public void RaiseCallbackEvent(string eventArg) { //在这里调用登录处理事件 //处理登录 string thePlineCode = ""; string theUserCode = ""; string thePassword = ""; string theLoginStatus = ""; Boolean theLoginFlag = false; string theSessionCode = ""; string theCompanyCode = ""; string thePlineName = ""; //20071219 增加生产线名称 string theUserName = ""; string theUserId = ""; string theClientIp = Request.UserHostAddress; PubCs thePubCs = new PubCs(); //测试读取xml string theServerPath1 = Server.MapPath("~/").ToString(); theServerPath1 = theServerPath1 + "Rmes/Pub/Xml/RmesConfig.xml"; string theRet = thePubCs.ReadFromXml(theServerPath1, "SeparatorStr"); ArrayList theArrayList = thePubCs.SplitBySeparator(eventArg, theRet); string[] theString = thePubCs.ArrayListToString(theArrayList); theCompanyCode = theString[0]; theUserCode = theString[1].ToUpper(); thePassword = theString[2]; thePlineName = theString[3]; //用户代码和用户ID的转换 20110722 dataConn theDataConn002 = new dataConn(); theDataConn002.OpenConn(); theDataConn002.setTheSql("select func_get_user('" + theCompanyCode + "','MES','" + theUserCode + "','A') from dual"); theUserId = theDataConn002.GetValue(); theDataConn002.CloseConn(); //得到当前会话和公司号 userManager theUserManager1 = (userManager)Session["theUserManager"]; if (theUserManager1 != null) { theSessionCode = theUserManager1.theSessionCode; //theCompanyCode = theUserManager1.getCompanyCode(); } else { //theCompanyCode = (string)Session["theCompanyCode"]; } loginManager theLoginManager = new loginManager(); theLoginManager.setCompanyCode(theCompanyCode); theLoginFlag = theLoginManager.ReLoginIn(theUserId, thePubCs.AESEncrypt(thePassword), theClientIp, theSessionCode, thePlineCode); //得到用户名称 theUserName = theLoginManager.getUserName(); theUserCode = theLoginManager.getUserCode(); if (theLoginFlag) { TxtEmployeeCode.Text = "ok"; TxtPassword.Text = theLoginManager.theLoginFlag; } else { TxtEmployeeCode.Text = "error"; TxtPassword.Text = theLoginManager.theLoginFlag; } theLoginStatus = theLoginManager.theLoginFlag; theSessionCode = theLoginManager.theSessionCode; theCompanyCode = theLoginManager.getTheCompanyCode(); //处理不同情况 switch (theLoginStatus) { case "0": //登录成功 //处理登录用户信息 userManager theUserManager = new userManager(theSessionCode); theUserManager.setLoginFlag(theLoginFlag); theUserManager.setPlineCode(thePlineCode); theUserManager.setPlineName(thePlineName); theUserManager.setProgValue("/Rmes/Login/RmesIndex.aspx"); theUserManager.setProgCode("rmesIndex"); theUserManager.setProgName("系统登录"); theUserManager.setUserId(theUserId); theUserManager.setUserCode(theUserCode); theUserManager.setUserName(theUserName); theUserManager.setCompanyCode(theCompanyCode); Session["theUserManager"] = theUserManager; //在新的窗口打开无标题栏等信息 callbackResult = theLoginStatus; break; default: callbackResult = theLoginStatus; break; } }
protected void Page_Load(object sender, EventArgs e) { string userAcc1; bool isValid = false, isOld = false; string userAcc = System.Web.HttpContext.Current.User.Identity.Name.Trim(); userAcc1 = userAcc; int len = userAcc.IndexOf('\\', 0); userAcc = userAcc.Substring(len + 1, userAcc.Length - len - 1).ToUpper(); //string strDomain = userAcc.Substring(0, len - 1); string strDomain = userAcc1.Substring(0, len); if (strDomain == "DCEC") //if (strDomain != "") //if (strDomain == "域名") { //判断用户名是否合法,并获取密码 string sqlY = "select a.user_code,a.user_password,b.company_code,b.company_name from code_user a left join code_company b on a.company_code=b.company_code where upper(user_code)='" + userAcc.ToUpper() + "'"; dataConn dc = new dataConn(); dc.OpenConn(); dc.setTheSql(sqlY); DataTable dt = dc.GetTable(); if (dt.Rows.Count > 0) { isValid = true; string theUserCode = dc.GetTable().Rows[0][0].ToString(); string