public void AES_Decrp_Test()
{
var str = "bbbbb";
var strCry = CryptographyUtil.AESDecryptServer(str);
Console.WriteLine(strCry);
}
/// <summary>
/// Creates and inserts a new user with the given username and password into the database.
/// </summary>
private User InsertNewUser(string username, string plaintextPassword, string phoneNumber = null)
{
// TODO apply validation to username and password
User u = new User()
{
Username = username,
PhoneNumber = phoneNumber
};
CryptographyUtil.SetUserPassword(u, plaintextPassword);
// insert this user, and get the id
using (var s = sqlManager.EstablishDataConnection)
{
var cmd = s.CreateCommand();
cmd.CommandText = "INSERT INTO [User] (Username, PasswordHash, HMACKey, PhoneNumber) OUTPUT INSERTED.UserID VALUES (@Username, @PasswordHash, @HMACKey, @PhoneNumber);";
cmd.Parameters.AddWithValue("@Username", u.Username);
cmd.Parameters.AddWithValue("@PasswordHash", u.PasswordHash);
cmd.Parameters.AddWithValue("@HMACKey", u.HMACKey);
cmd.Parameters.AddWithValue("@PhoneNumber", (object)u.PhoneNumber ?? DBNull.Value);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
u.UserId = (ulong)reader.GetInt64(0);
}
reader.Close();
}
}
// return the new User object
return(u);
}
/// <summary>
/// 生成UserToken
/// 作者:苑峰 时间:2009-8-13
/// 修改: 时间:
/// </summary>
/// <param name="CustID"></param>
/// <param name="RealName"></param>
/// <param name="NickName"></param>
/// <param name="OuterID"></param>
/// <param name="key"></param>
/// <param name="ErrMsg"></param>
/// <returns></returns>
public string GenerateUserToken(string CustID, string RealName, string UserName, string NickName, string OuterID, string CustType, string LoginAuthenName, string LoginAuthenType, string key, out string ErrMsg)
{
string UserTokenVaule = "";
ErrMsg = "";
try
{
string TokenStr = System.Configuration.ConfigurationManager.AppSettings["TokenStr"];
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
//Digest = Base64(3Des(SHA1(CustID + RealName+ UserName+NickName+ Timestamp+OuterID+CustType+TokenStr)))
StringBuilder sbDigest = new StringBuilder();
sbDigest.Append(CustID);
sbDigest.Append(RealName);
sbDigest.Append(UserName);
sbDigest.Append(NickName);
sbDigest.Append(TimeStamp);
sbDigest.Append(OuterID);
sbDigest.Append(CustType);
sbDigest.Append(LoginAuthenName);
sbDigest.Append(LoginAuthenType);
sbDigest.Append(TokenStr);
string Digest = CryptographyUtil.GenerateAuthenticator(sbDigest.ToString(), key);
//Base64(3DES(CustID +"$"+ RealName+ "$"+ UserName +"$"+NickName +“$”+Timestamp+"$"+OuterID +"$"+CustType+"$"+TokenStr+ "$"+ Digest))
StringBuilder sbUsertokenValue = new StringBuilder();
sbUsertokenValue.Append(CustID);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(RealName);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(UserName);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(NickName);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(TimeStamp);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(OuterID);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(CustType);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(LoginAuthenName);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(LoginAuthenType);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(TokenStr);
sbUsertokenValue.Append("$");
sbUsertokenValue.Append(Digest);
UserTokenVaule = CryptographyUtil.Encrypt(sbUsertokenValue.ToString(), key);
}
catch (System.Exception ex)
{
UserTokenVaule = "";
ErrMsg = ex.Message;
}
return(UserTokenVaule);
}
private UserToken MakeUserToken(ControllerBase controllerContext, User user)
{
// get a user token for this suer
var ut = CryptographyUtil.MakeUserToken(user);
// insert a new user token
InsertToken(ut);
// TODO: re-use tokens that are already valid instead of just inserting new ones
// TODO: Consider tracking user agent with user tokens
controllerContext.Response.StatusCode = 200;
// delete the cookie
controllerContext.Response.Cookies.Delete("auth_token");
// set up cookies
controllerContext.Response.Cookies.Append("auth_token", ut.Token, new Microsoft.AspNetCore.Http.CookieOptions()
{
HttpOnly = true
});
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, user.Username),
new Claim(ClaimTypes.NameIdentifier, $"{user.UserId}")
};
var userid = new ClaimsIdentity(claims, "auth_token");
var pr = new ClaimsPrincipal(userid);
controllerContext.HttpContext.SignInAsync(pr).Wait();
return(ut);
}
protected void Page_Load(object sender, EventArgs e)
{
string comefrom_url = HttpContext.Current.Request.ServerVariables["HTTP_REFERER"];
