예제 #1
0
        /// <summary>
        /// 具体判断方法
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protected bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }
            string ticket = httpContext.Request["Ticket"];

            if (!string.IsNullOrEmpty(ticket))
            {
                //如果认证服务器返回票据,则记录
                User user = new User
                {
                    Name = "Client1"
                };
                FormsAuthenticationTicket authenticationTicket = FormsAuthenticationHelper.CreateAuthenticationTicket(user);
                FormsAuthenticationHelper.SetAuthCookie(httpContext, authenticationTicket);
                return(true);
            }
            FormsIdentity formsIdentity = httpContext.User.Identity as FormsIdentity;

            //验证cookie 用户是否有效
            if (formsIdentity == null)
            {
                return(false);
            }
            //这里可以做授权验证
            //....
            return(true);
        }
예제 #2
0
 public ActionResult Login(string userName, string password)
 {
     if ((userName == "qxh" && password == "123") || (userName == "jlp" && password == "123"))
     {
         //如果认证服务器返回票据,则记录
         User user = new User
         {
             Name = "SSOServer"
         };
         FormsAuthenticationTicket authenticationTicket = FormsAuthenticationHelper.CreateAuthenticationTicket(user);
         FormsAuthenticationHelper.SetAuthCookie(base.HttpContext, authenticationTicket);
         string ReturnURL = Request["ReturnURL"] + "?Ticket=SSOServer";
         return(Redirect(ReturnURL));
     }
     return(View());
 }
예제 #3
0
    private void RedirectUser(string username, int usertype)
    {
        // Create authentication ticket/cookie
        FormsAuthenticationHelper.CreateAuthenticationTicket(username, false, usertype.ToString());

        bool   isAdmin    = false;
        string defaultUrl = string.Empty;

        #region get default page for user type
        switch (usertype)
        {
        case 1:
            defaultUrl = ConfigurationManager.AppSettings["BuyerHomePage"];
            break;

        case 2:
            defaultUrl = ConfigurationManager.AppSettings["VendorHomePage"];
            break;

        case 3:
            defaultUrl = ConfigurationManager.AppSettings["PurchasingHomePage"];
            break;

        case 5:
            defaultUrl = ConfigurationManager.AppSettings["BidsOpeningCommitteeHomePage"];
            break;

        case 6:
            defaultUrl = ConfigurationManager.AppSettings["BidsAwardingCommitteeHomePage"];
            break;

        default:
            txtNote.Text = "Invalid username or password.";
            isAdmin      = true;
            break;
        }
        #endregion

        #region redirect user
        if (!isAdmin)
        {
            if (String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
            {
                Response.Redirect(defaultUrl);
            }
            else
            {
                // Verify if user is authorized to go to the redirection url
                // if not, redirect to login page
                string redirectUrl = FormsAuthentication.GetRedirectUrl(username, true);

                switch (usertype)
                {
                // buyer
                case 1:
                {
                    if ((redirectUrl.Contains("boc")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("purchasingscreens")))
                    {
                        redirectUrl = defaultUrl;
                    }

                    LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("boc")) || (redirectUrl.Contains("purchasingscreens")))
                    {
                        redirectUrl = defaultUrl;
                    }

                    LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("boc")))
                    {
                        redirectUrl = defaultUrl;
                    }

                    LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("purchasingscreens")))
                    {
                        redirectUrl = defaultUrl;
                    }

                    LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("bac")))
                    {
                        redirectUrl = defaultUrl;
                    }

                    LogHelper.EventLogHelper.Log("User Login : "******"";
                    txtNote.Text = "Invalid username or password.";
                    break;
                }
            }
        }
        else
        {
            //txtUserName.Text = "";
            txtNote.Text = "Invalid username or password.";
        }
        #endregion
    }
예제 #4
0
    protected void btnLogin_ServerClick(object sender, EventArgs e)
    {
        string username = txtUserName.Text.Trim();
        string password = EncryptionHelper.Encrypt(txtPassword.Text.Trim());

        // check user credentials
        if (CheckUserCredentials(username, password))
        // if ok,
        {
            SqlParameter[] sqlparams = new SqlParameter[1];
            sqlparams[0]       = new SqlParameter("@Userid", SqlDbType.Int);
            sqlparams[0].Value = userid;

            // get user info
            Session[Constant.SESSION_USERNAME] = username;
            Session[Constant.SESSION_PASSWORD] = password;
            Session[Constant.SESSION_USERTYPE] = usertype = (int)SqlHelper.ExecuteScalar(connstring, "sp_GetUserType", sqlparams);

            switch (usertype)
            {
            // admin
            case 4:
            {
                // Create authentication ticket/cookie
                FormsAuthenticationHelper.CreateAuthenticationTicket(username, false, usertype.ToString());

                // Get the Web application configuration.
                //System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/EBid");

                // Get the external Authentication section.
                //AuthenticationSection authenticationSection = (AuthenticationSection)configuration.GetSection("system.web/authentication");
                AuthenticationSection authenticationSection = (AuthenticationSection)System.Configuration.ConfigurationManager.GetSection("system.web/authentication");

                // Get the external Forms section .
                //FormsAuthenticationConfiguration formsAuthentication = authenticationSection.Forms;

                //formsAuthentication.DefaultUrl = System.Configuration.ConfigurationManager.AppSettings["AdminHomePage"];
                string DefaultUrl = System.Configuration.ConfigurationManager.AppSettings["AdminHomePage"];

                if (String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
                {
                    //Response.Redirect(formsAuthentication.DefaultUrl);
                    Response.Redirect(DefaultUrl);
                }
                else
                {
                    string redirectUrl = FormsAuthentication.GetRedirectUrl(username, true);

                    LogHelper.TextLogHelper.Log("User Login : "******"admin/"))
                    {
                        Response.Redirect(redirectUrl);
                    }
                    else
                    {
                        //Response.Redirect(formsAuthentication.DefaultUrl);
                        Response.Redirect(DefaultUrl);
                    }
                }
                break;
            }

            default:
                txtNote.Text = "Only Administrators can use this site.";
                break;
            }
        }
        // if not, prompt incorrect username/password
        else
        {
            txtNote.Text = "Invalid username or password.";
        }
    }