protected override string AuthenticateToken(UsernameToken token) { LoginUserStatus invalidCredentials = LoginUserStatus.InvalidCredentials; try { SiteManager user = Users.GetUser(0, token.Identity.Name, false, false) as SiteManager; if ((user != null) && user.IsAdministrator) { HiContext current = HiContext.Current; user.Password = Cryptographer.Decrypt(token.Password); invalidCredentials = Users.ValidateUser(user); } else { invalidCredentials = LoginUserStatus.InvalidCredentials; } } catch { invalidCredentials = LoginUserStatus.InvalidCredentials; } if (invalidCredentials == LoginUserStatus.Success) { return(token.Password); } return(Cryptographer.CreateHash(token.Password)); }
private bool userRegion(string username, string password) { HiContext current = HiContext.Current; Member member = Users.GetUser(0, username, false, true) as Member; if (member == null || member.IsAnonymous) { this.ShowMessage("用户名或密码错误", false); return(false); } member.Password = password; LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member); if (loginUserStatus == LoginUserStatus.Success) { System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(member.Username, false); IUserCookie userCookie = member.GetUserCookie(); userCookie.WriteCookie(authCookie, 30, false); current.User = member; return(true); } if (loginUserStatus == LoginUserStatus.AccountPending) { this.ShowMessage("用户账号还没有通过审核", false); return(false); } if (loginUserStatus == LoginUserStatus.InvalidCredentials) { this.ShowMessage("用户名或密码错误", false); return(false); } this.ShowMessage("未知错误", false); return(false); }
/// <summary> /// 验证用户信息 /// </summary> /// <param name="user"></param> /// <returns></returns> public static LoginUserStatus ValidateUser(ref User user) { if (user == null) { throw new ArgumentNullException("User must have value"); } //验证登陆 LoginUserStatus status = ValidateUser(user.UserName, user.Password); user = GetUser(user.UserName); return(status); }
/// <summary> /// 验证用户信息 /// <remarks> /// 1. 字段已经做验证 /// 2. 密码为明文未加密 /// </remarks> /// <example> /// 1. 验证成功的话需修改LastActive值至当前 /// 2. 用户必须是正常用户(不包括锁定或未审核) /// </example> /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <returns>true:successed, false:failed</returns> public static LoginUserStatus ValidateUser(string userName, string password) { //验证登陆 LoginUserStatus status = CommonDataProvider.Instance.ValidateUser(userName, password); if (status == LoginUserStatus.Success) { //修改LastActive User user = GetUser(userName, true, false); //触发系统事件 GlobalEvents.ValidatedUser(user); } return(status); }
private string UserLogin(string userName, string password) { string result = string.Empty; Member member = Users.GetUser(0, userName, false, true) as Member; if (member == null || member.IsAnonymous) { return("用户名或密码错误"); } if (member.ParentUserId.HasValue && member.ParentUserId.Value != 0) { return("您不是本站会员,请您进行注册"); } member.Password = password; LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member); if (loginUserStatus == LoginUserStatus.Success) { System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(member.Username, false); IUserCookie userCookie = member.GetUserCookie(); userCookie.WriteCookie(authCookie, 30, false); ShoppingCartInfo cookieShoppingCart = ShoppingCartProcessor.GetCookieShoppingCart(); HiContext.Current.User = member; if (cookieShoppingCart != null) { ShoppingCartProcessor.ConvertShoppingCartToDataBase(cookieShoppingCart); ShoppingCartProcessor.ClearCookieShoppingCart(); } member.OnLogin(); } else { if (loginUserStatus == LoginUserStatus.AccountPending) { result = "用户账号还没有通过审核"; } else { if (loginUserStatus == LoginUserStatus.InvalidCredentials) { result = "用户名或密码错误"; } else { result = "未知错误"; } } } return(result); }