Response.Write("-----------");
bool se = HttpContext.Current.Request.IsSecureConnection;
bool au = HttpContext.Current.Request.IsAuthenticated;
Response.Write("se=" + se);
Response.Write("au=" + au);
Response.Write("-----------");
//Response.AddHeader("P3P", "CP=CAO PSA OUR");
String SrcSsDeviceNo = "3500000000408201";
String UDBKey = "3C67B5657DF383DFE5FDBC449FFC850B8EB79459AA369011";
String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
String ReturnUrl = "http://go.118114.cn";
String digest = String.Empty, PassportLoginRequestValue = String.Empty;
digest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(SrcSsDeviceNo + TimeStamp + ReturnUrl));
PassportLoginRequestValue = HttpUtility.UrlEncode(SrcSsDeviceNo + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + ReturnUrl + "$" + digest, UDBKey));
Response.Write(digest + "<br/>");
Response.Write(PassportLoginRequestValue + "<br/>");
this.hdUDBUrl.Value = "http://Service.Passport.189.cn/Logon/UDBCommon/S/PassportLogin.aspx?PassportLoginRequest=" + PassportLoginRequestValue;
Response.Write("-----------");
}
/// <summary>
/// 客户信息平台的接收邮箱认证解密地址
/// 作者:周涛 时间:2009-9-09
/// </summary>
public static List <string> DecryptEmailURL(string URL, HttpContext context)
{
List <string> list = new List <string>();
try
{
string[] arrTemp = URL.Split('=');
URL = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(arrTemp[1]))));
string[] arrParam = URL.Split('$');
SPInfoManager spInfo = new SPInfoManager();
Object SPData = spInfo.GetSPData(context, "SPData");
string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
string Digest = CryptographyUtil.GenerateAuthenticator(arrParam[0] + "$" + arrParam[1] + "$" + arrParam[2], key);
if (Digest.Equals(arrParam[3]))
{
for (int i = 0; i < arrParam.Length - 1; i++)
{
list.Add(arrParam[i]);
}
}
else
{
list = null;
}
}
catch (System.Exception ex)
{
list = null;
}
return(list);
}
public void TestLogin()
{
var user = new User()
{
UserId = 0,
Username = "******"
};
// set the user's password and hmac key
CryptographyUtil.SetUserPassword(user, "Password123");
var pw1 = new byte[user.PasswordHash.Length];
Array.Copy(user.PasswordHash, pw1, user.PasswordHash.Length);
Assert.True(CryptographyUtil.VerifyUserPassword(user, "Password123"));
Assert.False(CryptographyUtil.VerifyUserPassword(user, "Password123!"));
// if the HMAC key is set again, all passwords will be invalidated
CryptographyUtil.SetUserHMACKey(user);
Assert.False(CryptographyUtil.VerifyUserPassword(user, "Password123"));
CryptographyUtil.SetUserPassword(user, "Password123");
Assert.True(CryptographyUtil.VerifyUserPassword(user, "Password123"));
// assert that the password hash is different because the hmac keys have changed too
Assert.False(CryptographyUtil.CryptographicCompare(pw1, user.PasswordHash));
}
public void SaveCurrentLoginCookies()
{
if (!IsLogged)
{
return;
}
if (Response == null)
{
return;
}
var loginUser = CurrentUser;
var loginInfoCookie = Response.Cookies[cookieLoginInfoKey];
loginInfoCookie = (loginInfoCookie ?? new HttpCookie(cookieLoginInfoKey));
var passwordHash = CryptographyUtil.ComputeMD5(loginUser.Password);
loginInfoCookie[cookieLoginNameKey] = loginUser.LoginName;
loginInfoCookie[cookiePasswordKey] = passwordHash;
Response.Cookies.Set(loginInfoCookie);
}
public CryptographyUtilTests()
{
var salt = CryptographyUtil.GenerateRandomString(16);
var iv = CryptographyUtil.GenerateIv();
_cryptography = new CryptographyUtil(salt, iv);
}
public void SelEmail()
{
string username = HttpUtility.HtmlDecode(Request.QueryString["name"].ToString());
string email = HttpUtility.HtmlDecode(Request.QueryString["email"].ToString());
if (!ValidateValidateCode())
{
Response.Write("验证码错误,请重新输入");
return;
}
else
{
int i = SetMail.FindPwdByEmail(username, email, out Msg);
if (i == 0)
{
string[] str = FindPwd.SelPwdByEmailandName(username, email, out Msg);
string Pwd = CryptographyUtil.Decrypt(str[1].ToString());
string CustId = str[0].ToString();
int y = SetMail.InsertEmailSendMassage(CustId, "2", "您的密码是:" + Pwd, "", 1, email, DateTime.Now, "找回密码", "中国电信号码百事通:找回密码", 0, out Msg);
Response.Write(y);
}
else
{
Response.Write(Msg);
}
}
}
/// <summary>
/// 根据不同的业务系统提供的url对url参数进行解析
/// 最终list<string>一次是:CustID、Email、Time和Digest
/// </summary>
public static List <String> DecryptEmailURL(String SPID, String CustID, String Email, String Url, HttpContext context)
{
List <String> list = new List <String>();
try
{
String urlParameter = Url.Split('=')[1];
String decryptParameter = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(urlParameter))));
