Ejemplo n.º 1
0
        public override void Validate(string userName, string password)
        {
            if (null == userName || null == password || null == conn)
            {
                throw new ArgumentNullException();
            }

            if (DataService.isGlobalSafeLog == null)  //初始化全局安全性配置
            {
                string    tmpsql = string.Format("select configvalue from config where configkey='全局安全日志是否启用'");
                DataTable tmpdt  = conn.getDataTable(tmpsql);
                if (tmpdt.Rows.Count > 0 && tmpdt.Rows[0][0].ToString() == "true")
                {
                    DataService.isGlobalSafeLog = true;
                }
                else
                {
                    DataService.isGlobalSafeLog = false;
                }
            }

            string    sql = string.Format("select islocked,failedpasswordattemptcount,userid from users t3 where username='******'", userName);
            DataTable dt  = conn.getDataTable(sql);
            int       attemptcount;
            string    uid;

            if (dt == null)
            {
                throw new FaultException("服务器端验证故障!");
            }
            else if (dt.Rows.Count == 0)
            {
                if ((bool)DataService.isGlobalSafeLog)  //日志全局安全性
                {
                    string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
                    //System.ServiceModel.Channels.MessageProperties properties = OperationContext.Current.IncomingMessageProperties;
                    //RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
                    //string logcontent = string.Format("有客户端从IP:{0}试图以不存在的用户名({1})登录系统。", endpoint.Address, userName);
                    string logcontent = string.Format("有客户端从IP:{0}试图以不存在的用户名({1})登录系统。", ip, userName);
                    logcontent = logcontent.Length > 255 ? logcontent.Substring(0, 255) : logcontent;
                    string tmpsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", Guid.NewGuid(), DateTime.Now, "全局安全", logcontent);
                    conn.executeCommand(tmpsql);
                }
                throw new FaultException("用户名不存在!");
            }
            else
            {
                bool islocked = (bool)dt.Rows[0][0];
                attemptcount = int.Parse(dt.Rows[0][1].ToString());
                uid          = dt.Rows[0][2].ToString();
                if (islocked)
                {
                    if ((bool)DataService.isGlobalSafeLog)  //日志全局安全性
                    {
                        string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
                        //System.ServiceModel.Channels.MessageProperties properties = OperationContext.Current.IncomingMessageProperties;
                        //RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
                        //string logcontent = string.Format("有客户端从IP:{0}试图以被加锁的用户名({1})登录系统。", endpoint.Address, userName);
                        string logcontent = string.Format("有客户端从IP:{0}试图以被加锁的用户名({1})登录系统。", ip, userName);
                        logcontent = logcontent.Length > 255 ? logcontent.Substring(0, 255) : logcontent;
                        string tmpsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", Guid.NewGuid(), DateTime.Now, "全局安全", logcontent);
                        conn.executeCommand(tmpsql);
                    }

                    throw new FaultException("该账号已被加锁,请联系系统管理员解除!");
                }
            }


            sql = string.Format("select applicationid,userid from users t3 where username='******' and password='******' and islocked=0", userName, DES.EncryptString(password, DES.theKey));
            dt  = conn.getDataTable(sql);
            if (dt.Rows.Count == 0)                    // 错误
            {
                if ((bool)DataService.isGlobalSafeLog) //日志全局安全性
                {
                    string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
                    //System.ServiceModel.Channels.MessageProperties properties = OperationContext.Current.IncomingMessageProperties;
                    //RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
                    //string logcontent = string.Format("有客户端从IP:{0}试图以用户名({1})和错误口令登录系统。", endpoint.Address, userName);
                    string logcontent = string.Format("有客户端从IP:{0}试图以用户名({1})和错误口令登录系统。", ip, userName);
                    logcontent = logcontent.Length > 255 ? logcontent.Substring(0, 255) : logcontent;
                    string tmpsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", Guid.NewGuid(), DateTime.Now, "全局安全", logcontent);
                    conn.executeCommand(tmpsql);
                }
                if (attemptcount + 1 > 8) //尝试次数大于8次,加锁
                {
                    sql = string.Format("update users set FailedPasswordAttemptCount=0,islocked=1,lastlockdate='{1}' where userid='{0}'", uid, DateTime.Now);
                    conn.executeCommand(sql);
                    throw new FaultException("该账号尝试登录超过8次,已被加锁,请联系系统管理员解除!");
                }
                else
                {
                    sql = string.Format("update users set FailedPasswordAttemptCount={0} where userid='{1}'", attemptcount + 1, uid);
                    conn.executeCommand(sql);
                    throw new FaultException(string.Format("口令错误,该账号尝试登录{0}次,超过8次将被加锁无法使用!", attemptcount + 1));
                }
            }
            else
            {
                sql = string.Format("update users set FailedPasswordAttemptCount=0, lastlogindate='{0}' where userid='{1}'", DateTime.Now, uid);
                conn.executeCommand(sql);

