protected override string AuthenticateToken(UsernameToken token)
{
LoginUserStatus invalidCredentials = LoginUserStatus.InvalidCredentials;
try
{
SiteManager user = Users.GetUser(0, token.Identity.Name, false, false) as SiteManager;
if ((user != null) && user.IsAdministrator)
{
HiContext current = HiContext.Current;
user.Password = Cryptographer.Decrypt(token.Password);
invalidCredentials = Users.ValidateUser(user);
}
else
{
invalidCredentials = LoginUserStatus.InvalidCredentials;
}
}
catch
{
invalidCredentials = LoginUserStatus.InvalidCredentials;
}
if (invalidCredentials == LoginUserStatus.Success)
{
return(token.Password);
}
return(Cryptographer.CreateHash(token.Password));
}
private bool userRegion(string username, string password)
{
HiContext current = HiContext.Current;
Member member = Users.GetUser(0, username, false, true) as Member;
if (member == null || member.IsAnonymous)
{
this.ShowMessage("用户名或密码错误", false);
return(false);
}
member.Password = password;
LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member);
if (loginUserStatus == LoginUserStatus.Success)
{
System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(member.Username, false);
IUserCookie userCookie = member.GetUserCookie();
userCookie.WriteCookie(authCookie, 30, false);
current.User = member;
return(true);
}
if (loginUserStatus == LoginUserStatus.AccountPending)
{
this.ShowMessage("用户账号还没有通过审核", false);
return(false);
}
if (loginUserStatus == LoginUserStatus.InvalidCredentials)
{
this.ShowMessage("用户名或密码错误", false);
return(false);
}
this.ShowMessage("未知错误", false);
return(false);
}
/// <summary>
/// 验证用户信息
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public static LoginUserStatus ValidateUser(ref User user)
{
if (user == null)
{
throw new ArgumentNullException("User must have value");
}
//验证登陆
LoginUserStatus status = ValidateUser(user.UserName, user.Password);
user = GetUser(user.UserName);
return(status);
}
/// <summary>
/// 验证用户信息
/// <remarks>
/// 1. 字段已经做验证
/// 2. 密码为明文未加密
/// </remarks>
/// <example>
/// 1. 验证成功的话需修改LastActive值至当前
/// 2. 用户必须是正常用户(不包括锁定或未审核)
/// </example>
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns>true:successed, false:failed</returns>
public static LoginUserStatus ValidateUser(string userName, string password)
{
//验证登陆
LoginUserStatus status = CommonDataProvider.Instance.ValidateUser(userName, password);
if (status == LoginUserStatus.Success)
{
//修改LastActive
User user = GetUser(userName, true, false);
//触发系统事件
GlobalEvents.ValidatedUser(user);
}
return(status);
}
private string UserLogin(string userName, string password)
{
string result = string.Empty;
Member member = Users.GetUser(0, userName, false, true) as Member;
if (member == null || member.IsAnonymous)
{
return("用户名或密码错误");
}
if (member.ParentUserId.HasValue && member.ParentUserId.Value != 0)
{
return("您不是本站会员,请您进行注册");
}
member.Password = password;
LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member);
if (loginUserStatus == LoginUserStatus.Success)
{
System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(member.Username, false);
IUserCookie userCookie = member.GetUserCookie();
userCookie.WriteCookie(authCookie, 30, false);
ShoppingCartInfo cookieShoppingCart = ShoppingCartProcessor.GetCookieShoppingCart();
HiContext.Current.User = member;
if (cookieShoppingCart != null)
{
ShoppingCartProcessor.ConvertShoppingCartToDataBase(cookieShoppingCart);
ShoppingCartProcessor.ClearCookieShoppingCart();
}
member.OnLogin();
}
else
{
if (loginUserStatus == LoginUserStatus.AccountPending)
{
result = "用户账号还没有通过审核";
}
else
{
if (loginUserStatus == LoginUserStatus.InvalidCredentials)
{
result = "用户名或密码错误";
}
else
{
result = "未知错误";
}
}
}
return(result);
}
private void ProcessLogin(System.Web.HttpContext context)
{
string text = context.Request["userName"];