String[] parArray = decryptParameter.Split('$');
//获取对应SPID的key
SPInfoManager spInfo = new SPInfoManager();
Object SPData = spInfo.GetSPData(context, "SPData");
String key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
string Digest = CryptographyUtil.GenerateAuthenticator(parArray[0] + "$" + parArray[1] + "$" + parArray[2], key);
if (Digest.Equals(parArray[3]))
{
for (int i = 0; i < parArray.Length - 1; i++)
{
list.Add(parArray[i]);
}
}
else
{
list = null;
}
}
catch (Exception ex)
{
list = null;
}
return(list);
}
public void AES_Encry_Test()
{
var str = "aaaaa";
var strCry = CryptographyUtil.AESEncryServer(str);
Console.WriteLine(strCry);
}
public void ValidateRequest()
{
LoggingUtility log = LoggerFactory.GetLogger();
string userIdParam, userId, hash, newHash, timeStamp;
userIdParam = HttpContext.Current.Request.QueryString[requestUserIdParam];
log.Debug("HBUserManager.ValidateRequest.userIdParam=" + userIdParam);
if (!(string.IsNullOrEmpty(userIdParam)) && (userIdParam.Length > 32))
{
timeStamp = DateTime.UtcNow.ToString(dateFormat);
log.Debug("HBUserManager.ValidateRequest.timeStamp=" + timeStamp);
hash = userIdParam.Substring(0, 32);
log.Debug("HBUserManager.ValidateRequest.SentHash=" + hash);
userId = userIdParam.Substring(32, userIdParam.Length - hash.Length);
log.Debug("HBUserManager.ValidateRequest.userId=" + userId);
//create new hash to compare it with the HB hash
newHash = new CryptographyUtil().CalculateMD5(userId + ":" + hashSecret + ":" + timeStamp);
//newHash = new HourlyDigest().CalculateMD5("");
log.Debug("HBUserManager.ValidateRequest.newHash=" + newHash);
if (newHash == hash)
{
log.Debug("HBUserManager.ValidateRequest.newHashEqualsOldHash=true");
Authenticate(userId);
}
else
{
log.Debug("HBUserManager.ValidateRequest.newHashEqualsOldHash=false");
}
}
HttpContext.Current.Response.Redirect("../Offer");
}
/// <summary>
/// 解析积分商城登录(login2.aspx)的请求参数
/// 比以前login.aspx多了AuthenName和Password
/// </summary>
public static int ParseJFLoginRequest(string SourceStr, HttpContext context, out string SPID, out string UAProvinceID,
out string AuthenType, out string AuthenName, out string Password, out string ReturnURL, out string ErrMsg)
{
int Result = ErrorDefinition.IError_Result_UnknowError_Code;
ErrMsg = "";
SPID = "";
UAProvinceID = "";
AuthenType = "";
AuthenName = "";
Password = "";
ReturnURL = "";
string TimeStamp = "";
string Digest = "";
try
{
string[] alSourceStr = SourceStr.Split('$');
SPID = alSourceStr[0].ToString();
SPInfoManager spInfo = new SPInfoManager();
Object SPData = spInfo.GetSPData(context, "SPData");
string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
// string ScoreSystemSecret = System.Configuration.ConfigurationManager.AppSettings["ScoreSystemSecret"]
string EncryptSourceStr = alSourceStr[1].ToString();
string RequestStr = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret);
string[] alRequest = RequestStr.Split('$');
//加密方式:Base64(Encrypt(UAProvinceID + “$” + SourceType+ “$”ReturnURL + “$”+ TimeStamp + “$”+ Digest))
//Digest = Base64(Hash(UAProvinceID + “$”+ SourceType + “$” + ReturnURL + “$”+ TimeStamp))
UAProvinceID = alRequest[0].ToString();
AuthenType = alRequest[1].ToString();
AuthenName = alRequest[2].ToString();
Password = alRequest[3].ToString();
ReturnURL = alRequest[4].ToString();
TimeStamp = alRequest[5].ToString();
Digest = alRequest[6].ToString();
//校验摘要 Digest 信息
string NewDigest = UAProvinceID + "$" + AuthenType + "$" + AuthenName + "$" + Password + "$" + ReturnURL + "$" + TimeStamp;
NewDigest = CryptographyUtil.GenerateAuthenticator(NewDigest, ScoreSystemSecret);
if (Digest != NewDigest)
{
Result = ErrorDefinition.IError_Result_InValidAuthenticator_Code;
ErrMsg = "无效的Digest";
return(Result);
}
Result = 0;
}
catch (Exception e)
{
Result = ErrorDefinition.IError_Result_System_UnknowError_Code;
ErrMsg = e.Message;
}
return(Result);
}
private void DoDownload(bool auto)
{
if (Bytes == null || Bytes.Length == 0)
{
return;
}
var context = HttpContext.Current;
var server = context.Server;
var response = context.Response;
if (response.HeadersWritten())
{
return;
}
var correctFileName = (String.IsNullOrWhiteSpace(FileName) ? "Unknown" : FileName);
var urlFileName = HttpUtility.UrlPathEncode(correctFileName);
if (auto)
{
var disposition = new ContentDisposition
{
FileName = urlFileName,
Inline = false,
};
response.Clear();
response.Buffer = true;
response.ContentType = "application/octet-stream";
response.AddHeader("Content-Disposition", disposition.ToString());
response.BinaryWrite(Bytes);
response.End();
}
else
{
