/// <summary>
/// 具体判断方法
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
string ticket = httpContext.Request["Ticket"];
if (!string.IsNullOrEmpty(ticket))
{
//如果认证服务器返回票据,则记录
User user = new User
{
Name = "Client1"
};
FormsAuthenticationTicket authenticationTicket = FormsAuthenticationHelper.CreateAuthenticationTicket(user);
FormsAuthenticationHelper.SetAuthCookie(httpContext, authenticationTicket);
return(true);
}
FormsIdentity formsIdentity = httpContext.User.Identity as FormsIdentity;
//验证cookie 用户是否有效
if (formsIdentity == null)
{
return(false);
}
//这里可以做授权验证
//....
return(true);
}
public ActionResult Login(string userName, string password)
{
if ((userName == "qxh" && password == "123") || (userName == "jlp" && password == "123"))
{
//如果认证服务器返回票据,则记录
User user = new User
{
Name = "SSOServer"
};
FormsAuthenticationTicket authenticationTicket = FormsAuthenticationHelper.CreateAuthenticationTicket(user);
FormsAuthenticationHelper.SetAuthCookie(base.HttpContext, authenticationTicket);
string ReturnURL = Request["ReturnURL"] + "?Ticket=SSOServer";
return(Redirect(ReturnURL));
}
return(View());
}
private void RedirectUser(string username, int usertype)
{
// Create authentication ticket/cookie
FormsAuthenticationHelper.CreateAuthenticationTicket(username, false, usertype.ToString());
bool isAdmin = false;
string defaultUrl = string.Empty;
#region get default page for user type
switch (usertype)
{
case 1:
defaultUrl = ConfigurationManager.AppSettings["BuyerHomePage"];
break;
case 2:
defaultUrl = ConfigurationManager.AppSettings["VendorHomePage"];
break;
case 3:
defaultUrl = ConfigurationManager.AppSettings["PurchasingHomePage"];
break;
case 5:
defaultUrl = ConfigurationManager.AppSettings["BidsOpeningCommitteeHomePage"];
break;
case 6:
defaultUrl = ConfigurationManager.AppSettings["BidsAwardingCommitteeHomePage"];
break;
default:
txtNote.Text = "Invalid username or password.";
isAdmin = true;
break;
}
#endregion
#region redirect user
if (!isAdmin)
{
if (String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
Response.Redirect(defaultUrl);
}
else
{
// Verify if user is authorized to go to the redirection url
// if not, redirect to login page
string redirectUrl = FormsAuthentication.GetRedirectUrl(username, true);
switch (usertype)
{
// buyer
case 1:
{
if ((redirectUrl.Contains("boc")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("purchasingscreens")))
{
redirectUrl = defaultUrl;
}
LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("boc")) || (redirectUrl.Contains("purchasingscreens")))
{
redirectUrl = defaultUrl;
}
LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("boc")))
{
redirectUrl = defaultUrl;
}
LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("purchasingscreens")))
{
redirectUrl = defaultUrl;
}
LogHelper.EventLogHelper.Log("User Login : "******"buyerscreens")) || (redirectUrl.Contains("vendorscreens")) || (redirectUrl.Contains("bac")))
{
redirectUrl = defaultUrl;
}
LogHelper.EventLogHelper.Log("User Login : "******"";
txtNote.Text = "Invalid username or password.";
break;
}
}
}
else
{
//txtUserName.Text = "";
txtNote.Text = "Invalid username or password.";
}
#endregion
}
protected void btnLogin_ServerClick(object sender, EventArgs e)
{
string username = txtUserName.Text.Trim();
string password = EncryptionHelper.Encrypt(txtPassword.Text.Trim());
// check user credentials
if (CheckUserCredentials(username, password))
// if ok,
{
SqlParameter[] sqlparams = new SqlParameter[1];
sqlparams[0] = new SqlParameter("@Userid", SqlDbType.Int);
sqlparams[0].Value = userid;
// get user info
Session[Constant.SESSION_USERNAME] = username;
Session[Constant.SESSION_PASSWORD] = password;
Session[Constant.SESSION_USERTYPE] = usertype = (int)SqlHelper.ExecuteScalar(connstring, "sp_GetUserType", sqlparams);
switch (usertype)
{
// admin
case 4:
{
// Create authentication ticket/cookie
FormsAuthenticationHelper.CreateAuthenticationTicket(username, false, usertype.ToString());
// Get the Web application configuration.
//System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/EBid");
// Get the external Authentication section.
//AuthenticationSection authenticationSection = (AuthenticationSection)configuration.GetSection("system.web/authentication");
AuthenticationSection authenticationSection = (AuthenticationSection)System.Configuration.ConfigurationManager.GetSection("system.web/authentication");
// Get the external Forms section .
//FormsAuthenticationConfiguration formsAuthentication = authenticationSection.Forms;
//formsAuthentication.DefaultUrl = System.Configuration.ConfigurationManager.AppSettings["AdminHomePage"];
string DefaultUrl = System.Configuration.ConfigurationManager.AppSettings["AdminHomePage"];
if (String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
//Response.Redirect(formsAuthentication.DefaultUrl);
Response.Redirect(DefaultUrl);
}
else
{
string redirectUrl = FormsAuthentication.GetRedirectUrl(username, true);
LogHelper.TextLogHelper.Log("User Login : "******"admin/"))
{
Response.Redirect(redirectUrl);
}
else
{
//Response.Redirect(formsAuthentication.DefaultUrl);
Response.Redirect(DefaultUrl);
}
}
break;
}
default:
txtNote.Text = "Only Administrators can use this site.";
break;
}
}
// if not, prompt incorrect username/password
else
{
txtNote.Text = "Invalid username or password.";
}
}