public ActionResult Login(string returnUrl) { ViewBag.ReturnUrl = returnUrl; LoginViewModel model = new LoginViewModel(); model.Salt = Guid.NewGuid().ToString().Substring(0,6); Session["LoginSalt"] = model.Salt; return View(model); }
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return View(model); } logger.Info("Login"); model.Email = KMBit.Util.KMAes.DecryptStringAES(model.EncryptedEmail); model.Password= KMBit.Util.KMAes.DecryptStringAES(model.EncryptedPassword).Substring(6); string salt = Session["LoginSalt"].ToString(); logger.Info("User:"******"Password:"******"salt:" + salt); string postedSalt= KMBit.Util.KMAes.DecryptStringAES(model.EncryptedPassword).Substring(0,6); logger.Info("postedsalt:" + postedSalt); if (salt.Trim().ToLower()!=postedSalt.Trim().ToLower()) { ModelState.AddModelError("", "用户或者密码错误"); return View(model); } Session["LoginSalt"] = null; // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false); switch (result) { case SignInStatus.Success: return RedirectToLocal(model.Email,returnUrl); case SignInStatus.LockedOut: return View("Lockout"); case SignInStatus.RequiresVerification: return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }); case SignInStatus.Failure: default: logger.Warn("Password or Email is not correct"); ModelState.AddModelError("", "用户或者密码错误"); return View(model); } }