                #region ----- 认证后,处理保存静态变量中的用户数据 -----
                string   appid = dt.Rows[0][0].ToString();
                UserInfo userinfo;
                if (!DataService.users.TryGetValue(userName, out userinfo))  //以用户名为键
                {
                    userinfo = new UserInfo()
                    {
                        userID = uid, appID = appid, userName = userName
                    };
                    DataService.users.Add(userName, userinfo);
                    //角色信息
                    sql = @"select t2.RoleName  from Users t1,Roles t2,UsersInRoles r where t1.UserName='******' and t1.UserID=r.UserID and t2.RoleID=r.RoleID";
                    sql = string.Format(sql, userName);
                    dt  = conn.getDataTable(sql);
                    foreach (DataRow item in dt.Rows)
                    {
                        userinfo.roles.Add(item[0].ToString());
                    }
                    //模块信息
                    sql = @"select t2.ModelName  from Roles t1,Models t2,ModelsInRoles r where t1.RoleID in
                             (select t2.RoleID  from Users t1,Roles t2,UsersInRoles r where t1.UserName='******' and t1.UserID=r.UserID and t2.RoleID=r.RoleID) 
                                and t1.RoleID=r.RoleID and t2.ModelID=r.ModelID";
                    sql = string.Format(sql, userName);
                    dt  = conn.getDataTable(sql);
                    foreach (DataRow item in dt.Rows)
                    {
                        userinfo.models.Add(item[0].ToString());
                    }
                    //数据源信息
                    sql = @"select t2.DatasourceName,r.isReadOnly from Models t1,Connections t2,ConnectionsInModels r where t1.ModelID in
                                (select t2.ModelID  from Roles t1,Models t2,ModelsInRoles r where t1.RoleID in
	                                (select t2.RoleID  from Users t1,Roles t2,UsersInRoles r where t1.UserName='******' and t1.UserID=r.UserID and t2.RoleID=r.RoleID) 
		                        and t1.RoleID=r.RoleID and t2.ModelID=r.ModelID) 
                           and t1.ModelID=r.ModelID and t2.ConnID=r.ConnID";
                    sql = string.Format(sql, userName);
                    dt  = conn.getDataTable(sql);
                    foreach (DataRow item in dt.Rows)
                    {
                        string dsname     = item[0].ToString();
                        bool   isreadonly = (bool)item[1];
                        if (!userinfo.conns.ContainsKey(dsname))
                        {
                            userinfo.conns.Add(dsname, isreadonly);
                        }
                        else
                        {
                            if (userinfo.conns[dsname] && !isreadonly) //多个角色权限取最大权限
                            {
                                userinfo.conns[dsname] = isreadonly;
                            }
                        }
                    }
                }
                #endregion
                #region ----- 应用程序的管理 -----
                AppData appdata;
                if (!DataService.apps.TryGetValue(appid, out appdata)) //若静态变量中无此应用程序项,则添加
                {
                    appdata = new AppData();
                    DataService.apps.Add(appid, appdata);
                    sql = string.Format("select configkey,configvalue from config where applicationid='{0}' and configsort='日志'", appid);
                    dt  = conn.getDataTable(sql);
                    foreach (DataRow dr in dt.Rows)  //填充配置项,若无或无效,则使用缺省值
                    {
                        if (dr[0].ToString() == "是否启用日志" && dr[1].ToString() == "true")
                        {
                            appdata.isLog = true;
                        }
                        if (dr[0].ToString() == "日志有效期限")
                        {
                            int.TryParse(dr[1].ToString(), out appdata.logValidDays);
                        }
                        if (dr[0].ToString() == "日志是否记录读操作" && dr[1].ToString() == "true")
                        {
                            appdata.isLogRead = true;
                        }
                        if (dr[0].ToString() == "日志是否记录执行操作" && dr[1].ToString() == "true")
                        {
                            appdata.isLogExecute = true;
                        }
                        if (dr[0].ToString() == "日志是否记录管理操作" && dr[1].ToString() == "true")
                        {
                            appdata.isLogManage = true;
                        }
                        if (dr[0].ToString() == "日志是否记录安全信息" && dr[1].ToString() == "true")
                        {
                            appdata.isLogSafe = true;
                        }
                        if (dr[0].ToString() == "日志是否记录错误信息" && dr[1].ToString() == "true")
                        {
                            appdata.isLogError = true;
                        }
                    }
                }
                //若启用了日志,且程序有效期内未清除过或清除时间超过24小时, 则清除过期日志
                if (appdata.isLog && (appdata.lastClearLogDate == null || (DateTime.Now - (DateTime)appdata.lastClearLogDate).TotalHours > 24))
                {
                    sql = string.Format("delete log where (applicationid='{0}' or logtype='全局安全') and logdate<'{1}'", appid, DateTime.Now.AddDays(-appdata.logValidDays));
                    conn.executeCommand(sql);
                    appdata.lastClearLogDate = DateTime.Now;

