public ActionResult LoginAction(string username, string password, string returnUrl) { if (string.IsNullOrWhiteSpace(username) && string.IsNullOrWhiteSpace(password)) { return(RedirectToAction("Login", "Account", new { returnUrl = returnUrl, errorMsg = "用户名、密码不能为空!" })); } returnUrl = string.IsNullOrWhiteSpace(returnUrl) ? System.Web.Security.FormsAuthentication.DefaultUrl : returnUrl; string msg = string.Empty; PetaPoco.Database db = new PetaPoco.Database("DatabaseConn"); ApplicationRightService ars = new ApplicationRightService(db); if (ars.Login(username, password)) { var user = ars.GetUserByBadge(username); System.Web.Security.FormsAuthentication.SetAuthCookie(user.Badge + ":" + user.UserName, true); return(RedirectToAction("Index", "Home")); } else { return(RedirectToAction("Login", "Account", new { returnUrl = returnUrl, errorMsg = msg, username = username })); } }
public void OnAuthorization(AuthorizationContext filterContext) { var badge = HttpContext.Current.User.Identity.Name; PetaPoco.Database db = new PetaPoco.Database("DatabaseConn"); ApplicationRightService ars = new ApplicationRightService(db); if (!ars.HaveRight(badge, _resourceName, _operationCode)) { filterContext.Result = UtilHelper.Error("401", "您没有权限访问该模块", _isJsonResult); } }