protected void Page_Load(object sender, EventArgs e)
{
VneedWebService vbs = new VneedWebService();
Label1.Text = vbs.HelloWorld();
User usr = new User();
usr.RoleID = 12;
usr.Password = "******";
Label1.Text = vbs.GetAllFirstLevelCatalogs();
}
protected void RegisterButton_Click(object sender, EventArgs e)
{
if (this.IsValid)
{
Vneed.Model.User newUser = new Vneed.Model.User();
newUser.Username = this.RegisterNameTextBox.Text;
newUser.Password = this.RegisterPasswordTextBox.Text;
newUser.Email = this.RegisterEmailTextBox.Text;
newUser.RoleID = 1;
UserService.RegisterNewUser(newUser);
AuthenticationService.Login(this.RegisterNameTextBox.Text);
Response.Redirect("/Page/Account/registerSuccess.aspx");
}
}
public static void AddUser(User newUser)
{
string connectionString = WebConfigurationManager.ConnectionStrings["defaultConnectionString"].ToString();
SqlConnection sqlConn = new SqlConnection(connectionString);
sqlConn.Open();
string cmdString = "INSERT INTO [User] (Username, Password, Salt, Email, RoleID) VALUES (@username, @password, @salt, @email, @roleID)";
SqlCommand sqlCmd = new SqlCommand(cmdString, sqlConn);
sqlCmd.Parameters.Add(new SqlParameter("username", newUser.Username));
sqlCmd.Parameters.Add(new SqlParameter("password", newUser.Password));
sqlCmd.Parameters.Add(new SqlParameter("salt", newUser.Salt));
sqlCmd.Parameters.Add(new SqlParameter("email", newUser.Email));
sqlCmd.Parameters.Add(new SqlParameter("roleID", newUser.RoleID));
sqlCmd.ExecuteNonQuery();
sqlConn.Close();
}
public static void RegisterNewUser(User newUser)
{
//对密码进行加密
byte[] saltBytes = new byte[32];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltBytes);
byte[] clearTextBytes = Encoding.UTF8.GetBytes(newUser.Password);
byte[] clearTextWithSaltBytes = new byte[clearTextBytes.Length + saltBytes.Length];
for (int i = 0; i < clearTextBytes.Length; i++)
clearTextWithSaltBytes[i] = clearTextBytes[i];
for (int i = 0; i < saltBytes.Length; i++)
clearTextWithSaltBytes[clearTextBytes.Length + i] = saltBytes[i];
HashAlgorithm hash = new SHA256Managed();
byte[] hashBytes = hash.ComputeHash(clearTextWithSaltBytes);
newUser.Password = Convert.ToBase64String(hashBytes);
newUser.Salt = Convert.ToBase64String(saltBytes);
UserRepository.AddUser(newUser);
}
public static User FindUserByUserID(int id)
{
string connectionString = WebConfigurationManager.ConnectionStrings["defaultConnectionString"].ToString();
SqlConnection sqlConn = new SqlConnection(connectionString);
sqlConn.Open();
string cmdString = "SELECT * FROM [User] WHERE UserID = @userID";
SqlCommand sqlCmd = new SqlCommand(cmdString, sqlConn);
sqlCmd.Parameters.Add(new SqlParameter("userID", id));
SqlDataReader sqlDataReader = sqlCmd.ExecuteReader();
if (sqlDataReader.HasRows)
{
sqlDataReader.Read();
User result = new User();
FillUser(sqlDataReader, result);
sqlDataReader.Close();
return result;
}
else
return null;
}
static void FillUser(SqlDataReader sqlDataReader, User newUser)
{
newUser.UserID = (int)sqlDataReader["UserID"];
newUser.Username = (string)sqlDataReader["Username"];
newUser.Password = (string)sqlDataReader["Password"];
newUser.Salt = (string)sqlDataReader["Salt"];
newUser.Email = (string)sqlDataReader["Email"];
newUser.RoleID = (int)sqlDataReader["RoleID"];
newUser.AdditionalInfo = UserAdditionalInfoRepository.FindUserAdditionalInfoByUserID(newUser.UserID);
}