public override bool ValidateUser(string username, string password) { EmployeeWithAuthes employeeWithAuthes = EmployeeBll.Login(username, password); if (employeeWithAuthes.employee != null && employeeWithAuthes.employee.id > 0) { if (username.Equals("admin")) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(20), true, "{\"0\":\"all\"}", "/"); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.HttpOnly = true; HttpContext.Current.Response.Cookies.Add(cookie); addCookieForEmployee(employeeWithAuthes.employee); HttpContext.Current.Session["login_code"] = 0; return(true); } else if (employeeWithAuthes.roleAuthes != null && employeeWithAuthes.roleAuthes.Length > 0) { Dictionary <string, string> purviews = new Dictionary <string, string>(employeeWithAuthes.roleAuthes.Length); foreach (RoleAuth auth in employeeWithAuthes.roleAuthes) { purviews.Add(auth.menu_id.ToString(), auth.purview); } //add userid purviews.Add("-1", employeeWithAuthes.employee.id.ToString()); string roleString = Json.Encode(purviews); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(20), true, roleString, "/"); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.HttpOnly = true; HttpContext.Current.Response.Cookies.Add(cookie); addCookieForEmployee(employeeWithAuthes.employee); HttpContext.Current.Session["login_code"] = 0; return(true); } else { //未激活或权限未分配 HttpContext.Current.Session["login_code"] = -2; } } else { //用户名或密码错误 HttpContext.Current.Session["login_code"] = -1; } return(false); }
public static EmployeeWithAuthes Login(string username, string password) { //这个函数返回的类型具有层次结构,故直接实体类返回还是比较合理,这种情况用dynamic确实不合适 EmployeeWithAuthes retValue = new EmployeeWithAuthes(); using (MySqlConnection conn = DBUtility.OpenConnection()) {//db该不该释放用Iqueryable就知道了 try { retValue.employee = EmployeeDal.Login(username, password, conn); if (retValue.employee != null && !username.Equals("admin")) { //非管理员查询对应权限 retValue.roleAuthes = RoleAuthDal.GetRoleAuths(retValue.employee.role_id, conn); } } catch (Exception ex) { Console.WriteLine(ex.Message); } } return(retValue); }