private void ProcessLogin(System.Web.HttpContext context) { string text = context.Request["userName"]; string text2 = context.Request["password"]; if (HiContext.Current.User != null) { this.ClearLoginStatus(); } if (string.IsNullOrEmpty(text) || string.IsNullOrEmpty(text2)) { context.Response.Write(this.GetErrorJosn(101, "缺少必填参数")); return; } Member member = Users.GetUser(0, text, false, true) as Member; if (member == null) { context.Response.Write(this.GetErrorJosn(205, "用户名无效")); return; } member.Password = text2; LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member); if (loginUserStatus != LoginUserStatus.Success) { context.Response.Write(this.GetErrorJosn(206, "密码有误")); return; } System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(member.Username, false); IUserCookie userCookie = member.GetUserCookie(); userCookie.WriteCookie(authCookie, 30, false); System.Web.HttpCookie httpCookie = new System.Web.HttpCookie("Vshop-Member"); httpCookie.Value = Globals.UrlEncode(member.Username); System.Web.HttpContext.Current.Response.Cookies.Add(httpCookie); HiContext.Current.User = member; member.OnLogin(); string text3 = UserHelper.UpdateSessionId(member.UserId); member.SessionId = text3; Users.UpdateUser(member); System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder(); stringBuilder.Append("{\"result\":{"); stringBuilder.AppendFormat("\"uid\":{0},", member.UserId); stringBuilder.AppendFormat("\"sessionid\":\"{0}\"", text3); stringBuilder.Append("}}"); context.Response.Write(stringBuilder.ToString()); }
public static LoginUserStatus ValidLogin(SiteManager manager) { if (manager == null) { return(LoginUserStatus.InvalidCredentials); } LoginUserStatus status = Users.ValidateUser(manager); if ((status == LoginUserStatus.Success) && (manager.UserRole == UserRole.SiteManager)) { HttpContext context = HiContext.Current.Context; string path = context.Request.MapPath(Globals.ApplicationPath + "/config/Hishop.key"); if (File.Exists(path)) { return(status); } try { XmlDocument document = new XmlDocument(); try { document.Load(context.Request.MapPath(Globals.ApplicationPath + "/config/key.config")); } catch { document.Load(context.Request.MapPath(Globals.ApplicationPath + "/config/key.config.bak")); } if (int.Parse(document.SelectSingleNode("Settings/Token").InnerText) != manager.UserId) { return(status); } byte[] userData = Cryptographer.DecryptWithPassword(Convert.FromBase64String(document.SelectSingleNode("Settings/Key").InnerText), manager.Password); byte[] encryptedKey = ProtectedData.Protect(userData, null, DataProtectionScope.LocalMachine); using (Stream stream = new FileStream(path, FileMode.Create)) { KeyManager.Write(stream, encryptedKey, DataProtectionScope.LocalMachine); } CryptographyUtility.ZeroOutBytes(encryptedKey); CryptographyUtility.ZeroOutBytes(userData); } catch { } } return(status); }
public ActionResult Login(LoginViewModel model, string returnUrl) { //判断实体是否校验通过 if (ModelState.IsValid) { var loginStatus = new LoginUserStatus() { IsLogin = false, Message = "用户或密码错误", }; //登录处理 var userManage = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(new EntityDbContext())); var user = userManage.Find(model.UserName, model.PassWord); if (user != null) { var roleName = ""; var context = new EntityDbContext(); foreach (var role in user.Roles) { roleName += (context.Roles.Find(role.RoleId) as ApplicationRole).DisplayName + ","; } loginStatus.IsLogin = true; loginStatus.Message = "登录成功!用户的角色:" + roleName; loginStatus.GotoController = "home"; loginStatus.GotoAction = "index"; //把登录状态保存到会话 Session["loginStatus"] = loginStatus; var loginUserSessionModel = new LoginUserSessionModel() { User = user, Person = user.Person, RoleName = roleName, }; //把登录成功后用户信息保存到会话 Session["LoginUserSessionModel"] = loginUserSessionModel; //identity登录处理,创建aspnet的登录令牌Token var identity = userManage.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie); return(Redirect(returnUrl)); } } return(View()); }
