// POST api/login public Object Post(LoginApiModel obj) { string msg; try { if (string.IsNullOrEmpty(obj.UserIdOrMobile)) { msg = XiaoluResources.MSG_LOGIN_FAIL + string.Format(XiaoluResources.STR_FAIL_RESAON, XiaoluResources.MSG_MOBILE_OR_USERID_IS_NULL); return(new { IsSuccess = false, Message = msg }); } if (string.IsNullOrEmpty(obj.Password) || obj.Password.Trim().Length < 6) { msg = XiaoluResources.MSG_LOGIN_FAIL + string.Format(XiaoluResources.STR_FAIL_RESAON, XiaoluResources.MSG_PASSWORD_IS_NOT_VALID); return(new { IsSuccess = false, Message = msg }); } User userInDb = BusinessService.GetUserByName(obj.UserIdOrMobile); User userInDb2 = BusinessService.GetUserByMobile(obj.UserIdOrMobile); if (userInDb == null && userInDb2 == null) { msg = XiaoluResources.MSG_LOGIN_FAIL + string.Format(XiaoluResources.STR_FAIL_RESAON, XiaoluResources.MSG_CANNOT_FIND_USER); return(new { IsSuccess = false, Message = msg }); } User findedUser = (userInDb == null) ? userInDb2 : userInDb; string md5Pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(obj.Password, "MD5"); //验证密码 if (!string.Equals(md5Pwd, findedUser.Password)) { findedUser.LastFailLoginTime = DateTime.Now; if (findedUser.ErrLoginTimes == null) { findedUser.ErrLoginTimes = 0; } findedUser.ErrLoginTimes++; BusinessService.UpdateUser(findedUser); msg = XiaoluResources.MSG_LOGIN_FAIL + string.Format(XiaoluResources.STR_FAIL_RESAON, XiaoluResources.MSG_PASSWORD_IS_IN_CORRECT); return(new { IsSuccess = false, Message = msg }); } //密码验证通过,则登录成功 //写历史记录 msg = XiaoluResources.MSG_LOGIN_SUCCESS; History his = new History() { UserId = findedUser.Name, CreationDate = DateTime.Now, Content = msg }; BusinessService.CreateHistory(his); string accessToken4User; UserAccessToken uatInDb = BusinessService.GetAccessTokenByUserId(findedUser.Name); if (uatInDb != null && uatInDb.ExpireDate > DateTime.Now) { accessToken4User = uatInDb.AccessToken; return(new { IsSuccess = true, Message = msg, AccessToken = accessToken4User }); } if (uatInDb != null) { BusinessService.DeleteUserAccessToken(uatInDb); } accessToken4User = Guid.NewGuid().ToString(); UserAccessToken uat = new UserAccessToken() { UserId = findedUser.Name, AccessToken = accessToken4User, WeixinId = findedUser.WeixinId, ExpireDate = DateTime.Now.AddSeconds(ACCESS_TOKEN_DURATION_IN_SECONDS) }; BusinessService.CreateUserAccessToken(uat); AccessTokenUserPool.AddAccessTokenUserId(accessToken4User, findedUser.Name); return(new { IsSuccess = true, Message = msg, AccessToken = accessToken4User }); } catch (Exception e) { msg = XiaoluResources.MSG_LOGIN_FAIL + string.Format(XiaoluResources.STR_FAIL_RESAON, ExceptionHelper.GetInnerExceptionInfo(e)); return(new { IsSuccess = false, Message = msg }); } }