地址:    http://sso.besttone.cn/SSO/boundingV2.action?code=***&returnUrl=***
                    //boundingV2.action 会forward到 他自己的一个auth.jsp ,这个jsp会嵌入两个iframe,其中一个iframe的src,指向客户信息平台的AuthBindLogin.aspx,另个iframe指向 客户信息平台的AuthRegister.aspx
                    //同时分别带上SPTokenRequest和code参数,这个SPTokenRequest参数中的ReturnUrl
                }
            }

            log(strLog.ToString());
    }
Ejemplo n.º 22
0
    protected void Page_Load(object sender, EventArgs e)
    {
        StringBuilder strLog = new StringBuilder();
        string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
        string isLogin = "******";
        string welcomeName = "0";
        string encryptCustIDValue = "0";
        if (PageUtility.IsCookieExist(CookieName, this.Context))
        {
            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(this.Context, "SPData");
            string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
            UserToken UT = new UserToken();
            string strCIPToken = Request.Cookies.Get(CookieName).Value;
            string custID;
            string realName;
            string userName;
            string nickName;
            string outerID;
            string custType;
            string loginAuthenName;
            string loginAuthenType;
            string TimeStamp = "";
            string SPID = "";
            string errMsg = "";
            int result = UT.ParseUserToken(strCIPToken, key, out custID, out realName, out userName, out nickName, out outerID, out custType, out loginAuthenName, out loginAuthenType, out errMsg);
            log("result="+result+";custID="+custID+";outerID="+outerID+"\r\n");
            string json_custinfo = "";
            json_custinfo = json_custinfo + "{";

            if (result == 0)
            {
                isLogin = "******";

                if (realName != null && !"".Equals(realName))
                {
                    welcomeName = realName;
                }
                else if (nickName != null && !"".Equals(nickName))
                {
                    welcomeName = nickName;
                }
                else if (userName != null && !"".Equals(userName))
                {
                    welcomeName = userName;
                }

                json_custinfo = json_custinfo + "isLogin" + ":" + "'" + isLogin + "',";

                json_custinfo = json_custinfo + "welcomeName" + ":" + "'" + realName + "',";

                json_custinfo = json_custinfo + "outerID" + ":" + "'" + outerID + "',";
                //json_custinfo = json_custinfo + "encryptCustIDValue"+":"+"'"+

            }

            if (CommonUtility.IsParameterExist("SPID", this.Page))
            {

                TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
                SPID = Request["SPID"];
                spInfo = new SPInfoManager();
                SPData = spInfo.GetSPData(this.Context, "SPData");
                key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
                string Digest = CryptographyUtil.GenerateAuthenticator(TimeStamp + "$" + custID + "$" + result + "$" + errMsg, key);
                encryptCustIDValue = SPID + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + custID + "$" + result + "$" + errMsg + "$" + Digest, key);
                //string RegistryResponseValue = HttpUtility.UrlEncode(temp);
                json_custinfo = json_custinfo + "encryptCustIDValue" + ":" + "'" + encryptCustIDValue + "'";
            }
            json_custinfo = json_custinfo + "}";

            Response.Write("var o ="+json_custinfo);
        }
        else
        {
            //综合平台渠道udb渠道控制
            String UDBorUnifyPlatform = String.Empty;
            try
            {
                SqlConnection conn = new SqlConnection(DBUtility.BestToneCenterConStr);
                StringBuilder sql = new StringBuilder();
                sql.Append("select platform_name from udb_authen_platform where flag=1 ");   // 1生效  0 失效
                SqlCommand cmd = new SqlCommand(sql.ToString(), conn);
                using (conn)
                {
                    conn.Open();
                    SqlDataReader reader = cmd.ExecuteReader();
                    while (reader.Read())
                    {
                        UDBorUnifyPlatform = (String)reader["platform_name"];
                    }
                }

            }
            catch (Exception ex)
            {
                UDBorUnifyPlatform = System.Configuration.ConfigurationManager.AppSettings["UDBorUnifyPlatform"];
                strLog.AppendFormat("UDBorUnifyPlatform异常:{0}\r\n", ex.ToString());
            }
            strLog.AppendFormat("UDBorUnifyPlatform:{0}\r\n", UDBorUnifyPlatform);

            //单双向sso控制
            String ssoway = String.Empty;
            try
            {
                SqlConnection conn = new SqlConnection(DBUtility.BestToneCenterConStr);
                StringBuilder sql = new StringBuilder();
                sql.Append("select ssoway from unifyAuthen  ");   // 1生效  0 失效
                SqlCommand cmd = new SqlCommand(sql.ToString(), conn);
                using (conn)
                {
                    conn.Open();
                    SqlDataReader reader = cmd.ExecuteReader();
                    while (reader.Read())
                    {
                        ssoway = (String)reader["ssoway"];
                    }
                }

            }
            catch (Exception ex)
            {
                strLog.AppendFormat("ssoway异常:{0}\r\n", ex.ToString());
                ssoway = "1";
            }
            strLog.AppendFormat("ssoway:{0}\r\n", ssoway);
            log(strLog.ToString());

            if (!String.IsNullOrEmpty(UDBorUnifyPlatform))
            {
                if (UDBorUnifyPlatform.ToLower().Equals("unifyplatform") && ssoway.Equals("2"))  //双向sso
                {
                    //String UnifyAccountCheckResult = String.Empty;
                    //if (CommonUtility.IsParameterExist("UnifyAccountCheckResult", this.Page))
                    //{
                    //     UnifyAccountCheckResult = Request["UnifyAccountCheckResult"];
                    //}
                    //strLog.AppendFormat("UnifyAccountCheckResult:{0}\r\n", UnifyAccountCheckResult);
                    //if ("1".Equals(UnifyAccountCheckResult) || String.IsNullOrEmpty(UnifyAccountCheckResult))
                    //{
                    //检查登录状态
                    if (!CommonUtility.IsParameterExist("UnifyAccountCheckResult", this.Page))
                    {
                        string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
                        string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"];
                        string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret;  //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"];
                        string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion;  //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"];
                        string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType;  //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"];
                        string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType;
                        string format = "redirect";
                        String returnURL = HttpUtility.UrlEncode(UDBConstDefinition.DefaultInstance.UnifyAccountCheckCallBackUrlYY + "?SPID=35000000");
                        string parameters = "&timeStamp=" + TimeStamp + "&accoutType=" + accountType + "&returnURL=" + returnURL;
                        strLog.AppendFormat("参数:{0}\r\n", parameters);
                        string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret);
                        strLog.AppendFormat("参数:{0},paras:{1}\r\n", parameters, paras);
                        string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret);
                        strLog.AppendFormat("sign:{0}\r\n", sign);
                        String UnifyAccountCheckUrl = UDBConstDefinition.DefaultInstance.UnifyAccountCheckUrl;
                        UnifyAccountCheckUrl = UnifyAccountCheckUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "&paras=" + paras + "&sign=" + sign + "&format=redirect";
                        strLog.AppendFormat(" Redirect to UnifyAccountCheckUrl:{0}\r\n", UnifyAccountCheckUrl);
                        log(strLog.ToString());
                        Response.Redirect(UnifyAccountCheckUrl, false);
                    }

