public override void Validate(string userName, string password)
{
if (null == userName || null == password || null == conn)
{
throw new ArgumentNullException();
}
if (DataService.isGlobalSafeLog == null) //初始化全局安全性配置
{
string tmpsql = string.Format("select configvalue from config where configkey='全局安全日志是否启用'");
DataTable tmpdt = conn.getDataTable(tmpsql);
if (tmpdt.Rows.Count > 0 && tmpdt.Rows[0][0].ToString() == "true")
{
DataService.isGlobalSafeLog = true;
}
else
{
DataService.isGlobalSafeLog = false;
}
}
string sql = string.Format("select islocked,failedpasswordattemptcount,userid from users t3 where username='******'", userName);
DataTable dt = conn.getDataTable(sql);
int attemptcount;
string uid;
if (dt == null)
{
throw new FaultException("服务器端验证故障!");
}
else if (dt.Rows.Count == 0)
{
if ((bool)DataService.isGlobalSafeLog) //日志全局安全性
{
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//System.ServiceModel.Channels.MessageProperties properties = OperationContext.Current.IncomingMessageProperties;
//RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
//string logcontent = string.Format("有客户端从IP:{0}试图以不存在的用户名({1})登录系统。", endpoint.Address, userName);
string logcontent = string.Format("有客户端从IP:{0}试图以不存在的用户名({1})登录系统。", ip, userName);
logcontent = logcontent.Length > 255 ? logcontent.Substring(0, 255) : logcontent;
string tmpsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", Guid.NewGuid(), DateTime.Now, "全局安全", logcontent);
conn.executeCommand(tmpsql);
}
throw new FaultException("用户名不存在!");
}
else
{
bool islocked = (bool)dt.Rows[0][0];
attemptcount = int.Parse(dt.Rows[0][1].ToString());
uid = dt.Rows[0][2].ToString();
if (islocked)
{
if ((bool)DataService.isGlobalSafeLog) //日志全局安全性
{
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//System.ServiceModel.Channels.MessageProperties properties = OperationContext.Current.IncomingMessageProperties;
//RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
//string logcontent = string.Format("有客户端从IP:{0}试图以被加锁的用户名({1})登录系统。", endpoint.Address, userName);
string logcontent = string.Format("有客户端从IP:{0}试图以被加锁的用户名({1})登录系统。", ip, userName);
logcontent = logcontent.Length > 255 ? logcontent.Substring(0, 255) : logcontent;
string tmpsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", Guid.NewGuid(), DateTime.Now, "全局安全", logcontent);
conn.executeCommand(tmpsql);
}
throw new FaultException("该账号已被加锁,请联系系统管理员解除!");
}
}
sql = string.Format("select applicationid,userid from users t3 where username='******' and password='******' and islocked=0", userName, DES.EncryptString(password, DES.theKey));
dt = conn.getDataTable(sql);
if (dt.Rows.Count == 0) // 错误
{
if ((bool)DataService.isGlobalSafeLog) //日志全局安全性
{
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//System.ServiceModel.Channels.MessageProperties properties = OperationContext.Current.IncomingMessageProperties;
//RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
//string logcontent = string.Format("有客户端从IP:{0}试图以用户名({1})和错误口令登录系统。", endpoint.Address, userName);
string logcontent = string.Format("有客户端从IP:{0}试图以用户名({1})和错误口令登录系统。", ip, userName);
logcontent = logcontent.Length > 255 ? logcontent.Substring(0, 255) : logcontent;
string tmpsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", Guid.NewGuid(), DateTime.Now, "全局安全", logcontent);
conn.executeCommand(tmpsql);
}
if (attemptcount + 1 > 8) //尝试次数大于8次,加锁
{
sql = string.Format("update users set FailedPasswordAttemptCount=0,islocked=1,lastlockdate='{1}' where userid='{0}'", uid, DateTime.Now);
conn.executeCommand(sql);
throw new FaultException("该账号尝试登录超过8次,已被加锁,请联系系统管理员解除!");
}
else
{
sql = string.Format("update users set FailedPasswordAttemptCount={0} where userid='{1}'", attemptcount + 1, uid);
conn.executeCommand(sql);
throw new FaultException(string.Format("口令错误,该账号尝试登录{0}次,超过8次将被加锁无法使用!", attemptcount + 1));
}
}
else
{
sql = string.Format("update users set FailedPasswordAttemptCount=0, lastlogindate='{0}' where userid='{1}'", DateTime.Now, uid);
conn.executeCommand(sql);
#region ----- 认证后,处理保存静态变量中的用户数据 -----
string appid = dt.Rows[0][0].ToString();
UserInfo userinfo;
if (!DataService.users.TryGetValue(userName, out userinfo)) //以用户名为键
{
userinfo = new UserInfo()
{
userID = uid, appID = appid, userName = userName
};
DataService.users.Add(userName, userinfo);
//角色信息
sql = @"select t2.RoleName from Users t1,Roles t2,UsersInRoles r where t1.UserName='******' and t1.UserID=r.UserID and t2.RoleID=r.RoleID";
sql = string.Format(sql, userName);
dt = conn.getDataTable(sql);
foreach (DataRow item in dt.Rows)
{
userinfo.roles.Add(item[0].ToString());
}
//模块信息
sql = @"select t2.ModelName from Roles t1,Models t2,ModelsInRoles r where t1.RoleID in
(select t2.RoleID from Users t1,Roles t2,UsersInRoles r where t1.UserName='******' and t1.UserID=r.UserID and t2.RoleID=r.RoleID)
and t1.RoleID=r.RoleID and t2.ModelID=r.ModelID";