string text2 = context.Request["password"];
if (HiContext.Current.User != null)
{
this.ClearLoginStatus();
}
if (string.IsNullOrEmpty(text) || string.IsNullOrEmpty(text2))
{
context.Response.Write(this.GetErrorJosn(101, "缺少必填参数"));
return;
}
Member member = Users.GetUser(0, text, false, true) as Member;
if (member == null)
{
context.Response.Write(this.GetErrorJosn(205, "用户名无效"));
return;
}
member.Password = text2;
LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member);
if (loginUserStatus != LoginUserStatus.Success)
{
context.Response.Write(this.GetErrorJosn(206, "密码有误"));
return;
}
System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(member.Username, false);
IUserCookie userCookie = member.GetUserCookie();
userCookie.WriteCookie(authCookie, 30, false);
System.Web.HttpCookie httpCookie = new System.Web.HttpCookie("Vshop-Member");
httpCookie.Value = Globals.UrlEncode(member.Username);
System.Web.HttpContext.Current.Response.Cookies.Add(httpCookie);
HiContext.Current.User = member;
member.OnLogin();
string text3 = UserHelper.UpdateSessionId(member.UserId);
member.SessionId = text3;
Users.UpdateUser(member);
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder();
stringBuilder.Append("{\"result\":{");
stringBuilder.AppendFormat("\"uid\":{0},", member.UserId);
stringBuilder.AppendFormat("\"sessionid\":\"{0}\"", text3);
stringBuilder.Append("}}");
context.Response.Write(stringBuilder.ToString());
}
public static LoginUserStatus ValidLogin(SiteManager manager)
{
if (manager == null)
{
return(LoginUserStatus.InvalidCredentials);
}
LoginUserStatus status = Users.ValidateUser(manager);
if ((status == LoginUserStatus.Success) && (manager.UserRole == UserRole.SiteManager))
{
HttpContext context = HiContext.Current.Context;
string path = context.Request.MapPath(Globals.ApplicationPath + "/config/Hishop.key");
if (File.Exists(path))
{
return(status);
}
try
{
XmlDocument document = new XmlDocument();
try
{
document.Load(context.Request.MapPath(Globals.ApplicationPath + "/config/key.config"));
}
catch
{
document.Load(context.Request.MapPath(Globals.ApplicationPath + "/config/key.config.bak"));
}
if (int.Parse(document.SelectSingleNode("Settings/Token").InnerText) != manager.UserId)
{
return(status);
}
byte[] userData = Cryptographer.DecryptWithPassword(Convert.FromBase64String(document.SelectSingleNode("Settings/Key").InnerText), manager.Password);
byte[] encryptedKey = ProtectedData.Protect(userData, null, DataProtectionScope.LocalMachine);
using (Stream stream = new FileStream(path, FileMode.Create))
{
KeyManager.Write(stream, encryptedKey, DataProtectionScope.LocalMachine);
}
CryptographyUtility.ZeroOutBytes(encryptedKey);
CryptographyUtility.ZeroOutBytes(userData);
}
catch
{
}
}
return(status);
}
public ActionResult Login(LoginViewModel model, string returnUrl)
{
//判断实体是否校验通过
if (ModelState.IsValid)
{
var loginStatus = new LoginUserStatus()
{
IsLogin = false,
Message = "用户或密码错误",
};
//登录处理
var userManage =
new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(new EntityDbContext()));
var user = userManage.Find(model.UserName, model.PassWord);
if (user != null)
{
var roleName = "";
var context = new EntityDbContext();
foreach (var role in user.Roles)
{
roleName += (context.Roles.Find(role.RoleId) as ApplicationRole).DisplayName + ",";
}
loginStatus.IsLogin = true;
loginStatus.Message = "登录成功!用户的角色:" + roleName;
loginStatus.GotoController = "home";
loginStatus.GotoAction = "index";
//把登录状态保存到会话
Session["loginStatus"] = loginStatus;
var loginUserSessionModel = new LoginUserSessionModel()
{
User = user,
Person = user.Person,
RoleName = roleName,
};
//把登录成功后用户信息保存到会话
Session["LoginUserSessionModel"] = loginUserSessionModel;
//identity登录处理,创建aspnet的登录令牌Token
var identity = userManage.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