var currentFileHash = CryptographyUtil.ComputeMD5(Bytes);
var fullFileName = String.Format("{0}_{1}", currentFileHash, correctFileName);
var tempFolderVirtualPath = "~/Temp";
var tempFileVirtualName = String.Format("{0}/{1}", tempFolderVirtualPath, fullFileName);
var tempFolderPath = server.MapPath(tempFolderVirtualPath);
if (!Directory.Exists(tempFolderPath))
{
Directory.CreateDirectory(tempFolderPath);
}
var tempFilePath = server.MapPath(tempFileVirtualName);
if (!File.Exists(tempFilePath))
{
File.WriteAllBytes(tempFilePath, Bytes);
}
response.Clear();
response.Redirect(tempFileVirtualName);
}
}
public String getMD5Str(String source)
{
String Md5_digest = String.Empty;
byte[] md5bytes = CryptographyUtil.MD5Encrypt(source);
Md5_digest = CryptographyUtil.byteToHexStr(md5bytes);
return(Md5_digest);
}
protected void SetAuthenPhoneBtn_Click(object sender, EventArgs e)
{
LoginPassword = Request["LoginPassword"];
Phone = Request["Phone"];
AuthenCode = Request["AuthenCode"];
CheckCode = Request["CheckCode"];
// 校验LoginPassword
try
{
if (!CommonUtility.ValidateValidateCode(HttpUtility.HtmlDecode(CheckCode), this.Context))
{
errorHint.InnerHtml = "<script type='text/javascript'>showError('验证码校验未通过!')</script>";
return;
}
else
{
string webpwd = CryptographyUtil.Encrypt(LoginPassword);
int i = FindPwd.SelState(CustID, webpwd, out ErrMsg);
if (i != 0)
{
errorHint.InnerHtml = "<script type='text/javascript'> $('#LoginPassword').attr('value','" + LoginPassword + "');$('#Phone').attr('value','" + Phone + "');$('#AuthenCode').attr('value','" + AuthenCode + "');$('#CheckCode').attr('value','" + CheckCode + "');showError('登录密码输入错误,请重新输入!')</script>";
return;
}
else
{
Result = PhoneBO.SelSendSMSMassage(CustID, Phone, AuthenCode, out ErrMsg); // 校验手机验证码
if (Result == 0)
{
Result = PhoneBO.PhoneSetV2(SPID, CustID, Phone, "2", "2", out ErrMsg);
if (Result == 0)
{
//跳转
errorHint.InnerHtml = "<script type='text/javascript'>showError('认证手机设置成功!')</script>";
//Response.Redirect("m.114yg.cn",true);
return;
}
else
{
errorHint.InnerHtml = "<script type='text/javascript'>showError('" + ErrMsg + "!')</script>";
return;
}
}
else
{
errorHint.InnerHtml = "<script type='text/javascript'>showError('" + ErrMsg + "!')</script>";
return;
}
}
}
}
catch (Exception exp)
{
errorHint.InnerHtml = "<script type='text/javascript'>showError('" + exp.ToString() + "!')</script>";
return;
}
}
protected void CheckToken()
{
StringBuilder strLog = new StringBuilder();
String LocalCookie = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
String UnifyPlatformCookie = ConfigurationManager.AppSettings["UnifyPlatformCookieName"];
isLogin = "******";
welcomeName = "0";
encryptCustIDValue = "0";
if (PageUtility.IsCookieExist(UnifyPlatformCookie, this.Context)) // unifyplatform token
{
if (PageUtility.IsCookieExist(LocalCookie, this.Context)) // local token
{
ParseToken(Request.Cookies.Get(LocalCookie).Value);
}
else //建立localtoken
{
string UnifyPlatformToken = Request.Cookies.Get(UnifyPlatformCookie).Value;
PageUtility.SetCookie(UnifyPlatformToken, LocalCookie, this.Page);
ParseToken(Request.Cookies.Get(LocalCookie).Value);
}
}
else // 全局token不存在 unifyAccountCheck 检查登录状态
{
if (IsUnifyPlatformChannel() && Bidirectional())
{
//检查登录状态
if (!CommonUtility.IsParameterExist("UnifyAccountCheckResult", this.Page))
{
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId;
string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret;
string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion;
string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType;
string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType;
string format = "redirect";
String returnURL = HttpUtility.UrlEncode(UDBConstDefinition.DefaultInstance.UnifyAccountCheckCallBackUrl + "?SPID=35000000");
string parameters = "&timeStamp=" + TimeStamp + "&accoutType=" + accountType + "&returnURL=" + returnURL;
strLog.AppendFormat("参数:{0}\r\n", parameters);
string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret);
strLog.AppendFormat("参数:{0},paras:{1}\r\n", parameters, paras);
string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret);
strLog.AppendFormat("sign:{0}\r\n", sign);
String UnifyAccountCheckUrl = UDBConstDefinition.DefaultInstance.UnifyAccountCheckUrl;
UnifyAccountCheckUrl = UnifyAccountCheckUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect";
strLog.AppendFormat(" Redirect to UnifyAccountCheckUrl:{0}\r\n", UnifyAccountCheckUrl);
log(strLog.ToString());
Response.Redirect(UnifyAccountCheckUrl, false);
}
if (PageUtility.IsCookieExist(LocalCookie, this.Context)) // 局部token 存在