                    //}

                }

            }
            else
            {

            }

        }
    }
Ejemplo n.º 23
0
    protected void Page_Load(object sender, EventArgs e)
    {
        string SPID = "35000000";
        string AuthenType = "";
        string AuthenName = "";
        string Password = "";
        string CustID = "";
        string RealName = "";
        string NickName = "";
        string UserName = "";
        string OutID = "";
        string UserAccount = "";
        string CustType = "";
        string ProvinceID = "";
        string Ticket = "";
        string ReturnUrl = "";

        int Result = ErrorDefinition.BT_IError_Result_UnknowError_Code;
        string ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg;

        try
        {
            if (CommonUtility.IsParameterExist("LoginTicket", this.Page))
            {
                Ticket = Request["LoginTicket"];
                Result = CIPTicketManager.checkCIPTicket(SPID, Ticket, "", out CustID, out RealName, out UserName, out NickName, out OutID, "", out AuthenName, out AuthenType, out ErrMsg);
                Log(String.Format("SPID:{0},Ticket:{1},CustID:{2},RealName:{3},UserName:{4},NickName:{5},OutID:{6},AuthenName:{7},AuthenType:{8},Result:{9},ErrMsg:{10}——【DateTime:{11}】",
                    SPID, Ticket, CustID, RealName, UserName, NickName, OutID, AuthenName, AuthenType, Result, ErrMsg, DateTime.Now.ToString("yyyy-MM-dd HH:mm")));

                if (Result == 0)
                {
                    SPInfoManager spInfo = new SPInfoManager();
                    Object SPData = spInfo.GetSPData(this.Context, "SPData");
                    string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);

                    UserToken UT = new UserToken();

                    string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, OutID, CustType, AuthenName, AuthenType, key, out ErrMsg);

                    string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];

                    PageUtility.SetCookie(UserTokenValue, CookieName, this.Page);
                    if (CommonUtility.IsParameterExist("ReturnUrl", this.Page))
                    {
                        ReturnUrl = Request["ReturnUrl"];
                        Response.Redirect(ReturnUrl);
                    }

                    Response.Redirect("http://www.118114.cn");
                }
                else
                {
                    Response.Redirect("../ErrorInfo.aspx?ErrorInfo=" + ErrMsg);
                }
            }
            else
            {
                Response.Redirect("http://www.118114.cn");
            }
        }
        catch (Exception ex)
        {
            ErrMsg += ex.Message;
        }
        finally
        {
            Log(String.Format("LoginTicket:{0},ErrMsg:{1}——【DateTime:{2}】", Ticket, ErrMsg, DateTime.Now.ToString("yyyy-MM-dd HH:mm")));
        }
    }
Ejemplo n.º 24
0
        /// <summary>
        /// �ͻ���Ϣƽ̨�Ľ���������֤���ܵ�ַ
        /// ���ߣ�����      ʱ�䣺2009-9-09
        /// </summary>
        public static List<string> DecryptEmailURL(string URL, HttpContext context)
        {
            List<string> list = new List<string>();
            try
            {
                string[] arrTemp = URL.Split('=');
                URL = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(arrTemp[1]))));
                string[] arrParam = URL.Split('$');
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(context, "SPData");
                string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
                string Digest = CryptographyUtil.GenerateAuthenticator(arrParam[0] + "$" + arrParam[1] + "$" + arrParam[2], key);
                if (Digest.Equals(arrParam[3]))
                {
                    for (int i = 0; i < arrParam.Length - 1; i++)
                    {
                        list.Add(arrParam[i]);
                    }
                }
                else
                {
                    list = null;
                }
            }
            catch (System.Exception ex)
            {
                list = null;
            }

            return list;
        }
Ejemplo n.º 25
0
 /// <summary>
 ///  ��ȡʡuam֤����Կ
 /// </summary>
 /// <param name="SpecificContext"></param>
 /// <param name="SPID"></param>
 /// <param name="SecretKey"></param>
 /// <param name="ErrMsg"></param>
 /// <returns></returns>
 public int GetMBOSSSecretKey(HttpContext SpecificContext, string SPID, out string SecretKey, out string ErrMsg)
 {
     int Result = -19999;
     SecretKey = String.Empty;
     ErrMsg = String.Empty;
     try
     {
         SPInfoManager spInfo = new SPInfoManager();
         Object SPData = spInfo.GetSPData(SpecificContext, "SPData");
         SecretKey = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
         Result = 0;
     }
     catch (Exception e)
     {
         Result = -19999;
         SecretKey = "";
         ErrMsg = e.Message;
     }
     return Result;
 }
Ejemplo n.º 26
0
    protected void Page_Load(object sender, EventArgs e)
    {
        String urlParam = Request["UrlParam"] == null ? String.Empty : HttpUtility.UrlDecode(Request["UrlParam"]);
        if (String.IsNullOrEmpty(urlParam))
        {
            this.ResetPanel.Visible = false;
            this.MsgPanel.Visible = true;
        }
        else
        {
            this.ResetPanel.Visible = true;
            this.MsgPanel.Visible = false;
            try
            {
                //解析并获取参数
                String DecryptParam = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(urlParam)));
                String[] paramArray = DecryptParam.Split('$');
                String spid = paramArray[0];
                String custid = paramArray[1];
                String email = paramArray[2];
                String returnUrl = String.IsNullOrEmpty(paramArray[3]) ? ConstHelper.DefaultInstance.BesttoneLoginPage : paramArray[3];
                String authenCode = paramArray[4];
                String timeTamp = paramArray[5];
                String digest = paramArray[6];
                this.hdCustID.Value = custid;
                this.hdEmail.Value = email;
                this.hdAuthenCode.Value = authenCode;

                //对参数进行验证
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(this.Context, "SPData");
                String key = spInfo.GetPropertyBySPID(spid, "SecretKey", SPData);
                String NewDigest = CryptographyUtil.GenerateAuthenticator(spid + "$" + custid + "$" + email + "$" + returnUrl + "$" + authenCode + "$" + timeTamp, key);
                //看是否过期
                DateTime sendMailTime = Convert.ToDateTime(timeTamp);
                Int32 expiredHour = ConstHelper.DefaultInstance.ResetPwdExpiredHour;

                //签名不正确
                if (String.Equals(digest, NewDigest) == false || (sendMailTime.AddHours(expiredHour) < DateTime.Now))
                {
                    this.ResetPanel.Visible = false;
                    this.MsgPanel.Visible = true;
                }
                else
                {
                    String ErrMsg = String.Empty;
                    Int32 result = SetMail.CheckEmaklSend(custid, email, authenCode, out ErrMsg);
                    if (result == 0)
                    {
                        this.hdCustID.Value = custid;
                        this.hdReturnUrl.Value = returnUrl;
                    }
                    else
                    {
                        this.ResetPanel.Visible = false;
                        this.MsgPanel.Visible = true;
                    }
                }
            }
            catch (Exception ex)
            {
                this.ResetPanel.Visible = false;
                this.MsgPanel.Visible = true;
            }