return(Redirect(returnUrl));
}
}
return(View());
}
protected void Button3_Click(object sender, EventArgs e)
{
LoginUserStatus status = Users.ValidateUser(txtUserName.Text, txtPwd.Text);
switch (status)
{
case LoginUserStatus.Success:
lblTip.Text = "Login Success";
break;
case LoginUserStatus.InvalidCredentials:
lblTip.Text = "Pwd Error";
break;
default:
lblTip.Text = "Banned";
break;
}
}
private void btnAdminLogin_Click(object sender, System.EventArgs e)
{
if (this.imgCode.Visible && !HiContext.Current.CheckVerifyCode(this.txtCode.Text.Trim()))
{
this.ShowMessage("验证码不正确");
return;
}
IUser user = Users.GetUser(0, this.txtAdminName.Text, false, true);
if (user == null || user.IsAnonymous || user.UserRole != UserRole.SiteManager)
{
this.ShowMessage("无效的用户信息");
this.SetErrorTimes("username");
return;
}
string url = null;
SiteManager siteManager = user as SiteManager;
siteManager.Password = this.txtAdminPassWord.Text;
LoginUserStatus loginUserStatus = ManagerHelper.ValidLogin(siteManager);
if (loginUserStatus == LoginUserStatus.Success)
{
System.Web.HttpCookie authCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(siteManager.Username, false);
IUserCookie userCookie = siteManager.GetUserCookie();
userCookie.WriteCookie(authCookie, 30, false);
System.Web.HttpCookie httpCookie = new System.Web.HttpCookie("Admin-system");
httpCookie.Value = siteManager.Username;
httpCookie.Expires = System.DateTime.Now.AddMinutes(30.0);
System.Web.HttpContext.Current.Response.Cookies.Add(httpCookie);
HiContext.Current.User = siteManager;
this.RemoveCache();
if (!string.IsNullOrEmpty(this.Page.Request.QueryString["returnUrl"]))
{
url = this.Page.Request.QueryString["returnUrl"];
}
if (url == null && this.ReferralLink != null && !string.IsNullOrEmpty(this.ReferralLink.Trim()))
{
url = this.ReferralLink;
}
if (!string.IsNullOrEmpty(url) && (url.ToLower().IndexOf(Globals.GetSiteUrls().Logout.ToLower()) >= 0 || url.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("register").ToLower()) >= 0 || url.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("vote").ToLower()) >= 0 || url.ToLower().IndexOf("loginexit") >= 0))
{
url = null;
}
System.Web.HttpCookie nowcookie = new System.Web.HttpCookie("Supplier");
if (siteManager.IsInRole("供货商"))
{
nowcookie.Value = "Supplier";
nowcookie.Expires = System.DateTime.Now.AddMinutes(30.0);
System.Web.HttpContext.Current.Response.Cookies.Add(nowcookie);
}
else
{
nowcookie.Value = "";
nowcookie.Expires = System.DateTime.Now.AddMinutes(30.0);
System.Web.HttpContext.Current.Response.Cookies.Add(nowcookie);
}
if (url != null)
{
this.Page.Response.Redirect(url, true);
return;
}
this.Page.Response.Redirect("default.html", true);
return;
}
else
{
if (loginUserStatus == LoginUserStatus.AccountPending)
{
this.SetErrorTimes("username");
this.ShowMessage("用户账号还没有通过审核");
return;
}
if (loginUserStatus == LoginUserStatus.AccountLockedOut)
{
this.SetErrorTimes("username");
this.ShowMessage("用户账号已被锁定,暂时不能登录系统");
return;
}
if (loginUserStatus == LoginUserStatus.InvalidCredentials)
{
this.SetErrorTimes("username");
this.ShowMessage("用户名或密码错误");
return;
}
this.SetErrorTimes("username");
this.ShowMessage("登录失败,未知错误");
return;
}
}
public IHttpActionResult Login(JObject request)
{
Logger.WriterLogger("Account.Login, Params: " + request.ToString(), LoggerType.Info);
ParamLogin param = new ParamLogin();
try
{
try
{
param = request.ToObject <ParamLogin>();
}
catch
{
//throw new CommonException(40100);
return(base.JsonFaultResult(new CommonException(40100).GetMessage(), request.ToString()));
}
string accessToken = param.accessToken;
string sessionKey = "";
string sessionSecret = "";
// 验证令牌
int accessTookenCode = VerifyAccessToken(accessToken, out sessionKey, out sessionSecret);
if (accessTookenCode > 0)
{
return(base.JsonFaultResult(new CommonException(accessTookenCode).GetMessage(), request.ToString()));
