/// <summary>
/// 用户密码加密处理功能
///
/// 用户的密码到底如何加密,数据库中如何存储用户的密码?
/// 若是明文方式存储,在管理上会有很多漏洞,虽然调试时不方便,当时加密的密码相对是安全的,
/// 而且最好是密码是不可逆的,这样安全性更高一些,各种不同的系统,这里适当的处理一下就饿可以了。
/// </summary>
/// <param name="password">用户密码</param>
/// <param name="salt">密码盐</param>
/// <returns>处理后的密码</returns>
public virtual string EncryptUserPassword(string password, string salt = null)
{
var result = SecretUtil.Md5(password, 32).ToUpper();
if (!string.IsNullOrEmpty(salt) && (salt.Length == 20))
{
result = salt.Substring(6) + result + salt.Substring(6, 10);
result = SecretUtil.Md5(result, 32).ToUpper();
result += salt;
result = SecretUtil.Md5(result, 32).ToUpper();
}
return(result);
}
/// <summary>
/// 对登录的用户进行数字签名
/// </summary>
/// <param name="userInfo">登录信息</param>
/// <returns>进行过数字签名的用户登录信息</returns>
public static BaseUserInfo CreateSignature(BaseUserInfo userInfo)
{
if (userInfo != null)
{
if (string.IsNullOrEmpty(userInfo.Code))
{
userInfo.Code = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.CompanyCode))
{
userInfo.CompanyCode = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.CompanyId))
{
userInfo.CompanyId = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.CompanyName))
{
userInfo.CompanyName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.DepartmentCode))
{
userInfo.DepartmentCode = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.DepartmentId))
{
userInfo.DepartmentId = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.DepartmentName))
{
userInfo.DepartmentName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.NickName))
{
userInfo.NickName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.OpenId))
{
userInfo.OpenId = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.RealName))
{
userInfo.RealName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.UserName))
{
userInfo.UserName = string.Empty;
}
// 需要签名的内容部分
var dataToSign = userInfo.Code + "_"
+ userInfo.CompanyCode + "_"
+ userInfo.CompanyId + "_"
+ userInfo.CompanyName + "_"
+ userInfo.DepartmentCode + "_"
+ userInfo.DepartmentId + "_"
+ userInfo.DepartmentName + "_"
+ userInfo.Id + "_"
+ userInfo.IdentityAuthentication + "_"
+ userInfo.IsAdministrator + "_"
+ userInfo.NickName + "_"
+ userInfo.OpenId + "_"
+ userInfo.RealName + "_"
+ userInfo.UserName;
// 进行签名
userInfo.Signature = SecretUtil.Md5(dataToSign);
}
return(userInfo);
}
/// <summary>
/// 对登录的用户进行数字签名
/// </summary>
/// <param name="userInfo">登录信息</param>
/// <returns>进行过数字签名的用户登录信息</returns>
public static bool VerifySignature(BaseUserInfo userInfo)
{
var result = false;
if (userInfo != null && !string.IsNullOrEmpty(userInfo.Signature))
{
if (string.IsNullOrEmpty(userInfo.Code))
{
userInfo.Code = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.CompanyCode))
{
userInfo.CompanyCode = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.CompanyId))
{
userInfo.CompanyId = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.CompanyName))
{
userInfo.CompanyName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.DepartmentCode))
{
userInfo.DepartmentCode = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.DepartmentId))
{
userInfo.DepartmentId = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.DepartmentName))
{
userInfo.DepartmentName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.NickName))
{
userInfo.NickName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.OpenId))
{
userInfo.OpenId = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.RealName))
{
userInfo.RealName = string.Empty;
}
if (string.IsNullOrEmpty(userInfo.UserName))
{
userInfo.UserName = string.Empty;
}
// 需要签名的内容部分
var dataToSign = userInfo.Code + "_"
+ userInfo.CompanyCode + "_"
+ userInfo.CompanyId + "_"
+ userInfo.CompanyName + "_"
+ userInfo.DepartmentCode + "_"
+ userInfo.DepartmentId + "_"
+ userInfo.DepartmentName + "_"
+ userInfo.Id + "_"
+ userInfo.IdentityAuthentication + "_"
+ userInfo.IsAdministrator + "_"
+ userInfo.NickName + "_"
+ userInfo.OpenId + "_"
+ userInfo.RealName + "_"
+ userInfo.UserName;
result = userInfo.Signature == SecretUtil.Md5(dataToSign);
}
return(result);
}