{
PageUtility.ExpireCookie(LocalCookie, this.Page);
}
}
}
}
protected void CreateUnifyPlatformLoginRequest()
{
string unifyPlatformLogonUrl = UDBConstDefinition.DefaultInstance.UnifyPlatformLogonUrl; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_LogonUrl"]; // 综合平台回调客户信息平台地址
//unifyPlatformLogonUrl = unifyPlatformLogonUrl + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL);
string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"];
string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"];
string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"];
string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"];
string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_accountType"];
string pageKey = UDBConstDefinition.DefaultInstance.UnifyPlatformPageKey; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_pageKey"];
string businessPage = UDBConstDefinition.DefaultInstance.UnifyPlatformBusinessPage; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_businessPage"];
string thirdAccount = UDBConstDefinition.DefaultInstance.UnifyPlatformThirdAccount; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_thirdAccount"];
string mustBind = UDBConstDefinition.DefaultInstance.UnifyPlatformMustBind; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_mustBind"];
string quicklogin = UDBConstDefinition.DefaultInstance.UnifyPlatformQuicklogin; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_quicklogin"];
string returnURL = UDBConstDefinition.DefaultInstance.UnifyPlatformCallBackUrl; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatformCallBackUrl"];
string regReturnUrl = UDBConstDefinition.DefaultInstance.UnifyPlatformWebRegisterCallBackUrl;
//returnURL = returnURL + "?SPID=" + SPID + "&ReturnUrl="+ HttpUtility.UrlEncode(ReturnURL);
returnURL = HttpUtility.UrlEncode(returnURL + "?SPID=" + SPID + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL));
regReturnUrl = HttpUtility.UrlEncode(regReturnUrl + "?SPID=" + SPID + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL));
string format = "redirect";
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
if (String.IsNullOrEmpty(accountType))
{
accountType = "01"; //accountType 01(手机,邮箱,别名) ,02 所有账号包括互联网账号?
}
if (String.IsNullOrEmpty(pageKey))
{
pageKey = "default";
}
if (String.IsNullOrEmpty(thirdAccount))
{
thirdAccount = "yes";
}
if (String.IsNullOrEmpty(mustBind))
{
mustBind = "yes";
}
if (String.IsNullOrEmpty(quicklogin))
{
quicklogin = "******";
}
string parameters = "timeStamp=" + TimeStamp + "&returnURL=" + returnURL + "&accoutType=" + accountType + "&zhUserName=&pageKey=" + pageKey + "&businessPage=" + businessPage + "&thirdAccount=" + thirdAccount + "&mustBind=" + mustBind + "&quicklogin="******"®ReturnUrl=" + regReturnUrl;
string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret);
string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret);
login189Url = unifyPlatformLogonUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect";
if ("35433333".Equals(SPID))
{
//login189Url = unifyPlatformLogonUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect&btnC=blue";
login189Url = login189Url + "&btnC=blue";
}
log("login189Url=" + login189Url);
}
protected void register_Click(object sender, EventArgs e)
{
string mobile = this.mobile.Text;
string checkCode = this.checkCode.Text;
string password = this.password.Text;
string password2 = this.password2.Text;
//判断手机验证码
if (checkCode != null && !"".Equals(checkCode))
{
Result = PhoneBO.SelSendSMSMassage("", mobile, checkCode, out ErrMsg);
if (Result != 0)
{
errorHint.InnerHtml = "手机验证码错误,请重新输入";
return;
}
}
Result = UserRegistry.quickUserRegistryWeb(SPID, password, mobile, "2", out CustID, out ErrMsg);
if (Result != 0)
{
CommonBizRules.ErrorHappenedRedircet(Result, ErrMsg, "用户注册", this.Context);
return;
}
SPInfoManager spInfo = new SPInfoManager();
Object SPData = spInfo.GetSPData(this.Context, "SPData");
string key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
string Digest = CryptographyUtil.GenerateAuthenticator(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg, key);
string temp = SPID + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg + "$" + Digest, key);
string RegistryResponseValue = HttpUtility.UrlEncode(temp);
log(String.Format("key:{0},Digest:{1},temp:{2},RegistryResponseValue:{3}", key, Digest, temp, RegistryResponseValue));
//给用户写cookie
UserToken UT = new UserToken();
string key2 = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData);
string RealName = mobile;