}
string username = param.username;
string password = param.password;
int channel = param.channel;
int platform = param.platform;
string ver = param.ver;
// 保存访问信息
base.SaveVisitInfo("", channel, platform, ver);
//ThrowParamException(username, password);
string decryptUsername = username;
string decryptPassword = password;
if ((platform == 3 && base.AndroidIsEncryption) || (platform == 2 && base.IOSIsEncryption) || (platform == 1 && base.PCIsEncryption))
{
decryptUsername = base.Decrypt(username, sessionKey, sessionSecret); //TODO 解密
decryptPassword = base.Decrypt(password, sessionKey, sessionSecret);
}
string msg = "";
//if (member == null || member.IsAnonymous)
//{
// msg = "用户名或密码错误";
//}
//if (member.ParentUserId.HasValue && member.ParentUserId.Value != 0)
//{
// msg = "您不是本站会员,请您进行注册";
//}
string sessionId = "";
int userId = 0;
if (string.IsNullOrEmpty(decryptUsername) || string.IsNullOrEmpty(decryptPassword))
{
return(base.JsonFaultResult(new FaultInfo(40200, "缺少必填参数"), request.ToString()));
}
Logger.WriterLogger("开始获取用户信息...");
Member member = Users.GetUser(0, decryptUsername, false, true) as Member;
Logger.WriterLogger("获取用户信息成功...");
if (member == null)
{
return(base.JsonFaultResult(new FaultInfo(40200, "用户名无效"), request.ToString()));
}
member.Password = decryptPassword;
LoginUserStatus loginUserStatus = MemberProcessor.ValidLogin(member);
if (loginUserStatus != LoginUserStatus.Success)
{
return(base.JsonFaultResult(new FaultInfo(40200, "密码有误"), request.ToString()));
}
member.OnLogin();
sessionId = member.MembershipUser.SessionId;
Logger.WriterLogger("开始更新SessionId...");
member.SessionId = UserHelper.UpdateSessionId(member.UserId);
Logger.WriterLogger("SessionId更新成功...");
Logger.WriterLogger("开始更新用户信息...");
Users.UpdateUser(member);
Logger.WriterLogger("更新用户信息成功...");
long timestamp = long.Parse(DateTime.Now.AddSeconds(USER_CACHE_KEEP_TIME).ToString("yyyyMMddHHmmss"));
string authenTicket = SecurityUtil.MD5Encrypt(sessionId + timestamp.ToString() + sessionSecret).ToLower();
string authenUserId = sessionId.ToLowerGuid();
CacheUserSet(authenUserId, authenTicket, timestamp, userId);
StandardResult <RegisterOrLoginResult> okResult = new StandardResult <RegisterOrLoginResult>();
okResult.code = 0;
okResult.msg = "登录成功";
okResult.data = new RegisterOrLoginResult()
{
DisplayName = decryptUsername,
AuthenTicket = authenTicket,
AuthenUserId = authenUserId,
Timestamp = timestamp
};
return(base.JsonActionResult(okResult));
}
catch (CommonException ex)
{
Logger.WriterLogger(ex.GetMessage().Message);
FaultInfo info = ex.GetMessage();
return(base.JsonActionResult(info));
}
}
public ActionResult Login(LoginViewModel model, string returnUrl)
{
//判断实体是否校验通过
if (ModelState.IsValid)
{
var loginStatus = new LoginUserStatus()
{
IsLogin = false,
Message = "用户或密码错误"
};
//登陆处理
var userManage =
new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(new EntityDbContext()));
var user = userManage.Find(model.Username, model.PassWord);
if (user != null)
{
var roleName = "";
var context = new EntityDbContext();
foreach (var role in user.Roles)
{
roleName += (context.Roles.Find(role.RoleId) as ApplicationRole).DisplayName + ",";
}
loginStatus.IsLogin = true;
loginStatus.Message = "登陆成功!用户的角色:" + roleName;
loginStatus.GotoController = "home";
loginStatus.GotoAction = "index";
//把登陆状态保存到会话
Session["loginStatus"] = loginStatus;
var loginUserSessionModel = new LoginUserSessionModel()
{
User = user,
Person = user.Person,
Rolename = roleName
};
//把登陆成功后用户信息保存到会话
Session["loginUserSessionModel"] = loginUserSessionModel;
var identity = userManage.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
return(Redirect(returnUrl));
}
else
{
if (string.IsNullOrEmpty(returnUrl))
{
ViewBag.ReturnUrl = Url.Action("index", "home");
}
else
{
