public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
LoginViewModel model = new LoginViewModel();
model.Salt = Guid.NewGuid().ToString().Substring(0,6);
Session["LoginSalt"] = model.Salt;
return View(model);
}
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
logger.Info("Login");
model.Email = KMBit.Util.KMAes.DecryptStringAES(model.EncryptedEmail);
model.Password= KMBit.Util.KMAes.DecryptStringAES(model.EncryptedPassword).Substring(6);
string salt = Session["LoginSalt"].ToString();
logger.Info("User:"******"Password:"******"salt:" + salt);
string postedSalt= KMBit.Util.KMAes.DecryptStringAES(model.EncryptedPassword).Substring(0,6);
logger.Info("postedsalt:" + postedSalt);
if (salt.Trim().ToLower()!=postedSalt.Trim().ToLower())
{
ModelState.AddModelError("", "用户或者密码错误");
return View(model);
}
Session["LoginSalt"] = null;
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(model.Email,returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
logger.Warn("Password or Email is not correct");
ModelState.AddModelError("", "用户或者密码错误");
return View(model);
}
}