        }
    }
    protected int BeginParseSPToken(string SourceStr, HttpContext context, out string SPID, out string CustID,
        out string ReturnURL, out string ErrMsg)
    {
        StringBuilder strLog = new StringBuilder();

        strLog.AppendFormat("-----------解析SPTokenRequest开始:-----------\r\n");
        strLog.AppendFormat("Params: SPTokenRequest:{0}\r\n", SourceStr);
        int Result = ErrorDefinition.IError_Result_UnknowError_Code;
        ErrMsg = "";
        SPID = "";
        CustID = "";
        ReturnURL = "";
        string TimeStamp = "";

        string Digest = "";
        try
        {
            string[] alSourceStr = SourceStr.Split('$');
            SPID = alSourceStr[0].ToString();
            strLog.AppendFormat("SPID:{0}\r\n", SPID);
            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(context, "SPData");
            string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
            strLog.AppendFormat("获取密钥:{0}\r\n", ScoreSystemSecret);
            string EncryptSourceStr = alSourceStr[1].ToString();
            strLog.AppendFormat("密文:{0}\r\n", EncryptSourceStr);
            string RequestStr = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret);
            strLog.AppendFormat("解密.....\r\n");
            strLog.AppendFormat("明文:{0}\r\n", RequestStr);
            string[] alRequest = RequestStr.Split('$');

            //加密顺序:URLEncoding(SPID + "$" + Base64(Encrypt(CustId + "$"  + ReturnURL + "$" + HeadFooter + "$" + TimeStamp + "$" + From+ "$" + Digest)))
            //Digest = Base64(Encrypt(Hash(CustId + "$"+ReturnURL +"$"+ HeadFooter "$"+TimeStamp+"$"+From)))
            CustID = alRequest[0].ToString();
            strLog.AppendFormat("CustID:{0}\r\n", CustID);
            ReturnURL = alRequest[1].ToString();
            strLog.AppendFormat("ReturnURL:{0}\r\n", ReturnURL);
            TimeStamp = alRequest[3].ToString();
            strLog.AppendFormat("TimeStamp:{0}\r\n", TimeStamp);
            Digest = alRequest[5].ToString();
            strLog.AppendFormat("Digest:{0}\r\n", Digest);
            //校验摘要 Digest 信息
            string NewDigest = CryptographyUtil.GenerateAuthenticator(CustID + "$" + ReturnURL + "$" + TimeStamp, ScoreSystemSecret);
            strLog.AppendFormat("NewDigest:{0}\r\n", NewDigest);
            if (Digest != NewDigest)
            {
                Result = ErrorDefinition.IError_Result_InValidAuthenticator_Code;
                ErrMsg = "无效的Digest";
                return Result;
            }

            Result = 0;
        }
        catch (Exception e)
        {
            Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
            ErrMsg = e.Message;
        }
        finally
        {
            strLog.AppendFormat("-----------解析SPTokenRequest结束:-----------\r\n");
            log(strLog.ToString());
        }
        return Result;
    }
Ejemplo n.º 28
0
    public PhoneUnBindResult PhoneUnBind(string SPID, string PhoneNum, string PhoneClass, string CustID, string ExtendField)
    {
        PhoneUnBindResult Result = new PhoneUnBindResult();
        Result.Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
        Result.ErrorDescription = ErrorDefinition.IError_Result_System_UnknowError_Msg;
        Result.CustID = CustID;
        Result.ExtendField = "";

        try
        {
            #region 数据校验
            //检查SPID是否为空
            if (CommonUtility.IsEmpty(SPID))
            {
                Result.Result = ErrorDefinition.BT_IError_Result_InValidSPID_Code;
                Result.ErrorDescription = ErrorDefinition.BT_IError_Result_InValidSPID_Msg + ",不能为空";
                return Result;
            }

            //检查SPID长度是否有误
            if (SPID.Length != ConstDefinition.Length_SPID)
            {
                Result.Result = ErrorDefinition.BT_IError_Result_InValidSPID_Code;
                Result.ErrorDescription = ErrorDefinition.BT_IError_Result_InValidSPID_Msg + "长度有误";
                return Result;
            }

            //IP是否允许访问
            Result.Result = CommonBizRules.CheckIPLimit(SPID, HttpContext.Current.Request.UserHostAddress, this.Context, out Result.ErrorDescription);
            if (Result.Result != 0)
            {
                return Result;
            }

            //接口访问权限判断
            Result.Result = CommonBizRules.CheckInterfaceLimit(SPID, "PhoneUnBind", this.Context, out Result.ErrorDescription);
            if (Result.Result != 0)
            {
                return Result;
            }

            //检查CustID是否为空
            if (CommonUtility.IsEmpty(CustID))
            {
                Result.Result = ErrorDefinition.BT_IError_Result_InValidCustID_Code;
                Result.ErrorDescription = ErrorDefinition.BT_IError_Result_InValidCustID_Msg + ",不能为空";
                return Result;
            }

            //检查CustID长度是否小于16位
            if (CustID.Length > ConstDefinition.Length_CustID)
            {
                Result.Result = ErrorDefinition.BT_IError_Result_InValidCustID_Code;
                Result.ErrorDescription = ErrorDefinition.BT_IError_Result_InValidCustID_Msg + "长度有误";
                return Result;
            }

            //检查Phone是否为空
            if (!CommonUtility.IsEmpty(PhoneNum))
            {
                string phone = "";
                if (!CommonBizRules.PhoneNumValid(this.Context, PhoneNum, out phone))
                {
                    Result.Result = ErrorDefinition.CIP_IError_Result_Phone_NumberInValid_Code;
                    Result.ErrorDescription = ErrorDefinition.CIP_IError_Result_Phone_NumberInValid_Msg + ",电话格式无效";
                    return Result;
                }
                PhoneNum = phone;
            }
            else
            {
                Result.Result = ErrorDefinition.CIP_IError_Result_Phone_AuthenPhoneInValid_Code;
                Result.ErrorDescription = ErrorDefinition.CIP_IError_Result_Phone_AuthenPhoneInValid_Msg + ",不能为空";
                return Result;
            }

            //检查PhoneClass是否为空
            if (CommonUtility.IsEmpty(PhoneClass))
            {

                Result.Result = ErrorDefinition.BT_IError_Result_InValidParameter_Code;
                Result.ErrorDescription = ErrorDefinition.BT_IError_Result_InValidParameter_Msg + ",不能为空";
                return Result;
            }
            #endregion

            //电话解绑
            Result.Result = PhoneBO.PhoneUnBind(CustID, PhoneNum, PhoneClass, out Result.ErrorDescription);
            if (Result.Result == 0)
            {
                //电话解绑通知用户
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(this.Context, "SPData");
                String SPName = spInfo.GetPropertyBySPID(SPID, "SPName", SPData);
                CommonBizRules.SendMessage(PhoneNum, "您的号码已被解除绑定(将不能通过该号码登录号百平台):此操作由" + SPID + "-" + SPName + "-平台发起!", "35000000");
            }
        }
        catch (Exception e)
        {
            Result.Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
            Result.ErrorDescription = ErrorDefinition.IError_Result_System_UnknowError_Msg + e.Message;
        }
        finally
        {
            try
            {
                #region 文本日志
                StringBuilder msg = new StringBuilder();
                msg.Append("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\r\n\r\n");
                msg.Append("电话解绑接口" + DateTime.Now.ToString("u") + "\r\n");
                msg.Append(";SPID - " + SPID);
                msg.Append("CustID - " + CustID);
                msg.Append(";PhoneNum - " + PhoneNum);
                msg.Append(";PhoneClass - " + PhoneClass + "\r\n");

                msg.Append("处理结果 - " + Result.Result);
                msg.Append("; 错误描述 - " + Result.ErrorDescription);
                msg.Append("; CustID - " + Result.CustID);
                msg.Append("; ExtendField - " + Result.ExtendField + "\r\n");

                msg.Append("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\r\n");