                    //sql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", appid, DateTime.Now, "系统", "系统执行了一次过期日志清理。");
                    //conn.executeCommand(sql);
                }

                #endregion

                if (appdata.isLog && appdata.isLogSafe)
                {
                    string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
                    sql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", appid, DateTime.Now, "安全", "用户" + userName + "从" + ip + "登录了系统。");
                    conn.executeCommand(sql);
                }
            }
        }
Ejemplo n.º 2
0
        public bool UpdateUserPassword(string userid, string password)
        {
            if (apps[applicationid].isLog && apps[applicationid].isLogManage)  //日志
            {
                string logcontent = string.Format("管理员{0}更新用户ID为{1}的口令。", OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name, userid);
                string logsql     = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", applicationid, DateTime.Now, "管理", logcontent);
                connManage.executeCommand(logsql);
            }

            string sql = string.Format("update users set password='******' where userid='{0}'", userid, DES.EncryptString(password, DES.theKey));

            return(connManage.executeCommand(sql));
        }
Ejemplo n.º 3
0
        public bool AddNewUser(string username, string password)
        {
            if (apps[applicationid].isLog && apps[applicationid].isLogManage)  //日志
            {
                string logcontent = string.Format("管理员{0}添加了名为{1}的用户。", OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name, username);
                string logsql     = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", applicationid, DateTime.Now, "管理", logcontent);
                connManage.executeCommand(logsql);
            }
            string appid = DataService.users[OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name].appID;
            string sql   = string.Format("insert users (applicationid, username,password) values ('{0}','{1}','{2}')", appid, username, DES.EncryptString(password, DES.theKey));

            return(connManage.executeCommand(sql));
        }
Ejemplo n.º 4
0
        public bool UpdateSelfInfomation(string Alias, string Password, string Email)
        {
            string userid = DataService.users[OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name].userID;
            string sql    = string.Format("update users set alias='{1}',password='******',email='{3}' where userid='{0}'", userid, Alias, DES.EncryptString(Password, DES.theKey), Email);

            if (apps[applicationid].isLog && apps[applicationid].isLogManage)  //日志
            {
                string logcontent = string.Format("用户{0}更新了自已的信息。", OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name);
                string logsql     = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", applicationid, DateTime.Now, "管理", logcontent);
                connManage.executeCommand(logsql);
            }
            return(connManage.executeCommand(sql));
        }