sql = string.Format(sql, userName);
dt = conn.getDataTable(sql);
foreach (DataRow item in dt.Rows)
{
userinfo.models.Add(item[0].ToString());
}
//数据源信息
sql = @"select t2.DatasourceName,r.isReadOnly from Models t1,Connections t2,ConnectionsInModels r where t1.ModelID in
(select t2.ModelID from Roles t1,Models t2,ModelsInRoles r where t1.RoleID in
(select t2.RoleID from Users t1,Roles t2,UsersInRoles r where t1.UserName='******' and t1.UserID=r.UserID and t2.RoleID=r.RoleID)
and t1.RoleID=r.RoleID and t2.ModelID=r.ModelID)
and t1.ModelID=r.ModelID and t2.ConnID=r.ConnID";
sql = string.Format(sql, userName);
dt = conn.getDataTable(sql);
foreach (DataRow item in dt.Rows)
{
string dsname = item[0].ToString();
bool isreadonly = (bool)item[1];
if (!userinfo.conns.ContainsKey(dsname))
{
userinfo.conns.Add(dsname, isreadonly);
}
else
{
if (userinfo.conns[dsname] && !isreadonly) //多个角色权限取最大权限
{
userinfo.conns[dsname] = isreadonly;
}
}
}
}
#endregion
#region ----- 应用程序的管理 -----
AppData appdata;
if (!DataService.apps.TryGetValue(appid, out appdata)) //若静态变量中无此应用程序项,则添加
{
appdata = new AppData();
DataService.apps.Add(appid, appdata);
sql = string.Format("select configkey,configvalue from config where applicationid='{0}' and configsort='日志'", appid);
dt = conn.getDataTable(sql);
foreach (DataRow dr in dt.Rows) //填充配置项,若无或无效,则使用缺省值
{
if (dr[0].ToString() == "是否启用日志" && dr[1].ToString() == "true")
{
appdata.isLog = true;
}
if (dr[0].ToString() == "日志有效期限")
{
int.TryParse(dr[1].ToString(), out appdata.logValidDays);
}
if (dr[0].ToString() == "日志是否记录读操作" && dr[1].ToString() == "true")
{
appdata.isLogRead = true;
}
if (dr[0].ToString() == "日志是否记录执行操作" && dr[1].ToString() == "true")
{
appdata.isLogExecute = true;
}
if (dr[0].ToString() == "日志是否记录管理操作" && dr[1].ToString() == "true")
{
appdata.isLogManage = true;
}
if (dr[0].ToString() == "日志是否记录安全信息" && dr[1].ToString() == "true")
{
appdata.isLogSafe = true;
}
if (dr[0].ToString() == "日志是否记录错误信息" && dr[1].ToString() == "true")
{
appdata.isLogError = true;
}
}
}
//若启用了日志,且程序有效期内未清除过或清除时间超过24小时, 则清除过期日志
if (appdata.isLog && (appdata.lastClearLogDate == null || (DateTime.Now - (DateTime)appdata.lastClearLogDate).TotalHours > 24))
{
sql = string.Format("delete log where (applicationid='{0}' or logtype='全局安全') and logdate<'{1}'", appid, DateTime.Now.AddDays(-appdata.logValidDays));
conn.executeCommand(sql);
appdata.lastClearLogDate = DateTime.Now;
//sql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", appid, DateTime.Now, "系统", "系统执行了一次过期日志清理。");
//conn.executeCommand(sql);
}
#endregion
if (appdata.isLog && appdata.isLogSafe)
{
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
sql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", appid, DateTime.Now, "安全", "用户" + userName + "从" + ip + "登录了系统。");
conn.executeCommand(sql);
}
}
}
public bool UpdateUserPassword(string userid, string password)
{
if (apps[applicationid].isLog && apps[applicationid].isLogManage) //日志
{
string logcontent = string.Format("管理员{0}更新用户ID为{1}的口令。", OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name, userid);
string logsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", applicationid, DateTime.Now, "管理", logcontent);
connManage.executeCommand(logsql);
}
string sql = string.Format("update users set password='******' where userid='{0}'", userid, DES.EncryptString(password, DES.theKey));
return(connManage.executeCommand(sql));
}
public bool AddNewUser(string username, string password)
{
if (apps[applicationid].isLog && apps[applicationid].isLogManage) //日志
{
string logcontent = string.Format("管理员{0}添加了名为{1}的用户。", OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name, username);
string logsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", applicationid, DateTime.Now, "管理", logcontent);
connManage.executeCommand(logsql);
}
string appid = DataService.users[OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name].appID;
string sql = string.Format("insert users (applicationid, username,password) values ('{0}','{1}','{2}')", appid, username, DES.EncryptString(password, DES.theKey));
return(connManage.executeCommand(sql));
}
public bool UpdateSelfInfomation(string Alias, string Password, string Email)
{
string userid = DataService.users[OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name].userID;
string sql = string.Format("update users set alias='{1}',password='******',email='{3}' where userid='{0}'", userid, Alias, DES.EncryptString(Password, DES.theKey), Email);
if (apps[applicationid].isLog && apps[applicationid].isLogManage) //日志
{
string logcontent = string.Format("用户{0}更新了自已的信息。", OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name);
string logsql = string.Format("insert log (applicationid,logdate,logtype,logcontent) values ('{0}','{1}','{2}','{3}')", applicationid, DateTime.Now, "管理", logcontent);
connManage.executeCommand(logsql);
}
return(connManage.executeCommand(sql));
}