                BTUCenterInterfaceLog.CenterForBizTourLog("PhoneUnBind", msg);
                #endregion

                #region 写数据库日志

                String inParam = String.Format("SPID:{0},PhoneNum:{1},PhoneClass:{2},CustID:{3},ExtendField:{4}", SPID, PhoneNum, PhoneClass, CustID, ExtendField);
                String outParam = String.Format("Result:{0},CustID:{1},ProvinceID:{2},ErrorDescription:{3},ExtendField:{4}",
                                    Result.Result, Result.CustID, Result.ProvinceID, Result.ErrorDescription, Result.ExtendField);

                CommonBizRules.WriteCallInterfaceLog_DB(HttpContext.Current.Request.UserHostAddress, SPID, "PhoneUnBind", inParam, outParam, Result.Result, Result.ErrorDescription);

                #endregion

                //CommonBizRules.WriteDataLog(SPID, Result.CustID, "", Result.Result, Result.ErrorDescription, PhoneNum, "PhoneUnBind");
            }
            catch { }
        }

        return Result;
    }
Ejemplo n.º 29
0
    /// <summary>
    /// 开始UDBSSO功能
    /// </summary>
    protected void BeginUDBSSO()
    {
        StringBuilder strMsg = new StringBuilder();
        Int32 Result = ErrorDefinition.BT_IError_Result_UnknowError_Code;
        String ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg;
        try
        {
            #region 获取参数并验证

            SPID = Request["SPID"];
            String temp_ReturnUrl = Request["ReturnUrl"] == null ? String.Empty : Request["ReturnUrl"];
            PassportLoginResponseValue = Request["PassportLoginResponse"];
            strMsg.AppendFormat("【验证参数,DateTime:{0}】:SPID:{1},PassportLoginResponse:{2},temp_ReturnUrl:{3}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), SPID, PassportLoginResponseValue, temp_ReturnUrl);
            //根据SPID查询应用系统对应的UDBSPID信息
            UDBSPInfoBO _udbspinfo_bo = new UDBSPInfoBO();
            UDBSPInfo _udbspinfo_entity = _udbspinfo_bo.GetBySPID(SPID);
            if (_udbspinfo_entity != null)
            {
                UDBSPID = _udbspinfo_entity.UDBSPID;
                UDBKey = _udbspinfo_entity.UDBKey;
                ReturnUrl = _udbspinfo_entity.RedirectUrl;
            }
            else
            {
                UDBSPID = UDBConstDefinition.DefaultInstance.BesttoneUDBSPID;
                UDBKey = UDBConstDefinition.DefaultInstance.BesttoneUDBKey;
                ReturnUrl = UDBConstDefinition.DefaultInstance.UDBLoginSuccessRedirectUrl;
            }

            if (String.IsNullOrEmpty(ReturnUrl))
            {
                //其他业务系统的Ticket解析页面是不固定的,通过参数ReturnUrl传递
                ReturnUrl = temp_ReturnUrl;
            }
            else
            {
                //针对精品商城,精品商城的Ticket解析页面是固定的,是配在数据库中,而此时参数ReturnUrl及为最终认证成功的跳转页面
                if (!String.IsNullOrEmpty(temp_ReturnUrl))
                {
                    if (ReturnUrl.IndexOf('?') >= 0)
                    {
                        ReturnUrl += "&ReturnUrl=" + HttpUtility.UrlEncode(temp_ReturnUrl);
                    }
                    else
                    {
                        ReturnUrl += "?ReturnUrl=" + HttpUtility.UrlEncode(temp_ReturnUrl);
                    }
                }
            }

            strMsg.AppendFormat(",ReturnUrl:{0}", ReturnUrl);

            //根据客户信息平台的SPID,获取在客户信息平台的key
            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(this.Context, "SPData");
            key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);

            //解析PassportLoginResponseValue
            String[] tempArray = PassportLoginResponseValue.Split('$');
            DesSsDeviceNo = tempArray[0];
            String tempStr = CryptographyUtil.Decrypt(tempArray[1], UDBKey);
            String[] digestArray = tempStr.Split('$');
            Result = Convert.ToInt32(digestArray[0]);
            UDBTicket = digestArray[1];
            String timeStamp = digestArray[2];
            String digest = digestArray[3];

            String newDigest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(Result + DesSsDeviceNo + UDBTicket + timeStamp));
            strMsg.AppendFormat(",DesSsDeviceNo:{0},Result:{1},UDBTicket{2},timeStamp:{3},digest:{4},newDigest:{5}\r\n", DesSsDeviceNo, Result, UDBTicket, timeStamp, digest, newDigest);
            if (!digest.Equals(newDigest))
            {
                //digest不吻合,失败
                strMsg.AppendFormat(",ErrMsg:{0}", "digest有误不匹配");
                Redirect("ErrMsg", "digest有误不匹配");
            }
            if (Result != 0)
            {
                //失败,则返回
                strMsg.AppendFormat(",ErrMsg:{0}", "返回Ticket失败");
                Redirect("ErrMsg", "返回Ticket失败");
            }

            #endregion

            #region 根据UDBTkcket到UDB查询用户信息

            strMsg.Append("【开始查询信息】:");

            UDBAccountInfo accountInfo = new UDBAccountInfo();

            //根据UDBTicket到UDB查询用户信息
            Result = _UDBMBoss.AccountInfoQuery(UDBSPID, UDBSPID, UDBTicket, UDBKey, out accountInfo, out ErrMsg);
            accountInfo.SourceSPID = UDBConstDefinition.DefaultInstance.UDBSPID;
            strMsg.AppendFormat(",Result:{0},UserID:{1},UserIDType:{2},UserType:{3},PUserID:{4},Alias:{5},UserIDStatus:{6},UserIDSsStatus:{7},Description:{8},ProvinceID:{9},NumFlag:{10}\r\n",
                Result, accountInfo.UserID, accountInfo.UserIDType, accountInfo.UserType, accountInfo.PUserID, accountInfo.Alias, accountInfo.UserIDStatus, accountInfo.UserIDSsStatus, accountInfo.Description, accountInfo.ProvinceID, accountInfo.NumFlag);

            if (Result == 0)
            {
                String CustID, OuterID, Status, CustType, CustLevel, RealName, UserName, NickName, CertificateCode, CertificateType, Sex, Email, EnterpriseID, ProvinceID, AreaID, RegistrationSource;
                //检测对应用户是否在号百系统,不在,则注册进来
                strMsg.Append("【开始注册到号百】:");
                Result = UserRegistry.getUserRegistryUDB(accountInfo, out CustID, out ErrMsg);
                strMsg.AppendFormat("Result:{0},CustID:{1}\r\n", Result, CustID);

                //注册成功
                if (Result == 0)
                {
                    Result = CustBasicInfo.getCustInfo(SPID, CustID, out ErrMsg, out OuterID, out Status, out CustType, out CustLevel, out RealName,
                        out UserName, out NickName, out CertificateCode, out CertificateType, out Sex, out Email, out EnterpriseID, out ProvinceID,
                        out AreaID, out RegistrationSource);
                    if (Result != 0)
                    {
                        strMsg.Append(",ErrMsg:客户不存在" + CustID);
                        //客户不存在
                        Redirect("ErrMsg", "客户不存在");
                    }
                    //生成token
                    UserToken UT = new UserToken();
                    String userTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, OuterID, CustType, accountInfo.UserID, UDBBusiness.ConvertAuthenType(accountInfo.NumFlag), key, out ErrMsg);
                    String CookieName = ConfigurationManager.AppSettings["CookieName"];
                    PageUtility.SetCookie(CookieName, userTokenValue, this.Page);