protected void Button3_Click(object sender, EventArgs e) { LoginUserStatus status = Users.ValidateUser(txtUserName.Text, txtPwd.Text); switch (status) { case LoginUserStatus.Success: lblTip.Text = "Login Success"; break; case LoginUserStatus.InvalidCredentials: lblTip.Text = "Pwd Error"; break; default: lblTip.Text = "Banned"; break; } }
private void btnAdminLogin_Click(object sender, System.EventArgs e) { if (this.imgCode.Visible && !HiContext.Current.CheckVerifyCode(this.txtCode.Text.Trim())) { this.ShowMessage("验证码不正确"); return; } IUser user = Users.GetUser(0, this.txtAdminName.Text, false, true); if (user == null || user.IsAnonymous || user.UserRole != UserRole.SiteManager) { this.ShowMessage("无效的用户信息"); this.SetErrorTimes("username"); return; } string url = null; SiteManager siteManager = user as SiteManager; siteManager.Password = this.txtAdminPassWord.Text; LoginUserStatus loginUserStatus = ManagerHelper.ValidLogin(siteManager); if (loginUserStatus == LoginUserStatus.Success) { System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(siteManager.Username, false); IUserCookie userCookie = siteManager.GetUserCookie(); userCookie.WriteCookie(authCookie, 30, false); System.Web.HttpCookie httpCookie = new System.Web.HttpCookie("Admin-system"); httpCookie.Value = siteManager.Username; httpCookie.Expires = System.DateTime.Now.AddMinutes(30.0); System.Web.HttpContext.Current.Response.Cookies.Add(httpCookie); HiContext.Current.User = siteManager; this.RemoveCache(); if (!string.IsNullOrEmpty(this.Page.Request.QueryString["returnUrl"])) { url = this.Page.Request.QueryString["returnUrl"]; } if (url == null && this.ReferralLink != null && !string.IsNullOrEmpty(this.ReferralLink.Trim())) { url = this.ReferralLink; } if (!string.IsNullOrEmpty(url) && (url.ToLower().IndexOf(Globals.GetSiteUrls().Logout.ToLower()) >= 0 || url.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("register").ToLower()) >= 0 || url.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("vote").ToLower()) >= 0 || url.ToLower().IndexOf("loginexit") >= 0)) { url = null; } System.Web.HttpCookie nowcookie = new System.Web.HttpCookie("Supplier"); if (siteManager.IsInRole("供货商")) { nowcookie.Value = "Supplier"; nowcookie.Expires = System.DateTime.Now.AddMinutes(30.0); System.Web.HttpContext.Current.Response.Cookies.Add(nowcookie); } else { nowcookie.Value = ""; nowcookie.Expires = System.DateTime.Now.AddMinutes(30.0); System.Web.HttpContext.Current.Response.Cookies.Add(nowcookie); } if (url != null) { this.Page.Response.Redirect(url, true); return; } this.Page.Response.Redirect("default.html", true); return; } else { if (loginUserStatus == LoginUserStatus.AccountPending) { this.SetErrorTimes("username"); this.ShowMessage("用户账号还没有通过审核"); return; } if (loginUserStatus == LoginUserStatus.AccountLockedOut) { this.SetErrorTimes("username"); this.ShowMessage("用户账号已被锁定,暂时不能登录系统"); return; } if (loginUserStatus == LoginUserStatus.InvalidCredentials) { this.SetErrorTimes("username"); this.ShowMessage("用户名或密码错误"); return; } this.SetErrorTimes("username"); this.ShowMessage("登录失败,未知错误"); return; } }
public IHttpActionResult Login(JObject request) { Logger.WriterLogger("Account.Login, Params: " + request.ToString(), LoggerType.Info); ParamLogin param = new ParamLogin(); try { try { param = request.ToObject <ParamLogin>(); } catch { //throw new CommonException(40100); return(base.JsonFaultResult(new CommonException(40100).GetMessage(), request.ToString())); } string accessToken = param.accessToken; string sessionKey = ""; string sessionSecret = ""; // 验证令牌 int accessTookenCode = VerifyAccessToken(accessToken, out sessionKey, out sessionSecret); if (accessTookenCode > 0) { return(base.JsonFaultResult(new