public ActionResult Post([FromBody] LoginViewModel loginViewModel)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
var users = new Pub_UserBLL().GetList($"StopFlag=0 AND UserName='******' AND UserPwd='{loginViewModel.Password}'", limits: 1);
if (users.Count > 0)
{
var user = users.First();
//var userFunctions = new Pub_UserFunctionBLL().GetList($"UserCode='{user.UserCode}'").Select(p=>p.FunctionCode);
//var roleFunctions = new Pub_RoleFunctionBLL().GetList($" RoleCode IN(SELECT pur.RoleCode FROM Pub_UserRole AS pur WHERE pur.UserCode='{user.UserCode}' )").Select(p=>p.FunctionCode);
//var functions = userFunctions.Concat(roleFunctions).Distinct();
//var functionsStr = string.Join(',', functions);
var claims = new Claim[]
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Sid, user.Id.ToString()),
new Claim(ClaimTypes.NameIdentifier, user.UserCode),
// new Claim(ClaimTypes.UserData,functionsStr),
new Claim(ClaimTypes.MobilePhone, user.Tel),
new Claim(ClaimTypes.GroupSid, user.DeptCode)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSeetings.SecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddMinutes(30);
var token = new JwtSecurityToken(
_jwtSeetings.Issuer,
_jwtSeetings.Audience,
claims,
DateTime.Now,
expires,
creds
);
return(Ok(new ResponseObj <dynamic>()
{
Code = 1,
Message = "认证成功",
Data = new { Token = new JwtSecurityTokenHandler().WriteToken(token),
Expires = TypeUtil.ConvertDateTimeInt(expires) }
}));
}
return(Ok(new ResponseObj <dynamic>()
{
Code = 0,
Message = "用户名密码错误!"
}));
//return BadRequest();
}
public static void WriteUser(string userName)
{
LoginAdmin admin = new LoginAdmin();
var pubUser = new Pub_UserBLL().GetUserByUserName(userName);
var context = HttpContext.Current;
if (pubUser != null)
{
admin.UserCode = pubUser.UserCode;
admin.UserName = pubUser.UserName;
admin.MobilePhone = pubUser.Tel;
admin.DeptCode = pubUser.DeptCode;
}
context.Session["Admin"] = admin;
}
public IHttpActionResult Post([FromBody] LoginViewModel loginViewModel)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
//通过参数解决sql注入攻击
string sql = "StopFlag=0 AND UserName=@UserName AND UserPwd=@UserPwd";
var users = new Pub_UserBLL().GetListByParms(sql, parms: new { UserName = loginViewModel.Name, UserPwd = loginViewModel.Password }, limits: 1);
if (users.Count > 0)
{
var user = users.First();
//var userFunctions = new Pub_UserFunctionBLL().GetList(string.Format("UserCode='{0}'",user.UserCode)).Select(p=>p.FunctionCode);
//var roleFunctions = new Pub_RoleFunctionBLL().GetList(string.Format(" RoleCode IN(SELECT pur.RoleCode FROM Pub_UserRole AS pur WHERE pur.UserCode='{0}' )", user.UserCode)).Select(p => p.FunctionCode);
//var functions = userFunctions.Concat(roleFunctions).Distinct();
//var functionsStr = string.Join(",", functions);
var token = JwtManager.GenerateToken(user);
return(Ok(new ResponseObj <dynamic>()
{
Code = 1,
Message = "认证成功",
Data = new
{
Token = token.Item1,
Expires = TypeUtil.ConvertDateTimeInt((DateTime)token.Item2)
}
}));
}
return(Ok(new ResponseObj <dynamic>()
{
Code = 0,
Message = "用户名密码错误!"
}));
//return BadRequest();
}
public static void WriteUser(string userName)
{
LoginAdmin admin = new LoginAdmin();
var pubUser = new Pub_UserBLL().GetUserByUserName(userName);
var context = HttpContext.Current;
if (pubUser != null)
{
admin.UserCode = pubUser.UserCode;
admin.UserName = pubUser.UserName;
admin.MobilePhone = pubUser.Tel;
admin.DeptCode = pubUser.DeptCode;
string functionSql = string.Format(@"select functioncode from dbo.Pub_UserFunction WHERE UserCode='{0}'
UNION SELECT functioncode FROM dbo.Pub_RoleFunction
WHERE RoleCode in (SELECT RoleCode FROM Pub_UserRole AS pur WHERE UserCode='{0}')", pubUser.UserCode);
var funs = new Pub_FunctionBLL().GetList("StopFlag=0 AND FunctionCode In (" + functionSql + ")");
admin.UserFunctions = funs;
}
context.Session["Admin"] = admin;
}