                    //生成Ticket
                    String ticket = CommonBizRules.CreateTicket();
                    Result = CIPTicketManager.insertCIPTicket(ticket, SPID, CustID, RealName, UserName, NickName, OuterID, "UDBTicket", accountInfo.UserID, UDBBusiness.ConvertAuthenType(accountInfo.NumFlag), out ErrMsg);
                    strMsg.AppendFormat("【生成ticket】:Result:{0},Ticket:{1}", Result, ticket);
                    if (Result != 0)
                    {
                        strMsg.Append(",ErrMsg:Ticket生成失败" + ticket);
                        Redirect("ErrMsg", "Ticket生成失败");
                    }
                    strMsg.Append(",Message:生成ticket成功,返回业务系统");
                    Redirect("Ticket", ticket);
                }
                else
                {
                    strMsg.Append(",ErrMsg:用户注册到号百失败");
                    Redirect("ErrMsg", "用户注册到号百失败" + ErrMsg);
                }
            }
            else if (Result == 5)
            {
                strMsg.Append(",ErrMsg:用户已删除");
                Redirect("ErrMsg", "用户已删除");
            }
            else
            {
                strMsg.Append(",ErrMsg:查询用户信息失败");
                Redirect("ErrMsg", "查询用户信息失败");
            }

            #endregion
        }
        catch(Exception ex)
        {
            strMsg.AppendFormat(",ErrMsg:{0}", ex.Message);
        }
        finally
        {
            WriteLog(strMsg.ToString());
        }
    }
Ejemplo n.º 30
0
        /// <summary>
        /// IP�Ƿ��������
        /// ���ߣ�Է��      ʱ�䣺2009-8-11
        /// �޸ģ�          ʱ�䣺
        /// </summary>
        public static int CheckIPLimit(string SPID, string IP, HttpContext context, out string ErrMsg)
        {
            int Result = ErrorDefinition.IError_Result_UnknowError_Code;
            ErrMsg = "";
            DataTable dt = null;
            try
            {
                string IsIPLimit = System.Configuration.ConfigurationManager.AppSettings["IsIPLimit"];
                //��������򷵻�����
                if (IsIPLimit == "1")
                {
                    Result = 0;
                    return Result;
                }
                //���ݴ���IP��ȡIPNumber
                long IPNumber = CommonBizRules.GetIPAddressIPNumber(IP);
                //�ӻ����л�ȡ����
                SPInfoManager spInfo = new SPInfoManager();
                SPIPListData SPIPListData = (SPIPListData)spInfo.GetSPData(context, "SPIPListData");

                dt = SPIPListData.Tables[SPIPListData.TableName];
                long StartIPIPNumber = 0;
                long EndIPIPNumber = 0;
                for (int i = 0; i < dt.Rows.Count; i++)
                {
                    if (SPID == dt.Rows[i][SPIPListData.Field_SPID].ToString())
                    {
                        StartIPIPNumber = long.Parse(dt.Rows[i][SPIPListData.Field_StartIPNumber].ToString());
                        EndIPIPNumber = long.Parse(dt.Rows[i][SPIPListData.Field_EndIPNumber].ToString());
                        //����ɣ��������б�����ɹ�
                        if (IPNumber >= StartIPIPNumber && IPNumber <= EndIPIPNumber)
                        {
                            Result = 0;
                            return Result;
                        }
                    }
                }

                Result = ErrorDefinition.BT_IError_Result_BizIPLimit_Code;
                ErrMsg = ErrorDefinition.BT_IError_Result_BizIPLimit_Msg;

            }
            catch (Exception e)
            {
                Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
                ErrMsg = e.Message;
            }

            return Result;
        }
Ejemplo n.º 31
0
 /// <summary>
 /// ����SPID ��ȡSP�ⲿϵͳID
 /// </summary>
 public static string GetSPOuterIDBySPID(string SPID, HttpContext context)
 {
     string Result = "";
     SPInfoManager spInfo = new SPInfoManager();
     Object SPData = spInfo.GetSPData(context, "SPData");
     Result = spInfo.GetPropertyBySPID(SPID, "SPOuterID", SPData);
     return Result;
 }
Ejemplo n.º 32
0
    protected void register_Click(object sender, EventArgs e)
    {
        Response.AddHeader("P3P", "CP=CAO PSA OUR");

        UserName = Request.Form["userName"].ToString().Trim();

        PassWord = Request.Form["password"].ToString().Trim();

        PassWord2 = Request.Form["password2"].ToString().Trim();

        checkCode = Request.Form["checkCode"].ToString().Trim();

        String IPAddress = Request.UserHostAddress.ToString();

        System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(Request.Url.AbsoluteUri);
        StringBuilder sbLog = new StringBuilder();
        sbLog.AppendFormat("userName:{0}\r\n",UserName);
        sbLog.AppendFormat("password:{0}\r\n",PassWord);
        sbLog.AppendFormat("password2:{0}\r\n",PassWord2);
        sbLog.AppendFormat("checkCode:{0}\r\n",checkCode);
        try
        {
            if (!CommonUtility.ValidateValidateCode(HttpUtility.HtmlDecode(checkCode), this.Context))
            {
                //hintError提示错误验证码校验未通过
                errorHint.InnerHtml = "验证码校验未通过!";
                sbLog.AppendFormat("验证码校验未通过!");
                return;
            }

            if (!PassWord2.Equals(PassWord))
            {
                errorHint.InnerHtml = "密码不一致!";
                return;
            }

            Result = CustBasicInfo.IsExistUser(UserName);

            if (Result != 0)
            {
                errorHint.InnerHtml = "用户名已经存在!";
                return;
            }

            Result = UserRegistry.UserRegisterWebLowStint(SPID, UserName, PassWord, out CustID, out ErrMsg);

            if (Result == 0)
            {
                //记录注册来源ip地址
                CommonBizRules.WriteTraceIpLog(CustID, UserName, SPID, IPAddress,"web_zc");

                if ("35433334".Equals(SPID)) {
                    String youhuiquan_url = "http://www.114yg.cn/facadeHome.do?actions=facadeHome&method=sendCouponToRegist&wt=json&from=web&custId=" + CustID;
                    String jsonmsg = HttpMethods.HttpGet(youhuiquan_url);
                    System.Collections.Generic.Dictionary<string, string> resuzt = Newtonsoft.Json.JsonConvert.DeserializeObject<System.Collections.Generic.Dictionary<string, string>>(jsonmsg);
                    //{"returnCode":"00000"}
                    string youhuiquan = "";
                    resuzt.TryGetValue("returnCode", out youhuiquan);
                }

                // 重定向到欢迎页面
                sbLog.AppendFormat("注册成功:{0}\r\n",Result);
                String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(this.Context, "SPData");
                String key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
                String Digest = CryptographyUtil.GenerateAuthenticator(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg, key);
                String temp = SPID + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg + "$" + Digest, key);
                String RegistryResponseValue = HttpUtility.UrlEncode(temp);
                sbLog.Append("给用户写Cookie\r\n");
                //给用户写cookie
                UserToken UT = new UserToken();
                String RealName = UserName;
                String NickName = UserName;
                string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, "", "42", UserName, "1", key, out ErrMsg);
                string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
                PageUtility.SetCookie(UserTokenValue, CookieName, this.Page);
                sbLog.Append("创建新的SPTokenRequest\r\n");
                CreateSPTokenRequest();

