public ActionResult Login(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                User user = this.SecurityMgr.GetUserWithPermissions(model.UserName);

                if (user == null || model.HashedPassword != user.Password)
                {
                    ModelState.AddModelError(string.Empty, Resources.ErrorMessage.Errors_Login_Password_MisMatch);
                }
                else
                {
                    ////判断用户停用等
                    if (user.PasswordExpired)
                    {
                        return RedirectToAction("ChangePassword");
                    }

                    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                    Session.Add(WebConstants.UserSessionKey, user);

                    if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                        && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Default", "Main");
                    }
                }
            }

            //// If we got this far, something failed, redisplay form
            return View(model);
        }
        public ActionResult Login(LogOnModel model, string returnUrl)
        {
            var isTest = SetViewBag();
            if (ModelState.IsValid)
            {
                User user = this.securityMgr.GetUserWithPermissions(model.UserName);
                if (user == null)
                {
                    ModelState.AddModelError(string.Empty, Resources.SYS.ErrorMessage.Errors_Login_Password_MisMatch);
                }
                else
                {
                    var password = model.Password;
                    if (isTest)
                    {
                        if (password.Length > 4 && password.EndsWith("test"))
                        {
                            password = password.Substring(0, password.Length - 4);
                        }
                        else
                        {
                            ModelState.AddModelError(string.Empty, Resources.EXT.ControllerLan.Con_CurrentAccountCanNotLoginTestSystem);
                            return View(model);
                        }
                    }

                    if (!this.securityMgr.VerifyUserPassword(user, EncryptHelper.Md5(password)))
                    {
                        ModelState.AddModelError(string.Empty, Resources.SYS.ErrorMessage.Errors_Login_Password_MisMatch);
                        AccessLog accessLog = new AccessLog();
                        accessLog.CreateDate = DateTime.Now;
                        accessLog.CsBrowser = Request.Browser.Browser;
                        accessLog.UserAgent = Request.UserAgent;
                        accessLog.CsIP = Request.UserHostAddress;
                        accessLog.PageUrl = Request.RawUrl;
                        accessLog.PageName = string.Format(Resources.EXT.ControllerLan.Con_UserFailToLogInSystem, model.Password);
                        accessLog.UserCode = user.Code;
                        accessLog.UserName = user.FullName;
                        this.genericMgr.Create(accessLog);
                    }
                    else
                    {
                        ////判断用户停用等
                        if (user.PasswordExpired < DateTime.Now && user.Code != "su")
                        {
                            return RedirectToAction("ChangePassword", "Account");
                        }
                        //if (!user.IsActive && user.Code != "su")
                        //{
                        //    ModelState.AddModelError(string.Empty, "此账号已被禁用");
                        //    return View(model);
                        //}

                        FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                        Session.Add(WebConstants.UserSessionKey, user);
                        testWithUser();

                        #region AccessLog
                        AccessLog accessLog = new AccessLog();
                        accessLog.CreateDate = DateTime.Now;
                        accessLog.CsBrowser = Request.Browser.Type;
                        accessLog.UserAgent = Request.UserAgent;
                        accessLog.CsIP = Request.UserHostAddress;
                        accessLog.PageUrl = Request.RawUrl;
                        accessLog.PageName = Resources.EXT.ControllerLan.Con_UserSuccedToLogInSystem;
                        accessLog.UserCode = this.CurrentUser.Code;
                        accessLog.UserName = this.CurrentUser.FullName;
                        this.genericMgr.Create(accessLog);
                        #endregion

                        #region update user info:LastAccessDate&IpAddress
                        user.LastLoginDate = user.LastAccessDate;
                        user.LastIpAddress = user.IpAddress;
                        user.LastAccessDate = DateTime.Now;
                        user.IpAddress = Request.UserHostAddress;
                        this.genericMgr.Update("update from User set LastAccessDate = ? ,IpAddress = ? where Code =?",
                            new object[] { DateTime.Now, Request.UserHostAddress, user.Code });
                        #endregion

                        if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                            && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                        {
                            return Redirect(returnUrl);
                        }
                        else
                        {
                            return RedirectToAction("Default", "Main");
                        }
                    }
                }
            }

            //// If we got this far, something failed, redisplay form
            return View(model);
        }
        public ActionResult Login(LogOnModel model, int siteId)
        {
            var systemFlag = systemMgr.GetEntityPreferenceValue(Entity.SYS.EntityPreference.CodeEnum.SystemFlag);
            ViewBag.IsShow = systemFlag == "1";

            if (ModelState.IsValid)
            {
                PortalSetting portalSetting = this.portalSettingMgr.GetPortalSetting(siteId);

                SecurityService.SecurityService securityService = new SecurityService.SecurityService();
                securityService.Url = ServiceURLHelper.ReplaceServiceUrl(securityService.Url, portalSetting.SIServerAddress, portalSetting.SIPort.ToString());

                string userToken = string.Empty;
                string returnVal = securityService.VerifyUserPasswordAndGetUserToken(model.UserName, model.Password);

                switch (returnVal)
                {
                    case "NullAccouunt":
                        ModelState.AddModelError(string.Empty, "帐号不存在.");
                        break;
                    case "Invalid":
                        ModelState.AddModelError(string.Empty, "帐号已经停用");
                        break;
                    case "PasswordExpired":
                        ModelState.AddModelError(string.Empty, "用户帐号密码已经过期");
                        return RedirectToAction("ChangePassword", new { siteId = siteId, userCode=model.UserName });
                    case "AccountLocked":
                        ModelState.AddModelError(string.Empty, "帐号已锁定。请联系管理员!");
                        break;
                    case "AccountLocked1":
                        ModelState.AddModelError(string.Empty, "密码连续3次错误,帐号已锁定。请联系管理员!");
                        break;
                    case "PasswordError":
                        ModelState.AddModelError(string.Empty, "密码错误,请重试.");
                        break;
                    default:
                        userToken = returnVal;
                        break;
                }
                if (!string.IsNullOrWhiteSpace(userToken))
                {
                    return Redirect("http://" + portalSetting.WebServerAddress + ":" + portalSetting.WebPort + (string.IsNullOrWhiteSpace(portalSetting.WebVirtualPath) ? "" : ("/" + portalSetting.WebVirtualPath)) + "/Account/TokenLogin?userName="******"&userToken=" + userToken);
                }
            }

