public async Task <IActionResult> Login(LoginModel model, string returnUrl = null) { //验证码应该做加密处理,不然形同虚设 HttpContext.Request.Cookies.TryGetValue("LoginVerifyCode", out var verifyCode); verifyCode = HashEncrypt.DESDecrypt(verifyCode, "hpmcgctr"); if (!model.VerifyCode.Equals(verifyCode, StringComparison.CurrentCultureIgnoreCase)) { return(Json(new { Success = false, Message = "验证码错误!" })); } if (model.UserName != AppSettings.DefaultUserName || model.Password != AppSettings.DefaultPassword) { return(Json(new { Success = false, Message = "用户名或密码错误!" })); } // create claims List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.Name, model.UserName), }; // create identity ClaimsIdentity identity = new ClaimsIdentity(claims, AuthenticationConfig.AuthenticationKey); // create principal ClaimsPrincipal principal = new ClaimsPrincipal(identity); // sign-in await HttpContext.SignInAsync( scheme : AuthenticationConfig.AuthenticationKey, principal : principal, properties : new AuthenticationProperties { IsPersistent = true, // for 'remember me' feature ExpiresUtc = DateTime.UtcNow.AddHours(12), AllowRefresh = false }); returnUrl = returnUrl ?? ViewData["ReturnUrl"] as string; if (!string.IsNullOrWhiteSpace(returnUrl)) { return(Json(new { Success = true, Message = "登录成功!", ReturnUrl = returnUrl })); } return(Json(new { Success = true, Message = "登录成功!", ReturnUrl = "/home/index" })); }