                StringBuilder URL = new StringBuilder();
                String RegisterInLowstintSuccessURL = ConfigurationManager.AppSettings["RegisterInLowstintSuccessURL"].ToString(); //// 邮箱指向authenv2.aspx
                if (String.IsNullOrEmpty(RegisterInLowstintSuccessURL))
                {
                    RegisterInLowstintSuccessURL = "RegisterSuccessV2.aspx?SPID=";
                }
                URL.Append(RegisterInLowstintSuccessURL);
                //Response.Redirect(URL.ToString() + SPID + "&ReturnUrl=" + ReturnUrl + "&SPTokenRequest=" + newSPTokenRequest, false);
                //用Redirect 无法从request  的refer 中获得从哪个页面来的

                //     Server.Transfer

                //Server.Transfer方法把执行流程从当前的ASPX文件转到同一服务器上的另一个ASPX页面。调用Server.Transfer时,当前的ASPX页面终止执行,执行流程转入另一个ASPX页面,但新的ASPX页面仍使用前一ASPX页面创建的应答流。

                //如果用Server.Transfer方法实现页面之间的导航,浏览器中的URL不会改变,因为重定向完全在服务器端进行,浏览器根本不知道服务器已经执行了一次页面变换。

                //默认情况下,Server.Transfer方法不会把表单数据或查询字符串从一个页面传递到另一个页面,但只要把该方法的第二个参数设置成True,就可以保留第一个页面的表单数据和查询字符串。

                //同时,使用Server.Transfer时应注意一点:目标页面将使用原始页面创建的应答流,这导致ASP.NET的机器验证检查(Machine    Authentication    Check,MAC)认为新页面的ViewState已被篡改。因此,如果要保留原始页面的表单数据和查询字符串集合,必须把目标页面Page指令的EnableViewStateMac属性设置成False。
                sbLog.Append("重定向:");
                //Response.Redirect(URL.ToString() + SPID + "&ReturnUrl=" + ReturnUrl + "&SPTokenRequest=" + newSPTokenRequest, true);
                Server.Transfer(URL.ToString() + SPID + "&ReturnUrl=" + ReturnUrl + "&SPTokenRequest=" + newSPTokenRequest, true);
            }
            else
            {
                sbLog.AppendFormat("注册失败:{0}\r\n",ErrMsg);
                errorHint.InnerHtml = "注册失败:"+ErrMsg;
                return;
            }

        }
        catch (Exception ex)
        {
            sbLog.Append(ex.Message);
            errorHint.InnerHtml = ex.ToString();
            return;
            //重定向到错误页面
        }
        finally
        {
            log(sbLog.ToString());
        }
    }
Ejemplo n.º 33
0
    protected void login_Click(object sender, EventArgs e)
    {
        Response.AddHeader("P3P", "CP=CAO PSA OUR");
        StringBuilder strLog = new StringBuilder();
        //string AuthenType = HttpUtility.HtmlDecode(Request.Form["AuthenType"].ToString().Trim().ToUpper());         //获取认证类型

        string AuthenName = username.Text;
        string Password = password.Text;
        string AuthenType = "1";  // 默认是用户名

        Regex regMobile = new Regex(@"^1[3458]\d{9}$");
        Regex regEmail = new Regex(@"^[0-9a-zA-Z_\-\.]*[0-9a-zA-Z_\-]@[0-9a-zA-Z]+\.+[0-9a-zA-Z_\-.]+$");
        Regex regCard = new Regex(@"^(\d{9}|\d{16})$");

        if (regMobile.IsMatch(AuthenName))
        {
            AuthenType = "2";
        }
        if (regEmail.IsMatch(AuthenName))
        {
            AuthenType = "4";
        }
        if (regCard.IsMatch(AuthenName))
        {
            AuthenType = "3";
        }

        PageUtility.SetCookie("AuthenType", AuthenType, 168);           //168个小时,即一个礼拜
        PageUtility.SetCookie("LoginTabCookie", "BestToneTab", 8760);
        string CustID = "";
        string RealName = "";
        string NickName = "";
        string UserName = "";
        string OutID = "";
        string UserAccount = "";
        string ErrMsg = "";
        string CustType = "";
        string ProvinceID = "";
        int Result = 1;
        try
        {
            strLog.AppendFormat("checkCode={0}", Request.Form["checkCode"]);
            if (!CommonUtility.ValidateValidateCode(HttpUtility.HtmlDecode(Request.Form["checkCode"].ToString().Trim()), this.Context))
            {
                errorHint.InnerHtml = "验证码错误,请重新输入";
                return;
            }

            //日志
            strLog.AppendFormat("【开始验证】:SPID:{0},ProvinceID:{1},AuthenName:{2},AuthenType:{3}", SPID, ProvinceID, AuthenName, AuthenType);

            Result = BTForBusinessSystemInterfaceRules.UserAuthV2(SPID, AuthenName, AuthenType, Password, Context, ProvinceID, "", "",
                out  ErrMsg, out  CustID, out  UserAccount, out  CustType, out  OutID, out  ProvinceID, out  RealName, out  UserName, out  NickName);
            //验证结果日志
            strLog.AppendFormat("【验证结果】:CustID:{0},UserAcount:{1},CustType:{2},OutID:{3},ProvinceID:{4},RealName:{5},UserName:{6},NickName:{7}",
                CustID, UserAccount, CustType, OutID, ProvinceID, RealName, UserName, NickName);
            CommonBizRules.WriteDataCustAuthenLog(SPID, CustID, ProvinceID, AuthenType, AuthenName, "2", Result, ErrMsg);
            if (Result != 0)
            {
                if (Result == 1001 || Result == -20504 || Result == -21553)
                {
                    errorHint.InnerHtml = ErrMsg;
                    //hint_Username.InnerHtml = "";
                    return;
                }

                if (Result == -21501)
                {
                    errorHint.InnerHtml = ErrMsg;
                    return;
                }
                Response.Write(ErrMsg);
                return;
            }

            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(this.Context, "SPData");
            string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);

            //生成token并保存
            UserToken UT = new UserToken();
            string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, OutID, CustType, AuthenName, AuthenType, key, out ErrMsg);
            string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
            PageUtility.SetCookie(CookieName, UserTokenValue);

            TokenValidate.IsRedircet = false;
            TokenValidate.Validate();

            this.ssoFunc();
        }
        catch (System.Exception ex)
        {
            log(ex.ToString());
        }
        finally
        {
            log(strLog.ToString());
        }
    }
Ejemplo n.º 34
0
    protected void CreateSPTokenRequest()
    {
        StringBuilder sbLog = new StringBuilder();
        SPInfoManager spInfo = new SPInfoManager();
        try
        {
            sbLog.Append("spInfo.GetSPData\r\n");
            Object SPData = spInfo.GetSPData(this.Context, "SPData");
            string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
            sbLog.Append("ScoreSystemSecret");
            String _HeadFooter = "yes";
            String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); ;

