public ActionResult Index() { AccountModel account = new AccountModel(); account.Id = "admin"; account.TrueName = "admin"; Session["Account"] = account; return View(); }
public JsonResult Login(string UserName, string Password, string Code, string returnUrl) { if (Session["Code"] == null) { return Json(JsonHandler.CreateMessage(0, "请重新刷新验证码"), JsonRequestBehavior.AllowGet); } if (Session["Code"].ToString().ToLower() != Code.ToLower()) { return Json(JsonHandler.CreateMessage(0, "验证码错误"), JsonRequestBehavior.AllowGet); } SysUser user = AccountBLL.Login(UserName, ValueConvert.MD5(Password)); if (user == null) { return Json(JsonHandler.CreateMessage(0, "用户名或密码错误"), JsonRequestBehavior.AllowGet); } else if (!Convert.ToBoolean(user.State))//被禁用 { return Json(JsonHandler.CreateMessage(0, "账户被系统禁用"), JsonRequestBehavior.AllowGet); } //验证成功 AccountModel account = new AccountModel(); account.Id = user.Id; account.TrueName = user.TrueName; Session["Account"] = account; FormsAuthentication.SetAuthCookie(UserName, true); string path = "/Home/Index"; if (Url.IsLocalUrl(returnUrl)) { path = returnUrl; } return Json(JsonHandler.CreateMessage(1, path), JsonRequestBehavior.AllowGet); }
public bool ValiddatePermission(AccountModel account, string controller, string action, string filePath) { bool bResult = false; string actionName = string.IsNullOrEmpty(ActionName) ? action : ActionName; if (account != null) { List<PermModel> perm = null; //测试当前controller是否已赋权限值,如果没有从 //如果存在区域,Seesion保存(区域+控制器) if (!string.IsNullOrEmpty(Area)) { controller = Area + "/" + controller; } perm = (List<PermModel>)HttpContext.Current.Session[filePath]; if (perm == null) { { perm = SysUserBLL.GetPermission(account.Id, controller);//获取当前用户的权限列表 HttpContext.Current.Session[filePath] = perm;//获取的劝降放入会话由Controller调用 } } //当用户访问index时,只要权限>0就可以访问 if (actionName.ToLower() == "index") { if (perm.Count > 0) { return true; } } //查询当前Action 是否有操作权限,大于0表示有,否则没有 int count = perm.Where(a => a.KeyCode.ToLower() == actionName.ToLower()).Count(); if (count > 0) { bResult = true; } else { bResult = false; HttpContext.Current.Response.Write("你没有操作权限,请联系管理员!"); } } return bResult; }