ViewBag.ReturnUrl = returnUrl;
}
ViewBag.LoginUserStatus = loginStatus;
return(View());
}
}
if (string.IsNullOrEmpty(returnUrl))
{
ViewBag.ReturnUrl = Url.Action("index", "home");
}
else
{
ViewBag.ReturnUrl = returnUrl;
}
return(View());
}
void btnLogin_Click(object sender, EventArgs e)
{
if (!HiContext.Current.CheckVerifyCode(txtCode.Text.Trim()))
{
ShowMessage("验证码不正确", false);
}
else
{
IUser user = Users.GetUser(0, txtUserName.Text, false, true);
if (((user == null) || user.IsAnonymous) || (user.UserRole != UserRole.Distributor))
{
ShowMessage("无效的用户信息", false);
}
else
{
Distributor distributor = user as Distributor;
distributor.Password = txtPassword.Text;
if (HiContext.Current.SiteSettings.IsDistributorSettings && (user.UserId != HiContext.Current.SiteSettings.UserId.Value))
{
ShowMessage("分销商只能在自己的站点或主站上登录", false);
}
else
{
LoginUserStatus status = SubsiteStoreHelper.ValidLogin(distributor);
if (status == LoginUserStatus.Success)
{
HttpCookie authCookie = FormsAuthentication.GetAuthCookie(distributor.Username, false);
distributor.GetUserCookie().WriteCookie(authCookie, 30, false);
Page.Response.Cookies["hishopLoginStatus"].Value = "true";
HiContext.Current.User = distributor;
distributor.OnLogin();
if (SettingsManager.GetSiteSettings(HiContext.Current.User.UserId) == null)
{
Page.Response.Redirect("nositedefault.aspx", true);
}
else
{
Page.Response.Redirect("default.aspx", true);
}
}
else
{
switch (status)
{
case LoginUserStatus.AccountPending:
{
ShowMessage("用户账号还没有通过审核", false);
return;
}
case LoginUserStatus.AccountLockedOut:
{
ShowMessage("用户账号已被锁定,暂时不能登录系统", false);
return;
}
case LoginUserStatus.InvalidCredentials:
{
ShowMessage("用户名或密码错误", false);
return;
}
}
ShowMessage("登录失败,未知错误", false);
}
}
}
}
}
private void btnAdminLogin_Click(object sender, EventArgs e)
{
if (!HiContext.Current.CheckVerifyCode(this.txtCode.Text.Trim()))
{
this.ShowMessage("验证码不正确");
}
else
{
IUser user = Users.GetUser(0, this.txtAdminName.Text, false, true);
if (((user == null) || user.IsAnonymous) || (user.UserRole != UserRole.SiteManager))
{
this.ShowMessage("无效的用户信息");
}
else
{
string referralLink = null;
SiteManager manager = user as SiteManager;
manager.Password = this.txtAdminPassWord.Text;
LoginUserStatus status = ManagerHelper.ValidLogin(manager);
if (status == LoginUserStatus.Success)
{
HttpCookie authCookie = FormsAuthentication.GetAuthCookie(manager.Username, false);
manager.GetUserCookie().WriteCookie(authCookie, 30, false);
HttpCookie cookie = new HttpCookie("Admin-system");
cookie.Value = manager.Username;
cookie.Expires = DateTime.Now.AddMinutes(30.0);
HttpContext.Current.Response.Cookies.Add(cookie);
HiContext.Current.User = manager;
if (!string.IsNullOrEmpty(this.Page.Request.QueryString["returnUrl"]))
{
referralLink = this.Page.Request.QueryString["returnUrl"];
}
if (((referralLink == null) && (this.ReferralLink != null)) && !string.IsNullOrEmpty(this.ReferralLink.Trim()))
{
referralLink = this.ReferralLink;
}
if (!string.IsNullOrEmpty(referralLink) && (((referralLink.ToLower().IndexOf(Globals.GetSiteUrls().Logout.ToLower()) >= 0) || (referralLink.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("register").ToLower()) >= 0)) || ((referralLink.ToLower().IndexOf(Globals.GetSiteUrls().UrlData.FormatUrl("vote").ToLower()) >= 0) || (referralLink.ToLower().IndexOf("loginexit") >= 0))))
{
referralLink = null;
}
if (referralLink != null)
{
this.Page.Response.Redirect(referralLink, true);
}
else
{
this.Page.Response.Redirect("default.html", true);
}
}
else
{
switch (status)
{
case LoginUserStatus.AccountPending:
this.ShowMessage("用户账号还没有通过审核");
return;
case LoginUserStatus.AccountLockedOut:
this.ShowMessage("用户账号已被锁定,暂时不能登录系统");
return;
case LoginUserStatus.InvalidCredentials:
this.ShowMessage("用户名或密码错误");
return;
}
this.ShowMessage("登录失败,未知错误");
}
}
}
}