            UserToken UT = new UserToken();
            newSPTokenRequest = UT.GenerateBestAccountMainUserToken(CustID, ReturnUrl, _HeadFooter, TimeStamp, ScoreSystemSecret, out ErrMsg);
            newSPTokenRequest = HttpUtility.UrlEncode(SPID + "$" + newSPTokenRequest);
        }
        catch (Exception ep)
        {
            sbLog.Append(ep.Message);
        }
        finally
        {
            log(sbLog.ToString());
        }
    }
Ejemplo n.º 35
0
    protected void Query_Assertion()
    {
        MBOSSClass mboss = new MBOSSClass();

        SPInfoManager spInfo = new SPInfoManager();

        int Result = ErrorDefinition.IError_Result_UnknowError_Code;
        string  ErrMsg = "";
        string UserName = "";
        string privateKeyPassword = "";
        string CAP01002_XML = Request["SSORequestXML"];
        string DigitalSign = MBOSSClass.GetNewXML(CAP01002_XML, "DigitalSign");
        string DigitalSignValue = MBOSSClass.GetValueFromXML(CAP01002_XML, "DigitalSign");
        //从中取出RedirectURL
        string RedirectURL = MBOSSClass.GetValueFromXML(CAP01002_XML, "RedirectURL");
        //验证 CAP01002_XM 合法性
        byte[] PublicKeyFile = new byte[0];

        try
        {
            Object SPData = spInfo.GetSPData(this.Context, "");  //SPDataCacheName 这里要去问tongbo
            PublicKeyFile = spInfo.GetCAInfo(SPID, 0, SPData, out UserName, out privateKeyPassword);
        }
        catch (Exception err)
        {
            //验证签名未通过
            ErrMsg = err.Message;
            Result = -20001;
            Response.Redirect(RedirectURL, true);
            return;
        }

        Result = mboss.VerifySignByPublicKey(DigitalSign, PublicKeyFile, DigitalSignValue, out ErrMsg);
        if (Result != 0)
        {
            // 签名校验未通过,直接将请求原路打回
            Response.Redirect(RedirectURL, true);
            return;
        }
    }
Ejemplo n.º 36
0
        /// <summary>
        /// ����ticket��ʡua��ѯ���Բ����н���
        /// </summary>
        /// <param name="UATicket"></param>
        /// <param name="privateKeyFile"></param>
        /// <param name="UATicket"></param>      
        /// <param name="PublicKeyFile"></param>
        /// <param name="UATicketXML"></param>
        /// <param name="ErrMsg"></param>
        /// <returns></returns>
        public int SendUATicket(string UAProvinceID,string SPID, string UATicket, string URL, System.Web.HttpContext SpecificContext, 
            string SPDataCacheName, string TransactionID, out BilByCompilingResult bbcResult, out string UATicketXML, out string ErrMsg)
        {
            UATicketXML = "";
            ErrMsg = "";
            int Result = -19999;
            bbcResult = new BilByCompilingResult();
            bbcResult.Result = -19999;

            StringBuilder strLog = new StringBuilder();

            #region
            byte[] privateKeyFile = new byte[0];
            string privateKeyPassword = "";
            string UserName = "";
            byte[] PublicKeyFile = new byte[0];
            SPInfoManager spInfo = new SPInfoManager();
            try
            {
                Object SPData = spInfo.GetSPData(SpecificContext, SPDataCacheName);
                PublicKeyFile=spInfo.GetCAInfo(SPID, 0, SPData, out UserName, out privateKeyPassword);
                privateKeyFile = spInfo.GetCAInfo("35999991", 1, SPData, out UserName, out privateKeyPassword);

            }
            catch (Exception err)
            {
                ErrMsg = err.Message;
                Result = -20001;

                return Result;
            }
            #endregion

            try
            {
                //ƴ�ղ�ѯ���Ե�xml
                Result = GetUATicketXML(UAProvinceID, UATicket, privateKeyFile, privateKeyPassword, TransactionID, out UATicketXML, out ErrMsg);
                //log("���͵�:" + UATicketXML);
                strLog.AppendFormat("���Բ�ѯ������:{0}\r\n", UATicketXML);

                if (Result != 0)
                    return Result;

                /******************************************/

                string NewXML = "";

                try
                {
                    //���Բ�ѯ
                    UaService u = new UaService();
                    u.Url = URL;// System.Configuration.ConfigurationManager.AppSettings["GetInfoByTicketURL"];
                    NewXML = u.SelectAssertion(UATicketXML);
                    //log("���ܣ�" + NewXML);
                    strLog.AppendFormat("���Բ�ѯ���ر��ģ�{0}\r\n", NewXML);
                }
                catch (System.Exception ex)
                {
                    //log("����" + ex.Message);
                    strLog.AppendFormat("�쳣:{0}\r\n", ex.Message);
                }

                string DigitalSign = GetNewXML(NewXML, "DigitalSign");
                string OldXML = GetValueFromXML(NewXML, "DigitalSign");
                //��֤
                Result = VerifySignByPublicKey(DigitalSign, PublicKeyFile, OldXML, out ErrMsg);
                //log("��֤ǩ����" + Result + "==" + ErrMsg);
                strLog.AppendFormat("ǩ����֤���:{0},{1}\r\n", Result, ErrMsg);
                if (Result != 0)
                    return Result;

                //����
                bbcResult = BilByCompiling(DigitalSign);
                ErrMsg = bbcResult.ErrMsg;
                Result = bbcResult.Result;
                if (Result != 0)
                    return Result;
            }
            catch (Exception err)
            {
                ErrMsg = err.Message;
                Result = -20009;
                log(Result + "--" + ErrMsg);
                log(err.StackTrace);
                return Result;
            }
            finally
            {
                log(strLog.ToString());
            }

            return Result;
        }
Ejemplo n.º 37
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (CommonUtility.IsParameterExist("ReturnUrl", this.Page))
        {
            ReturnUrl = Request["ReturnUrl"];
        }
        else
        {
            Logs.logSave("没有ReturnUrl返回");
        }

        if (string.IsNullOrEmpty(cookie["AccessToken"]))
        {
            Response.Redirect("SinaLogin.aspx");
        }
        else
        {
            Sina = new Client(new OAuth(ConfigurationManager.AppSettings["AppKey"], ConfigurationManager.AppSettings["AppSecret"], cookie["AccessToken"], null)); //用cookie里的accesstoken来实例化OAuth,这样OAuth就有操作权限了
        }
        UserID = Sina.API.Account.GetUID();

        string CustID = QueryByOpenID(UserID);
        if (String.IsNullOrEmpty(CustID)) // 已有绑定关系
        {
            //直接单点登录
            string AuthenName = "";
            string AuthenType = "";
            string RealName = "";
            string NickName = "";
            string UserName = "";
            string OutID = "";
            string UserAccount = "";
            string CustType = "";
            string ProvinceID = "";

            string _connectionString = WebConfigurationManager.ConnectionStrings["BestToneCenterConStr"].ConnectionString;

            SqlConnection con = new SqlConnection(_connectionString);
            SqlCommand cmd = new SqlCommand("select  RealName,UserName,NickName,OuterID,CustType from custinfo where custid=@CustID", con);
            cmd.Parameters.Add("@CustID", SqlDbType.NVarChar, 16).Value = CustID;
            using (con)
            {
                con.Open();
                SqlDataReader reader = cmd.ExecuteReader();
                while (reader.Read())
                {
                    RealName = (string)reader["RealName"];
                    UserName = (string)reader["UserName"];
                    NickName = (string)reader["NickName"];
                    OutID = (string)reader["OuterID"];
                    CustType = (string)reader["CustType"];