CommonException(accessTookenCode).GetMessage(), request.ToString())); } string username = param.username; string password = param.password; int channel = param.channel; int platform = param.platform; string ver = param.ver; // 保存访问信息 base.SaveVisitInfo("", channel, platform, ver); //ThrowParamException(username, password); string decryptUsername = username; string decryptPassword = password; if ((platform == 3 && base.AndroidIsEncryption) || (platform == 2 && base.IOSIsEncryption) || (platform == 1 && base.PCIsEncryption)) { decryptUsername = base.Decrypt(username, sessionKey, sessionSecret); //TODO 解密 decryptPassword = base.Decrypt(password, sessionKey, sessionSecret); } string msg = ""; //if (member == null || member.IsAnonymous) //{ // msg = "用户名或密码错误"; //} //if (member.ParentUserId.HasValue && member.ParentUserId.Value != 0) //{ // msg = "您不是本站会员,请您进行注册"; //} string sessionId = ""; int userId = 0; if (string.IsNullOrEmpty(decryptUsername) || string.IsNullOrEmpty(decryptPassword)) { return(base.JsonFaultResult(new FaultInfo(40200, "缺少必填参数"), request.ToString())); } Logger.WriterLogger("开始获取用户信息..."); Member member = Users.GetUser(0, decryptUsername, false, true) as Member; Logger.WriterLogger("获取用户信息成功..."); if (member == null) { return(base.JsonFaultResult(new FaultInfo(40200, "用户名无效"), request.ToString())); } member.Password = decryptPassword; LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member); if (loginUserStatus != LoginUserStatus.Success) { return(base.JsonFaultResult(new FaultInfo(40200, "密码有误"), request.ToString())); } member.OnLogin(); sessionId = member.MembershipUser.SessionId; Logger.WriterLogger("开始更新SessionId..."); member.SessionId = UserHelper.UpdateSessionId(member.UserId); Logger.WriterLogger("SessionId更新成功..."); Logger.WriterLogger("开始更新用户信息..."); Users.UpdateUser(member); Logger.WriterLogger("更新用户信息成功..."); long timestamp = long.Parse(DateTime.Now.AddSeconds(USER_CACHE_KEEP_TIME).ToString("yyyyMMddHHmmss")); string authenTicket = SecurityUtil.MD5Encrypt(sessionId + timestamp.ToString() + sessionSecret).ToLower(); string authenUserId = sessionId.ToLowerGuid(); CacheUserSet(authenUserId, authenTicket, timestamp, userId); StandardResult <RegisterOrLoginResult> okResult = new StandardResult <RegisterOrLoginResult>(); okResult.code = 0; okResult.msg = "登录成功"; okResult.data = new RegisterOrLoginResult() { DisplayName = decryptUsername, AuthenTicket = authenTicket, AuthenUserId = authenUserId, Timestamp = timestamp }; return(base.JsonActionResult(okResult)); } catch (CommonException ex) { Logger.WriterLogger(ex.GetMessage().Message); FaultInfo info = ex.GetMessage(); return(base.JsonActionResult(info)); } }
public ActionResult Login(LoginViewModel model, string returnUrl) { //判断实体是否校验通过 if (ModelState.IsValid) { var loginStatus = new LoginUserStatus() { IsLogin = false, Message = "用户或密码错误" }; //登陆处理 var userManage = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(new EntityDbContext())); var user = userManage.Find(model.Username, model.PassWord); if (user != null) { var roleName = ""; var context = new EntityDbContext(); foreach (var role in user.Roles) { roleName += (context.Roles.Find(role.RoleId) as ApplicationRole).DisplayName + ","; } loginStatus.IsLogin = true; loginStatus.Message = "登陆成功!用户的角色:" + roleName; loginStatus.GotoController = "home"; loginStatus.GotoAction = "index"; //把登陆状态保存到会话 Session["loginStatus"] = loginStatus; var loginUserSessionModel = new LoginUserSessionModel() { User = user, Person = user.Person, Rolename = roleName }; //把登陆成功后用户信息保存到会话 Session["loginUserSessionModel"] = loginUserSessionModel; var identity = userManage.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie); return(Redirect(returnUrl)); } else { if (string.IsNullOrEmpty(returnUrl)) { ViewBag.ReturnUrl = Url.Action("index", "home"); } else { ViewBag.ReturnUrl = returnUrl; } ViewBag.LoginUserStatus = loginStatus; return(View()); } } if (string.IsNullOrEmpty(returnUrl)) { ViewBag.ReturnUrl = Url.Action("index", "home"); } else { ViewBag.ReturnUrl = returnUrl; } return(View()); }