theCompanyCode = dc.GetTable().Rows[0][2].ToString(); string thePlineCode = dc.GetTable().Rows[0][2].ToString(); string thePassword = thePubCs.AESDecrypt(dc.GetTable().Rows[0][1].ToString()); string thePlineName = dc.GetTable().Rows[0][3].ToString(); string theClientIp = Request.UserHostAddress; if (theUserCode.ToUpper() == thePassword.ToUpper()) { isOld = true; } string sql = string.Format("select func_get_user('{0}','MES','{1}','A') from dual", theCompanyCode, theUserCode); string theUserName = ""; string theUserId = ""; string theLoginStatus = ""; string theSessionCode = ""; bool theLoginFlag = false; dataConn theDataConn002 = new dataConn(); theDataConn002.OpenConn(); theDataConn002.setTheSql(sql); theUserId = theDataConn002.GetValue(); theDataConn002.CloseConn(); //在登录界面,从会话得到公司号,以后都是从用户对象里面得到 //theCompanyCode = (string)Session["theCompanyCode"]; loginManager theLoginManager = new loginManager(); theLoginManager.setCompanyCode(theCompanyCode); theLoginFlag = theLoginManager.loginIn(theUserId, thePubCs.AESEncrypt(thePassword), theClientIp, thePlineCode); //得到用户名称 theUserName = theLoginManager.getUserName(); theUserCode = theLoginManager.getUserCode(); if (theLoginFlag) { TxtEmployeeCode.Text = "ok"; TxtPassword.Text = theLoginManager.theLoginFlag; } else { TxtEmployeeCode.Text = "error"; TxtPassword.Text = theLoginManager.theLoginFlag; } theLoginStatus = theLoginManager.theLoginFlag; theSessionCode = theLoginManager.theSessionCode; theCompanyCode = theLoginManager.getTheCompanyCode(); //处理不同情况 switch (theLoginStatus) { case "0": //登录成功 //处理登录用户信息 userManager theUserManager = new userManager(theSessionCode); theUserManager.setLoginFlag(theLoginFlag); theUserManager.setPlineCode(thePlineCode); theUserManager.setPlineName(thePlineName); if (isOld) { theUserManager.setProgValue("/Rmes/Sam/sam2400/sam2400.aspx"); theUserManager.setProgCode("sam2400"); theUserManager.setProgName("用户密码维护"); } else { theUserManager.setProgValue("/Rmes/Login/RmesIndex.aspx"); theUserManager.setProgCode("rmesIndex"); theUserManager.setProgName("系统登录"); } theUserManager.setUserId(theUserId); theUserManager.setUserCode(theUserCode); theUserManager.setUserName(theUserName); theUserManager.setCompanyCode(theCompanyCode); Session["theUserManager"] = theUserManager; callbackResult = theLoginStatus; if (isOld) { Response.Redirect("/Rmes/Sam/sam2400/sam2400.aspx?progCode=sam2400&progName=用户密码维护"); } else { Response.Redirect("/Rmes/Login/RmesIndex.aspx?progCode=rmesIndex&progName=系统登录"); } break; default: callbackResult = theLoginStatus; break; } if (callbackResult == "0" && isOld) { callbackResult = "10"; } //Response.Write(callbackResult); Response.End(); } else { isValid = false; } dc.CloseConn(); } else { isValid = false; } //if (!IsPostBack) //{ // Session.Abandon(); // Session.Clear(); //} //现在只处理登录,从QueryString中得到ajax消息 if (!string.IsNullOrWhiteSpace(Request.QueryString["method"]) && Request.QueryString["method"].Equals("login") && !isValid) { //document.forms[0]['DropDownListPline'].value //document.forms[0]['TxtEmployeeCode'].value //document.forms[0]['TxtPassword'].value //thePlineName; string theUserCode = Request.QueryString["usercode"]; string theCompanyCode = Request.QueryString["companycode"]; string thePlineCode = Request.QueryString["companycode"]; string thePassword = Request.QueryString["password"]; string thePlineName = Request.QueryString["companyname"]; string theClientIp = Request.UserHostAddress; if (theUserCode.ToUpper() == thePassword.ToUpper()) { isOld = true; } string sql = string.Format("select func_get_user('{0}','MES','{1}','A') from dual", theCompanyCode, theUserCode); string theUserName = ""; string theUserId = ""; string theLoginStatus = ""; string theSessionCode = ""; bool theLoginFlag = false; dataConn theDataConn002 = new dataConn(); theDataConn002.OpenConn(); theDataConn002.setTheSql(sql); theUserId = theDataConn002.GetValue(); theDataConn002.CloseConn(); //在登录界面,从会话得到公司号,以后都是从用户对象里面得到 //theCompanyCode = (string)Session["theCompanyCode"]; loginManager theLoginManager = new loginManager(); theLoginManager.setCompanyCode(theCompanyCode); theLoginFlag = theLoginManager.loginIn(theUserId, thePubCs.AESEncrypt(thePassword), theClientIp, thePlineCode); //得到用户名称 theUserName = theLoginManager.getUserName(); theUserCode = theLoginManager.getUserCode(); if (theLoginFlag) { TxtEmployeeCode.Text = "ok"; TxtPassword.Text = theLoginManager.theLoginFlag; } else { TxtEmployeeCode.Text = "error"; TxtPassword.Text = theLoginManager.theLoginFlag; } theLoginStatus = theLoginManager.theLoginFlag; theSessionCode = theLoginManager.theSessionCode; theCompanyCode = theLoginManager.getTheCompanyCode(); //处理不同情况 switch (theLoginStatus) { case "0": //登录成功 //处理登录用户信息 userManager theUserManager = new userManager(theSessionCode); theUserManager.setLoginFlag(theLoginFlag); theUserManager.setPlineCode(thePlineCode); theUserManager.setPlineName(thePlineName); if (isOld) { theUserManager.setProgValue("/Rmes/Sam/sam2400/sam2400.aspx"); theUserManager.setProgCode("sam2400"); theUserManager.setProgName("用户密码维护"); } else { theUserManager.setProgValue("/Rmes/Login/RmesIndex.aspx"); theUserManager.setProgCode("rmesIndex"); theUserManager.setProgName("系统登录"); } theUserManager.setUserId(theUserId); theUserManager.setUserCode(theUserCode); theUserManager.setUserName(theUserName); theUserManager.setCompanyCode(theCompanyCode); Session["theUserManager"] = theUserManager; callbackResult = theLoginStatus; break; default: callbackResult = theLoginStatus; break; } if (callbackResult == "0" && isOld) { callbackResult = "10"; } Response.Write(callbackResult); Response.End(); } }
public void ProcessRequest(HttpContext httpContext) { //截获请求,判断程序权限 string theUrl = httpContext.Request.ServerVariables["URL"]; int ii = theUrl.IndexOf("/", 1); if (ii < 0) ii = 0; string theUrlTemp = theUrl.Substring(0, ii); string thePath = httpContext.Request.Path; //string theProgramValue = thePath.Substring(theUrlTemp.Length, thePath.Length - theUrlTemp.Length); string theProgramValue = theUrl; string theClientIp = httpContext.Request.UserHostAddress; string requestedUrl = "" ; string targetUrl=""; int urlLength=0; // save requested, target url requestedUrl = httpContext.Request.RawUrl; targetUrl = requestedUrl; // save target url length urlLength = targetUrl.IndexOf("?"); if (urlLength == -1) urlLength = targetUrl.Length; string theUserId = ""; //得到session里面的当前用户,结合上面得到的程序,判断是否有权限访问 userManager theUserManagerTemp = (userManager)httpContext.Session["theUserManager"]; if (theUserManagerTemp == null) { if (targetUrl.Length>14 && targetUrl.Substring(1, 14) != "RmesLogin.aspx") //modified by liuzhy 2013/12/24,这里把参数改了一下(原来是从后往前找,如果带参会不正确),修正了url不对的情况会提示超时。。 { //targetUrl = theUrlTemp + "/Rmes/Login/RmesReLogin.aspx"; //改自动重新登录到默认出错页面 targetUrl = "~/Rmes/Exception/DefaultException.aspx"; urlLength = targetUrl.IndexOf("?"); if (urlLength == -1) urlLength = targetUrl.Length; } } else { theUserId = theUserManagerTemp.getUserId().ToString(); theCompanyCode = theUserManagerTemp.getCompanyCode().ToString(); } //根据这两个值进行判断是否有登录权限,判断逻辑由存储过程完成 string theRetStr = ""; string theRetProgramCode = ""; string theRetProgramName = ""; MW_CHECK_USERRIGHT sp = new MW_CHECK_USERRIGHT() { THECOMPANYCODE1 = theCompanyCode, THEUSERID1 = theUserId, THECLIENTIP1 = theClientIp, THEPROGRAMVALUE1 = theProgramValue, THERETSTR1="", THERETPROGRAMCODE1="", THERETPROGRAMNAME1="" }; Procedure.run(sp); theRetStr = sp.THERETSTR1; theRetProgramCode = sp.THERETPROGRAMCODE1; theRetProgramName = sp.THERETPROGRAMNAME1; //dataConn theDataConn = new dataConn(); //theDataConn.theComd.CommandType = CommandType.StoredProcedure; //theDataConn.theComd.CommandText = "MW_CHECK_USERRIGHT"; //theDataConn.theComd.Parameters.Clear(); //theDataConn.theComd.Parameters.Add("THECOMPANYCODE1", OracleDbType.Varchar2).Value = theCompanyCode; ////theDataConn.theComd.Parameters.Add("@THECOMPANYCODE1", SqlDbType.VarChar).Direction = ParameterDirection.Input; //theDataConn.theComd.Parameters.Add("THEUSERID1", OracleDbType.Varchar2).Value = theUserId; ////theDataConn.theComd.Parameters.Add("@THEUSERCODE1", SqlDbType.VarChar).Direction = ParameterDirection.Input; //theDataConn.theComd.Parameters.Add("THECLIENTIP1", OracleDbType.Varchar2).Value = theClientIp; ////theDataConn.theComd.Parameters.Add("@THEUSERCODE1", SqlDbType.VarChar).Direction = ParameterDirection.Input; //theDataConn.theComd.Parameters.Add("THEPROGRAMVALUE1", OracleDbType.Varchar2).Value = theProgramValue; ////theDataConn.theComd.Parameters.Add("@THEPROGRAMVALUE1", SqlDbType.VarChar).Direction = ParameterDirection.Input; //theDataConn.theComd.Parameters.Add("THERETSTR1", OracleDbType.Varchar2, 50).Direction = ParameterDirection.Output; //theDataConn.theComd.Parameters.Add("THERETPROGRAMCODE1", OracleDbType.Varchar2, 50).Direction = ParameterDirection.Output; //theDataConn.theComd.Parameters.Add("THERETPROGRAMNAME1", OracleDbType.Varchar2, 50).Direction = ParameterDirection.Output; //theDataConn.OpenConn(); //theDataConn.theComd.ExecuteNonQuery(); //theRetStr = theDataConn.theComd.Parameters["THERETSTR1"].Value.ToString(); //theRetProgramCode = theDataConn.theComd.Parameters["THERETPROGRAMCODE1"].Value.ToString(); //theRetProgramName = theDataConn.theComd.Parameters["THERETPROGRAMNAME1"].Value.ToString(); //theDataConn.CloseConn(); //根据返回数据判断,进行不同的处理 switch (theRetStr) { case "0": //无需授权访问,只是继续请求,不做任何处理,包括未定义的程序,定义为无需授权的程序,比如登录和一些公用查询程序 //保证登录程序的顺利执行,在session里面传递公司号过去 try { httpContext.Session["theCompanyCode"] = theCompanyCode; httpContext.RewritePath(targetUrl); IHttpHandler handler = PageParser.GetCompiledPageInstance( targetUrl.Substring(0, urlLength), null, httpContext); handler.ProcessRequest(httpContext); } catch (Exception ex) { } break; case "1": //没有权限,终止请求 //httpContext.Response.StatusCode = 400; //httpContext.Response.StatusDescription = "你没有访问权限,请联系系统管理员!"; //映射到错误处理界面 targetUrl = "~/Rmes/Exception/DefaultException.aspx"; urlLength = targetUrl.IndexOf("?"); if (urlLength == -1) urlLength = targetUrl.Length; httpContext.Session["theCompanyCode"] = theCompanyCode; httpContext.RewritePath(targetUrl); IHttpHandler handler2 = PageParser.GetCompiledPageInstance( targetUrl.Substring(0, urlLength), null, httpContext); handler2.ProcessRequest(httpContext); break; case "2": //有权限访问,更新当前会话的程序号和程序名称信息 theUserManagerTemp.setProgCode(theRetProgramCode); theUserManagerTemp.setProgName(theRetProgramName); httpContext.Session["theUserManager"] = theUserManagerTemp; //try //{ httpContext.RewritePath(targetUrl); IHttpHandler handler1 = PageParser.GetCompiledPageInstance( targetUrl.Substring(0, urlLength), null, httpContext); //IHttpHandler handler1 = PageParser.GetCompiledPageInstance(thePath, null, httpContext); handler1.ProcessRequest(httpContext); //} //catch //{ // httpContext.RewritePath(targetUrl.Substring(0, urlLength)); // IHttpHandler handler1 = PageParser.GetCompiledPageInstance( // targetUrl.Substring(0, urlLength), null, httpContext); // handler1.ProcessRequest(httpContext); //} break; default: //没有权限,终止请求 httpContext.Response.StatusCode = 400; httpContext.Response.StatusDescription = "你没有访问权限,请联系系统管理员!"; break; } }