                }
            }

            SPInfoManager spInfo = new SPInfoManager();
            Object SPData = spInfo.GetSPData(this.Context, "SPData");
            string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
            string ErrMsg = "";
            //生成token并保存
            UserToken UT = new UserToken();
            string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, OutID, CustType, AuthenName, AuthenType, key, out ErrMsg);
            string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
            PageUtility.SetCookie(CookieName, UserTokenValue);
            //begin
            Response.Redirect(ReturnUrl,true);
            //end

        }
        else
        { // 未有绑定关系 (可能有号百账号-则去绑定,可能没有号百账号,则注册)
            string SelectOauthAssertion = System.Configuration.ConfigurationManager.AppSettings["SelectOauthAssertion"];
            SelectOauthAssertion = SelectOauthAssertion + "?code=" + UserID + "&returnUrl=" + ReturnUrl + "&oauthtype=1";    // 0 代表qq 1代表sina
            Response.Redirect(SelectOauthAssertion, true);  //SelectOauthAssertion 指向地址:    http://sso.besttone.cn/SSO/boundingV2.action?code=***&returnUrl=***
            //boundingV2.action 会forward到 他自己的一个auth.jsp ,这个jsp会嵌入两个iframe,其中一个iframe的src,指向客户信息平台的AuthBindLogin.aspx,另个iframe指向 客户信息平台的AuthRegister.aspx
            //同时分别带上SPTokenRequest和code参数,这个SPTokenRequest参数中的ReturnUrl
        }
    }
Ejemplo n.º 38
0
 /// <summary>
 /// �ͻ���Ϣƽ̨�Ľ���������֤���ܵ�ַ
 /// ���ߣ�����      ʱ�䣺2009-9-09
 /// </summary>
 public static string EncryptEmailURl(string CustID, string Email, HttpContext context)
 {
     StringBuilder URL = new StringBuilder();
     URL.Append(ConfigurationManager.AppSettings["EmailAuthenURL"].ToString());
     string datetime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
     SPInfoManager spInfo = new SPInfoManager();
     Object SPData = spInfo.GetSPData(context, "SPData");
     string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
     string Digest = CryptographyUtil.GenerateAuthenticator(CustID + "$" + Email + "$" + datetime, key);
     string AuthenStrValue = CryptographyUtil.ToBase64String(Encoding.UTF8.GetBytes(CryptographyUtil.Encrypt(CustID + "$" +
         Email + "$" + datetime + "$" + Digest)));
     URL.Append("=");
     URL.Append(HttpUtility.UrlEncode(AuthenStrValue));
     return URL.ToString();
 }
Ejemplo n.º 39
0
        /// <summary>
        /// ���ݲ�ͬ��ҵ��ϵͳ�ṩ��url��url�������н���
        /// ����list<string>һ����:CustID��Email��Time��Digest
        /// </summary>
        public static List<String> DecryptEmailURL(String SPID, String CustID, String Email, String Url, HttpContext context)
        {
            List<String> list = new List<String>();
            try
            {
                String urlParameter = Url.Split('=')[1];
                String decryptParameter = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(urlParameter))));
                String[] parArray = decryptParameter.Split('$');
                //��ȡ��ӦSPID��key
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(context, "SPData");
                String key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
                string Digest = CryptographyUtil.GenerateAuthenticator(parArray[0] + "$" + parArray[1] + "$" + parArray[2], key);
                if (Digest.Equals(parArray[3]))
                {
                    for (int i = 0; i < parArray.Length - 1; i++)
                    {
                        list.Add(parArray[i]);
                    }
                }
                else
                {
                    list = null;
                }

            }
            catch (Exception ex)
            {
                list = null;
            }

            return list;
        }
Ejemplo n.º 40
0
    protected void BtnSubmit_Click(object sender, EventArgs e)
    {
        UserName = Request.Form["UserName"].ToString().Trim();

        Password = Request.Form["Password"].ToString().Trim();

        Password2 = Request.Form["Password2"].ToString().Trim();

        try
        {

            Result = CustBasicInfo.IsExistUser(UserName);
            if (Result != 0)
            {
                errorHint.InnerHtml = "<script type='text/javascript'>showError('用户名已存在!')</script>";
                return;
            }

            Result = UserRegistry.UserRegisterWebLowStint(SPID, UserName, Password, out CustID, out ErrMsg);

            if (Result == 0)
            {
                    // 重定向到欢迎页面

                String IPAddress = Request.UserHostAddress.ToString();
                CommonBizRules.WriteTraceIpLog(CustID, UserName, SPID, IPAddress, "client_wap");

                String youhuiquan_url = "http://www.114yg.cn/facadeHome.do?actions=facadeHome&method=sendCouponToRegist&wt=json&from=" + Device + "&custId=" + CustID;
                String jsonmsg = HttpMethods.HttpGet(youhuiquan_url);
                System.Collections.Generic.Dictionary<string, string> resuzt = Newtonsoft.Json.JsonConvert.DeserializeObject<System.Collections.Generic.Dictionary<string, string>>(jsonmsg);
                //{"returnCode":"00000"}
                string youhuiquan = "";
                resuzt.TryGetValue("returnCode", out youhuiquan);

                String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
                SPInfoManager spInfo = new SPInfoManager();
                Object SPData = spInfo.GetSPData(this.Context, "SPData");
                String key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
                String Digest = CryptographyUtil.GenerateAuthenticator(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg, key);
                String temp = SPID + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg + "$" + Digest, key);
                String RegistryResponseValue = HttpUtility.UrlEncode(temp);

                //给用户写cookie
                UserToken UT = new UserToken();
                String RealName = UserName;
                String NickName = UserName;
                string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, "", "42", UserName, "1", key, out ErrMsg);
                string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
                PageUtility.SetCookie(UserTokenValue, CookieName, this.Page);
                CreateSPTokenRequest();
                StringBuilder URL = new StringBuilder();
                URL.Append("LowSintRegisterMSuccess.aspx?SPID=");
                Response.Redirect(URL.ToString() + SPID + "&SPTokenRequest=" + newSPTokenRequest, true);
            }
            else
            {
                errorHint.InnerHtml = "<script type='text/javascript'>showError('注册失败:"+ErrMsg+"')</script>";
                return;
            }
        }
        catch (Exception exp)
        {
            errorHint.InnerHtml = "<script type='text/javascript'>showError('"+exp.ToString()+"!')</script>";
            return;
        }
    }
Ejemplo n.º 41
0
 /// <summary>
 /// ����ҵ��ϵͳ�ṩ��URL���ܲ������ʼ�
 /// </summary>
 public static String EncryptEmailURl_Client(String SPID, String CustID, String Email, String AuthenCode, HttpContext context)
 {
     String timeTamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
     SPInfoManager spInfo = new SPInfoManager();
     Object SPData = spInfo.GetSPData(context, "SPData");
     String key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
     String Digest = CryptographyUtil.GenerateAuthenticator(SPID + "$" + CustID + "$" + Email  + "$" + AuthenCode + "$" + timeTamp, key);
     String AuthenStrValue = CryptographyUtil.ToBase64String(Encoding.UTF8.GetBytes(CryptographyUtil.Encrypt(SPID + "$" + CustID + "$" + Email  + "$" + AuthenCode + "$" + timeTamp + "$" + Digest)));
     return AuthenStrValue;
 }