void btnLogin_Click(object sender, EventArgs e) { if (!HiContext.Current.CheckVerifyCode(txtCode.Text.Trim())) { ShowMessage("验证码不正确", false); } else { IUser user = Users.GetUser(0, txtUserName.Text, false, true); if (((user == null) || user.IsAnonymous) || (user.UserRole != UserRole.Distributor)) { ShowMessage("无效的用户信息", false); } else { Distributor distributor = user as Distributor; distributor.Password = txtPassword.Text; if (HiContext.Current.SiteSettings.IsDistributorSettings && (user.UserId != HiContext.Current.SiteSettings.UserId.Value)) { ShowMessage("分销商只能在自己的站点或主站上登录", false); } else { LoginUserStatus status = SubsiteStoreHelper.ValidLogin(distributor); if (status == LoginUserStatus.Success) { HttpCookie authCookie = FormsAuthentication.GetAuthCookie(distributor.Username, false); distributor.GetUserCookie().WriteCookie(authCookie, 30, false); Page.Response.Cookies["hishopLoginStatus"].Value = "true"; HiContext.Current.User = distributor; distributor.OnLogin(); if (SettingsManager.GetSiteSettings(HiContext.Current.User.UserId) == null) { Page.Response.Redirect("nositedefault.aspx", true); } else { Page.Response.Redirect("default.aspx", true); } } else { switch (status) { case LoginUserStatus.AccountPending: { ShowMessage("用户账号还没有通过审核", false); return; } case LoginUserStatus.AccountLockedOut: { ShowMessage("用户账号已被锁定,暂时不能登录系统", false); return; } case LoginUserStatus.InvalidCredentials: { ShowMessage("用户名或密码错误", false); return; } } ShowMessage("登录失败,未知错误", false); } } } } }
private void btnAdminLogin_Click(object sender, EventArgs e) { if (!HiContext.Current.CheckVerifyCode(this.txtCode.Text.Trim())) { this.ShowMessage("验证码不正确"); } else { IUser user = Users.GetUser(0, this.txtAdminName.Text, false, true); if (((user == null) || user.IsAnonymous) || (user.UserRole != UserRole.SiteManager)) { this.ShowMessage("无效的用户信息"); } else { string referralLink = null; SiteManager manager = user as SiteManager; manager.Password = this.txtAdminPassWord.Text; LoginUserStatus status = ManagerHelper.ValidLogin(manager); if (status == LoginUserStatus.Success) { HttpCookie authCookie = FormsAuthentication.GetAuthCookie(manager.Username, false); manager.GetUserCookie().WriteCookie(authCookie, 30, false); HttpCookie cookie = new HttpCookie("Admin-system"); cookie.Value = manager.Username; cookie.Expires = DateTime.Now.AddMinutes(30.0); HttpContext.Current.Response.Cookies.Add(cookie); HiContext.Current.User = manager; if (!string.IsNullOrEmpty(this.Page.Request.QueryString["returnUrl"])) { referralLink = this.Page.Request.QueryString["returnUrl"]; } if (((referralLink == null) && (this.ReferralLink != null)) && !string.IsNullOrEmpty(this.ReferralLink.Trim())) { referralLink = this.ReferralLink; } if (!string.IsNullOrEmpty(referralLink) && (((referralLink.ToLower().IndexOf(Globals.GetSiteUrls().Logout.ToLower()) >= 0) || (referralLink.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("register").ToLower()) >= 0)) || ((referralLink.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("vote").ToLower()) >= 0) || (referralLink.ToLower().IndexOf("loginexit") >= 0)))) { referralLink = null; } if (referralLink != null) { this.Page.Response.Redirect(referralLink, true); } else { this.Page.Response.Redirect("default.html", true); } } else { switch (status) { case LoginUserStatus.AccountPending: this.ShowMessage("用户账号还没有通过审核"); return; case LoginUserStatus.AccountLockedOut: this.ShowMessage("用户账号已被锁定,暂时不能登录系统"); return; case LoginUserStatus.InvalidCredentials: this.ShowMessage("用户名或密码错误"); return; } this.ShowMessage("登录失败,未知错误"); } } } }