string UserName = mobile;
string NickName = mobile;
// CustID, RealName, UserName, NickName, OuterID, CustType, string LoginAuthenName, string LoginAuthenType,string key, out string ErrMsg
string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, "", "42", UserName, "1", key2, out ErrMsg);
string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
PageUtility.SetCookie(UserTokenValue, CookieName, this.Page);
//通知积分平台
CIP2BizRules.InsertCustInfoNotify(CustID, "2", SPID, "", "0", out ErrMsg);
//记登录日志
CommonBizRules.WriteDataCustAuthenLog(SPID, CustID, "35", "0", "", "2", Result, ErrMsg);
Response.Redirect(ReturnUrl + "?RegistryResponse=" + RegistryResponseValue, true);
}
public bool Login(String loginName, String password, bool encryptedPassword)
{
if (ProjectID == null)
{
return(false);
}
if (IsLogged && defComparer.Equals(CurrentUser.LoginName, loginName))
{
if (encryptedPassword)
{
var passwordHash = CryptographyUtil.ComputeMD5(CurrentUser.Password);
if (defComparer.Equals(passwordHash, password))
{
return(true);
}
}
else if (CurrentUser.Password == password)
{
return(true);
}
}
ResetInstanceData();
var token = UserManagementProxy.Login(loginName, password, encryptedPassword);
var success = token != null;
if (success)
{
var loginUser = UserManagementProxy.GetCurrentUser(token.Value);
if (loginUser == null)
{
return(false);
}
var userGroups = UserManagementProxy.GetUserGroups(token.Value, loginUser.ID, ProjectID.Value);
if (!loginUser.IsSuperAdmin && !IgnoreGroupMembership && (userGroups == null || userGroups.Count == 0))
{
return(false);
}
currentToken = token;
currentUser = loginUser;
currentUserGroups = userGroups;
SaveCurrentTokenCookies();
}
LogEvent("LoginByName", loginName, password, token, success);
return(success);
}
/// <summary>
/// 根据SPID对业务平台加密的数据进行验证
/// </summary>
public static Int32 ValidateSPIDData(String SPID, String encryptStr, out String ErrMsg)
{
Int32 result = ErrorDefinition.BT_IError_Result_UnknowError_Code;
ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg;
try
{
//根据SPID获取key
SPInfoManager spinfo = new SPInfoManager();
Object SPData = spinfo.GetSPData(HttpContext.Current, "SPData");
String key = spinfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
//根据key无法解密则数据或key不正确
String decryptStr = CryptographyUtil.Decrypt(encryptStr, key);
if (String.IsNullOrEmpty(decryptStr))
{
ErrMsg = "数据解密出错";
return(result);
}
//数组最少为2维:原始数据+Digest
String[] tempArray = decryptStr.Split('$');
Int32 len = tempArray.Length;
if (len <= 2)
{
ErrMsg = "数据格式有误";
return(result);
}
String Digest = tempArray[len - 1];
StringBuilder tempStr = new StringBuilder();
Int32 i = 0;
foreach (String temp in tempArray)
{
if (i == len - 1)
{
break;
}
tempStr.Append(temp + "$");
i++;
}
String newDigest = CryptographyUtil.Encrypt(tempStr.ToString().TrimEnd('$'), key);
if (newDigest.Equals(Digest))
{
result = 0;
}
}
catch (Exception ex)
{
ErrMsg += ex.Message;
}
return(result);
}
public static BlogConfig New()
{
return(new BlogConfig
{
Id = BlogConfig.Key,
CustomCss = "hibernatingrhinos",
FuturePostsEncryptionKey = CryptographyUtil.GenerateKey(),
FuturePostsEncryptionSalt = CryptographyUtil.GenerateRandomString(16),
FuturePostsEncryptionIv = CryptographyUtil.GenerateIv()
});
}
/// <summary>
/// Checks if the given username and password are valid.
/// </summary>
/// <returns>
/// A User object for this user if the password matches, null otherwise.
/// </returns>
private User CheckUsernamePassword(string username, string password)
{
// get the User for the given username
var user = GetUser(username);
if (user != null && CryptographyUtil.VerifyUserPassword(user, password))
{
return(user);
}
return(null);
}
/// <summary>
/// 拼凑UDB用户信息查询xml
/// </summary>
public static String BuildAccountInfoQueryXml(String SrcSsDeviceNo, String AuthSsDeviceNo, String UDBTicket)
{
String returnXml = String.Empty;
String timeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
String key = String.Empty;
String digest = CryptographyUtil.Decrypt(SrcSsDeviceNo + AuthSsDeviceNo + UDBTicket + timeStamp, key);
//声明xml文档
XmlDocument xmlDoc = new XmlDocument();
XmlElement xmlElem;
XmlText elemText;
//添加声明
XmlDeclaration xmlDeclare = xmlDoc.CreateXmlDeclaration("1.0", "utf-8", null);
xmlDoc.AppendChild(xmlDeclare);
XmlElement rootNode = xmlDoc.CreateElement("AccountInfoCheckRequest");
xmlElem = xmlDoc.CreateElement("Authenticator");
elemText = xmlDoc.CreateTextNode(digest);
xmlElem.AppendChild(elemText);
rootNode.AppendChild(xmlElem);
xmlElem = xmlDoc.CreateElement("SrcSsDeviceNo");
elemText = xmlDoc.CreateTextNode(SrcSsDeviceNo);
