[ValidateAntiForgeryToken]//防伪造令牌来避免CSRF攻击 public ActionResult Index(LogOnModel model) { #region 验证码验证 if (GetSession("ValidateCode") != null && model.ValidateCode != null && model.ValidateCode.ToLower() != GetSession("ValidateCode").ToString()) { ModelState.AddModelError("Error_PersonLogin", "验证码错误!"); return(View()); } SetSession("ValidateCode", null); #endregion if (ModelState.IsValid) { SMUSERTB person = SMUSERTBService.ValidateUser(model.PersonName, Encrypt.DecodeText(model.Password)); if (person != null) //登录成功 { Account account = person.ToAccount(); string sessionId = Guid.NewGuid().ToString();//作为Memcache的key try { MemcacheHelper.Set(sessionId, Common.SerializerHelper.SerializeToString(account), DateTime.Now.AddMinutes(20));//使用Memcache代替Session解决数据在不同Web服务器之间共享的问题。 } catch (Exception ex) { throw new Exception(ex.Message); } //Response.Cookies["sessionId"].Value = sessionId;//将Memcache的key以cookie的形式返回到浏览器端的内存中,当用户再次请求其它的页面请求报文中会以Cookie将该值再次发送服务端。 SetCookies("sessionId", sessionId); if (model.RememberMe) { // HttpCookie ckUid = new HttpCookie("ckUid", model.PersonName); // HttpCookie ckPwd = new HttpCookie("ckPwd", Encrypt.DecodeText(model.Password)); // ckUid.Expires = DateTime.Now.AddDays(3); // ckPwd.Expires = DateTime.Now.AddDays(3); // Response.Cookies["sessionId"].Expires = DateTime.Now.AddDays(3); // Response.Cookies.Add(ckUid); // Response.Cookies.Add(ckPwd); SetCookies("ckUid", model.PersonName, 60 * 60 * 24 * 3); SetCookies("ckPwd", Encrypt.DecodeText(model.Password), 60 * 60 * 24 * 3); } return(RedirectToAction("Index", "Home")); } } ModelState.AddModelError("Error_PersonLogin", "用户名或者密码出错。"); return(View()); }
/// <summary> /// 判断Cookie信息 /// </summary> private void CheckCookieInfo() { if (Request.Cookies["ckUid"] != null && Request.Cookies["ckPwd"] != null) { string userName = Request.Cookies["ckUid"].Value; string userPwd = Request.Cookies["ckPwd"].Value; //判断Cookie中存储的用户密码和用户名是否正确. SMUSERTB person = SMUSERTBService.ValidateUser(userName, userPwd); if (person != null) { string sessionId = Guid.NewGuid().ToString(); //作为Memcache的key var account = person.ToAccount(); Common.MemcacheHelper.Set(sessionId, Common.SerializerHelper.SerializeToString(account), DateTime.Now.AddMinutes(20)); //使用Memcache代替Session解决数据在不同Web服务器之间共享的问题。 Response.Cookies["sessionId"].Value = sessionId; //将Memcache的key以cookie的形式返回到浏览器端的内存中,当用户再次请求其它的页面请求报文中会以Cookie将该值再次发送服务端。 //Response.Redirect("/Home/Index"); 尽量不要用这样的写法 RedirectToAction("Index", "Home"); } else { //如果说帐号秘密是错误的,就没必要再把登录用户名和密码存在cookies中了 Response.Cookies["ckUid"].Expires = DateTime.Now.AddDays(-1); Response.Cookies["ckPwd"].Expires = DateTime.Now.AddDays(-1); } } }
public ActionResult ChangePassword(ChangePasswordModel model) { string currentPerson = GetCurrentAccount().UID; ViewBag.PersonNamea = currentPerson; if (string.IsNullOrWhiteSpace(currentPerson)) { ModelState.AddModelError("Error_PwdModify", "对不起,请重新登陆"); return(View()); } if (ModelState.IsValid) { if (null != (SMUSERTBService.ValidateUser(currentPerson, xEncrypt.EncryptText(model.OldPassword)))) { if (SMUSERTBService.ChangePassword(currentPerson, xEncrypt.EncryptText(model.OldPassword), xEncrypt.EncryptText(model.NewPassword))) { ModelState.AddModelError("Error_PwdModify", "修改密码成功"); return(View()); } } } ModelState.AddModelError("Error_PwdModify", "修改密码不成功,请核实数据"); return(View()); }