public async Task <IActionResult> Logon(string username, string userpwd, string language, string returnUrl) { string errorMsg = string.Empty; string currLanguage = language.IsMissing() ? "ZhCn" : language; //管理员账号 var developer = FapPlatformConstants.Administrator; //获取用户 FapUser loginUser = _loginService.Login(username); Employee emp = null; LocalRedirectResult errorResult = CheckUser(); if (errorResult != null) { return(errorResult); } LoginLogging(); var claimsPrincipal = CreateClaimsPrincipal(); var authenticationProperties = CreateAuthenticationProperties(); //设置当前角色为普通员工 //_applicationContext.CurrentRoleUid =FapPlatformConstants.CommonUserRoleFid; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, authenticationProperties).ConfigureAwait(false); return(Redirect()); LocalRedirectResult CheckUser() { PasswordHasher passwordHasher = new PasswordHasher(); if (loginUser == null) { errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_exist_user", "不存在此用户"); } else if (loginUser.EnableState == 0) { errorMsg = GetOrAddPageMultiLanguageContent("login_page_forbidden_user", "该账户已被禁用"); } else if (loginUser.IsLocked == 1) { errorMsg = GetOrAddPageMultiLanguageContent("login_page_lock_user", "该账户暂被锁定"); } else if (!passwordHasher.VerifyHashedPassword(loginUser.UserPassword, userpwd)) { errorMsg = GetOrAddPageMultiLanguageContent("login_page_password_error", "密码不正确"); //增加尝试次数,超过5次冻结 _loginService.AddTryTimes(loginUser); } else if (loginUser.UserIdentity.IsMissing() && loginUser.UserName != developer) { errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_mapping_employee", "此用户没有关联人员信息"); } else { if (loginUser.UserIdentity.IsMissing()) { if (loginUser.UserName.EqualsWithIgnoreCase(developer)) { emp = new Employee { Fid = "00000000000000000000", EmpCode = "Administrator", EmpName = "Administrator" }; } else { errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_find_mapping_employee", "用户关联的人员不存在"); } } else { emp = _dbContext.QueryFirstOrDefault <Employee>("select Fid,EmpCode,EmpName,DeptUid,DeptCode,EmpPhoto,GroupUid,OrgUid from Employee where Fid=@Fid", new Dapper.DynamicParameters(new { Fid = loginUser.UserIdentity }), true); if (emp == null) { errorMsg = GetOrAddPageMultiLanguageContent("login_page_no_find_mapping_employee", "用户关联的人员不存在");; } } } if (errorMsg.IsPresent()) { string loginUrl = _configService.GetSysParamValue(LoginUrl);// FapPlatformConfig.PlatformLoginUrl; if (loginUrl.IsMissing()) { loginUrl = "~/"; } return(LocalRedirect(loginUrl + "?msg=" + System.Net.WebUtility.UrlEncode(errorMsg))); } return(null); } void LoginLogging() { //更新最近登录时间 loginUser.LastLoginTime = DateTimeUtils.CurrentDateTimeStr; loginUser.PasswordTryTimes = 0; _loginService.UpdateLastLoginTime(loginUser); } ClaimsPrincipal CreateClaimsPrincipal() { //初始化身份卡片 var claims = new List <Claim> { new Claim(ClaimTypes.Name, loginUser.UserName), //用户名 new Claim(ClaimTypes.UserData, loginUser.Fid), //用户Fid new Claim(ClaimTypes.NameIdentifier, loginUser.UserIdentity), //员工Fid new Claim(ClaimTypes.Surname, emp.EmpName), //员工姓名 new Claim(ClaimTypes.PrimarySid, emp.DeptUid ?? "-"), //员工部门 new Claim(ClaimTypes.PrimaryGroupSid, emp.DeptCode ?? ""), //部门编码 new Claim(ClaimTypes.System, emp.DeptUidMC ?? ""), //部门名称 new Claim(ClaimTypes.DenyOnlyPrimaryGroupSid, emp.GroupUid ?? ""), //集团 new Claim(ClaimTypes.DenyOnlyPrimarySid, emp.OrgUid ?? ""), //组织 new Claim(ClaimTypes.Sid, currLanguage), //语言 new Claim(ClaimTypes.Actor, emp.EmpPhoto), //用户图像 new Claim(ClaimTypes.Role, loginUser.UserRole) //角色普通用户 }; //组装身份 var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); return(new ClaimsPrincipal(claimsIdentity)); } AuthenticationProperties CreateAuthenticationProperties() { return(new AuthenticationProperties { //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. //ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(1), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. Required when setting the // ExpireTimeSpan option of CookieAuthenticationOptions // set with AddCookie. Also required when setting // ExpiresUtc. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }); } LocalRedirectResult Redirect() { if (returnUrl.IsMissing()) { if (userpwd == _configService.GetSysParamValue("employee.user.password")) { //等于默认密码需要跳转到修改密码页 return(LocalRedirect("~/Home/MainFrame#Home/ResetPassword/1")); } else { if (_rbacService.IsCEO(emp.Fid)) { return(LocalRedirect("~/Home/MainFrame#System/Report/CEOChart")); } else { return(LocalRedirect(_configService.GetSysParamValue(HomeUrl))); } } } else { return(LocalRedirect(HttpUtility.UrlDecode(returnUrl))); } } }