xmlElem.AppendChild(elemText);
rootNode.AppendChild(xmlElem);
xmlElem = xmlDoc.CreateElement("AuthSsDeviceNo");
elemText = xmlDoc.CreateTextNode(AuthSsDeviceNo);
xmlElem.AppendChild(elemText);
rootNode.AppendChild(xmlElem);
xmlElem = xmlDoc.CreateElement("AuthSsDeviceNo");
elemText = xmlDoc.CreateTextNode(AuthSsDeviceNo);
xmlElem.AppendChild(elemText);
rootNode.AppendChild(xmlElem);
xmlElem = xmlDoc.CreateElement("UDBTicket");
elemText = xmlDoc.CreateTextNode(UDBTicket);
xmlElem.AppendChild(elemText);
rootNode.AppendChild(xmlElem);
xmlElem = xmlDoc.CreateElement("TimeStamp");
elemText = xmlDoc.CreateTextNode(timeStamp);
xmlElem.AppendChild(elemText);
rootNode.AppendChild(xmlElem);
xmlDoc.AppendChild(rootNode);
returnXml = xmlDoc.OuterXml;
return(returnXml);
}
/// <summary>
/// 根据业务系统提供的URL加密并发送邮件
/// </summary>
public static String EncryptEmailURl_Client(String SPID, String CustID, String Email, String AuthenCode, HttpContext context)
{
String timeTamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
SPInfoManager spInfo = new SPInfoManager();
Object SPData = spInfo.GetSPData(context, "SPData");
String key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData);
String Digest = CryptographyUtil.GenerateAuthenticator(SPID + "$" + CustID + "$" + Email + "$" + AuthenCode + "$" + timeTamp, key);
String AuthenStrValue = CryptographyUtil.ToBase64String(Encoding.UTF8.GetBytes(CryptographyUtil.Encrypt(SPID + "$" + CustID + "$" + Email + "$" + AuthenCode + "$" + timeTamp + "$" + Digest)));
return(AuthenStrValue);
}
/// <summary>
/// 生成PassportLoginRequest参数
/// </summary>
protected void CreateUdbPassportLoginRequest()
{
UDBReturnURL = System.Configuration.ConfigurationManager.AppSettings["UDBReturnURL"];
UDBReturnURL = UDBReturnURL + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL);
UdbSrcSsDeviceNo = System.Configuration.ConfigurationManager.AppSettings["UdbSrcSsDeviceNo"];
UdbKey = System.Configuration.ConfigurationManager.AppSettings["UdbKey"];
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
String Digest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(UdbSrcSsDeviceNo + TimeStamp + UDBReturnURL));
passportLoginRequestValue = System.Web.HttpUtility.UrlEncode(UdbSrcSsDeviceNo + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + UDBReturnURL + "$" + Digest, UdbKey));
}
protected void CreateUdbPassportLoginRequest(String UserID, String PUserID)
{
String UdbSrcSsDeviceNo = System.Configuration.ConfigurationManager.AppSettings["UdbSrcSsDeviceNo"];
String UdbKey = System.Configuration.ConfigurationManager.AppSettings["UdbKey"];
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
// Digest = SrcSsDeviceNo + UserID + PUserID+TimeStamp+ReturnURL
//PassportLogoutRequestValue = URLEncoding(SrcSsDeviceNo + “$” +Base64(Encrypt(UserID+“$” + PUserID+“$”+TimeStamp+ “$”+ ReturnURL+ “$”+ Digest)))
String Digest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(UdbSrcSsDeviceNo + UserID + PUserID + TimeStamp + ReturnUrl));
passportLogoutRequestValue = System.Web.HttpUtility.UrlEncode(UdbSrcSsDeviceNo + "$" + CryptographyUtil.Encrypt(UserID + "$" + PUserID + "$" + TimeStamp + "$" + ReturnUrl + "$" + Digest, UdbKey));
}
protected void Page_Load(object sender, EventArgs e)
{
//PUserID = Request["PUserID"];
//UserID = Request["UserID"];
//CreateUdbPassportLoginRequest(UserID, PUserID);
//string UdbLogoutWapUrl = System.Configuration.ConfigurationManager.AppSettings["UdbLogoutWapUrl"];
//Response.Redirect(UdbLogoutWapUrl + "?PassportLogoutRequest=" + passportLogoutRequestValue);
StringBuilder strLog = new StringBuilder();
try
{
string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"];
PageUtility.ExpireCookie(CookieName, this.Page);
}
catch (Exception ep)
{
strLog.AppendFormat("异常:{0}\r\n", ep.ToString());
}
try
{
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"];
string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"];
string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"];
string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"];
string format = "redirect";
//string userId = Convert.ToString(accountInfo.userId);
string parameters = "userId=&timeStamp=" + TimeStamp + "&udbUserId=&productUid=&returnURL=" + HttpUtility.UrlEncode(Request["ReturnUrl"] == null ? ConstHelper.DefaultInstance.BesttoneHomePage : Request["ReturnUrl"].ToString());
//string parameters = "userId=&timeStamp=" + TimeStamp + "&udbUserId=&productUid=&returnURL="+HttpUtility.UrlEncode("m.114yg.cn") ;
strLog.AppendFormat("parameters:{0}\r\n", parameters);