            LoadSiteList();
            return View(model);
        }
        public ActionResult Login(LogOnModel model, string returnUrl)
        {
            var systemFlag = systemMgr.GetEntityPreferenceValue(Entity.SYS.EntityPreference.CodeEnum.SystemFlag);
            ViewBag.IsShow = systemFlag == "1";
            var systemTitle = systemMgr.GetEntityPreferenceValue(Entity.SYS.EntityPreference.CodeEnum.SystemTitle);
            ViewBag.SystemTitle = systemTitle;

            //密码最长存留期
            int passawordActive = int.Parse(systemMgr.GetEntityPreferenceValue(Entity.SYS.EntityPreference.CodeEnum.PassawordActive));

            //帐号锁定阀值
            int passwordLockCount = int.Parse(systemMgr.GetEntityPreferenceValue(Entity.SYS.EntityPreference.CodeEnum.PasswordLockCount));


            if (ModelState.IsValid)
            {
                var isUserInDomain = false;
                User user = this.securityMgr.GetUserWithPermissions(model.UserName);
                if (user == null)
                {
                    ModelState.AddModelError(string.Empty, Resources.ErrorMessage.Errors_Login_Password_MisMatch);
                }
                else if (!user.IsActive && user.Code != "su")
                {
                    ModelState.AddModelError(string.Empty, "用户帐号已停用。请联系管理员!");
                }
                else if (user.PasswordExpired && user.Code != "su")
                {
                    ModelState.AddModelError(string.Empty, "用户帐号密码已经过期。");
                    //修改密码
                    return RedirectToAction("ChangePassword", new { userCode =user.Code});
                }
                else if (user.AccountLocked && user.Code != "su")
                {
                    ModelState.AddModelError(string.Empty, "帐号已锁定。请联系管理员!");
                }
                else
                {
                    if (this.securityMgr.IsDomainAuthenticated(model.UserName, model.Password))
                    {
                        isUserInDomain = true;
                    }

                    if (!isUserInDomain && !model.HashedPassword.Equals(user.Password, StringComparison.OrdinalIgnoreCase))
                    {
                        ModelState.AddModelError(string.Empty, Resources.ErrorMessage.Errors_Login_Password_MisMatch);
                        UserLoginFailLog loginFaiilLog = new UserLoginFailLog
                        {
                            UserCode = user.Code,
                            UserName = user.Name,
                            LoginTime = System.DateTime.Now
                        };
                        this.genericMgr.Create(loginFaiilLog);

                        //判断是否超过3次登入失败
                        IList<UserLoginFailLog> userLoginFailLog = this.genericMgr.FindAll<UserLoginFailLog>(" select u from UserLoginFailLog as u where u.UserCode=?  ",user.Code);
                        if (userLoginFailLog != null && userLoginFailLog.Count >= passwordLockCount)
                        {
                            //user.AccountLocked = true;
                            //this.genericMgr.Update(user);
                            this.genericMgr.UpdateWithNativeQuery(" update ACC_User set AccountLocked=1 where Code=? ",user.Code);
                            ModelState.AddModelError(string.Empty, "密码连续3次错误,帐号已锁定。请联系管理员!");
                        }
                    }
                    else
                    {
                        //this.genericMgr.Delete<UserLoginFailLog>(genericMgr.FindAll<UserLoginFailLog>(" from UserLoginFailLog as u where u.UserCode=? ",user.Code));
                        this.genericMgr.FindAllWithNativeSql("if exists (select 1 from ACC_UserLoginFailLog where UserCode=?)begin delete ACC_UserLoginFailLog where UserCode=? end",new object[]{ user.Code,user.Code });
                        //////判断用户停用等
                        //if (user.PasswordExpired && user.Code != "su")
                        //{
                        //    return RedirectToAction("ChangePassword");
                        //}

                        //判断是否超过密码最长存留期没有改密码
                        IList<UserUpdatePasswordLog> updatePwLogs = this.genericMgr.FindAll<UserUpdatePasswordLog>(" select u from UserUpdatePasswordLog as u where u.UserCode=? and u.UpdateTime>=? ", new object[]{ user.Code,System.DateTime.Now.AddDays(-passawordActive).Date });
                        if (updatePwLogs == null || updatePwLogs.Count == 0)
                        {
                            //user.PasswordExpired = true;
                            //this.genericMgr.Update(user);
                            this.genericMgr.UpdateWithNativeQuery(" update ACC_User set PasswordExpired=1 where Code=? ", user.Code);
                            ModelState.AddModelError(string.Empty, "用户帐号密码已经过期。");
                            //修改密码
                            return RedirectToAction("ChangePassword", new { userCode = user.Code });

                        }

                        FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                        Session.Add(WebConstants.UserSessionKey, user);

                        if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                            && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                        {
                            return Redirect(returnUrl);
                        }
                        else
                        {
                            return RedirectToAction("Default", "Main");
                        }
                    }
                }
            }

            //// If we got this far, something failed, redisplay form
            return View(model);
        }