string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret);
strLog.AppendFormat("paras:{0}\r\n", paras);
string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret);
strLog.AppendFormat("sign:{0}\r\n", sign);
String UnifyPlatformLogoutUrl = UDBConstDefinition.DefaultInstance.UnifyPlatformLogoutUrl;
strLog.AppendFormat("UnifyPlatformLogoutUrl:{0}\r\n", UnifyPlatformLogoutUrl);
UnifyPlatformLogoutUrl = UnifyPlatformLogoutUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect";
strLog.AppendFormat("UnifyPlatformLogoutUrl:{0}\r\n", UnifyPlatformLogoutUrl);
Response.Redirect(UnifyPlatformLogoutUrl, false);
}
catch (Exception ecp)
{
strLog.AppendFormat("异常:{0}\r\n", ecp.ToString());
}
finally {
WriteLog(strLog.ToString());
}
//Response.Write("<iframe frameborder='1' width='100' height='100' src='" + UnifyPlatformLogoutUrl + "' style='display:none'></iframe>");
}
protected bool IsUnifyPlatformCookieExist(String CookieName, HttpContext context)
{
bool flag = false;
StringBuilder strLog = new StringBuilder();
try
{
if (IsUnifyPlatformChannel())
{
if (!CommonUtility.IsParameterExist("UnifyAccountCheckResult", this.Page))
{
string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"];
string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"];
string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"];
string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"];
string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType;
string format = "redirect";
String returnURL = HttpUtility.UrlEncode(UDBConstDefinition.DefaultInstance.UnifyAccountCheckCallBackUrl + "?SPID=35000000");
string parameters = "&timeStamp=" + TimeStamp + "&accoutType=" + accountType + "&returnURL=" + returnURL;
strLog.AppendFormat("参数:{0}\r\n", parameters);
string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret);
strLog.AppendFormat("参数:{0},paras:{1}\r\n", parameters, paras);
string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret);
strLog.AppendFormat("sign:{0}\r\n", sign);
String UnifyAccountCheckUrl = UDBConstDefinition.DefaultInstance.UnifyAccountCheckUrl;
UnifyAccountCheckUrl = UnifyAccountCheckUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect";
strLog.AppendFormat(" Redirect to UnifyAccountCheckUrl:{0}\r\n", UnifyAccountCheckUrl);
log(strLog.ToString());
Response.Redirect(UnifyAccountCheckUrl, false);
}
else
{
String UnifyAccountCheckResult = Request["UnifyAccountCheckResult"];
flag = "0".Equals(UnifyAccountCheckResult) ? true : false;
}
}
else
{
flag = false;
}
}
catch (Exception e)
{
flag = false;
strLog.AppendFormat("异常:{0\r\n}", e.ToString());
}
finally
{
log(strLog.ToString());
}
return(flag);
}
/// <summary>
/// 密码设置接口
/// </summary>
public static int SetPassword(string SPID, string CustID, string Pwd, string PwdType, string ExtendField, out string ErrMsg)
{
int Result = ErrorDefinition.BT_IError_Result_UnknowError_Code;
ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg;
SqlConnection myCon = null;
SqlCommand cmd = new SqlCommand();
try
{
myCon = new SqlConnection(DBUtility.BestToneCenterConStr);
cmd.Connection = myCon;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "up_Customer_V3_Interface_SetPwd";
SqlParameter parSPID = new SqlParameter("@SPID", SqlDbType.VarChar, 8);
parSPID.Value = SPID;
cmd.Parameters.Add(parSPID);
SqlParameter parCustID = new SqlParameter("@CustID", SqlDbType.VarChar, 16);
parCustID.Value = CustID;
cmd.Parameters.Add(parCustID);
SqlParameter parPwd = new SqlParameter("@Pwd", SqlDbType.VarChar, 50);
parPwd.Value = CryptographyUtil.Encrypt(Pwd);
cmd.Parameters.Add(parPwd);
SqlParameter parPwdType = new SqlParameter("@PwdType", SqlDbType.VarChar, 1);
parPwdType.Value = PwdType;
cmd.Parameters.Add(parPwdType);
SqlParameter parResult = new SqlParameter("@Result", SqlDbType.Int, 4);
parResult.Direction = ParameterDirection.Output;
cmd.Parameters.Add(parResult);
SqlParameter parErrMsg = new SqlParameter("@ErrMsg", SqlDbType.VarChar, 256);
parErrMsg.Direction = ParameterDirection.Output;
cmd.Parameters.Add(parErrMsg);
DBUtility.Execute(cmd, DBUtility.BestToneCenterConStr);
Result = int.Parse(parResult.Value.ToString().Trim());
ErrMsg = parErrMsg.Value.ToString().Trim();
}
catch (Exception e)
{
Result = ErrorDefinition.BT_IError_Result_System_UnknowError_Code;
ErrMsg = ErrorDefinition.BT_IError_Result_System_UnknowError_Msg + e.Message;
}
return(Result);
}
public CryptographyUtilTests()
{
var salt = CryptographyUtil.GenerateRandomString(16);
var iv = CryptographyUtil.GenerateIv();
_cryptography = new CryptographyUtil(salt, iv);
}
