public String userLogContent(CODE_USER codeUser) { String content = ""; content += StringUtil.toString(codeUser.USER_ID) + "|"; content += StringUtil.toString(codeUser.USER_UNIT) + "|"; content += StringUtil.toString(codeUser.IS_DISABLED) + "|"; content += StringUtil.toString(codeUser.IS_MAIL) + "|"; content += StringUtil.toString(codeUser.MEMO) + "|"; content += StringUtil.toString(codeUser.DATA_STATUS) + "|"; content += StringUtil.toString(codeUser.CREATE_UID) + "|"; content += codeUser.CREATE_DT == null ? "|" : codeUser.CREATE_DT + "|"; content += StringUtil.toString(codeUser.LAST_UPDATE_UID) + "|"; content += codeUser.LAST_UPDATE_DT == null ? "|" : codeUser.LAST_UPDATE_DT + "|"; content += StringUtil.toString(codeUser.APPR_UID) + "|"; content += codeUser.APPR_DT == null ? "|" : codeUser.APPR_DT + "|"; content += StringUtil.toString(codeUser.FREEZE_UID) + "|"; content += codeUser.FREEZE_DT == null ? "|" : codeUser.FREEZE_DT + "|"; content += codeUser.LAST_LOGIN_DT == null ? "|" : codeUser.LAST_LOGIN_DT + "|"; content += codeUser.LAST_LOGOUT_DT == null ? "|" : codeUser.LAST_LOGOUT_DT + "|"; return(content); }
/// <summary> /// 處理使用者角色異動 /// </summary> /// <param name="roleId"></param> /// <param name="aplyNO"></param> /// <param name="conn"></param> /// <param name="transaction"></param> private void procUserRoleHis(CODE_USER cODEUSERO, string aplyNo, SqlConnection conn, SqlTransaction transaction) { CodeUserRoleHisDao codeUserRoleHisDao = new CodeUserRoleHisDao(); List <CodeUserRoleModel> cRoleList = codeUserRoleHisDao.qryByAplyNo(aplyNo); if (cRoleList != null) { if (cRoleList.Count > 0) { CodeUserRoleDao codeUserRoleDao = new CodeUserRoleDao(); foreach (CodeUserRoleModel d in cRoleList) { CODE_USER_ROLE dRole = new CODE_USER_ROLE(); Log log = new Log(); switch (d.execAction) { case "A": dRole.USER_ID = cODEUSERO.USER_ID; dRole.ROLE_ID = d.roleId; dRole.CREATE_UID = cODEUSERO.LAST_UPDATE_UID; dRole.CREATE_DT = cODEUSERO.LAST_UPDATE_DT; //新增資料 codeUserRoleDao.insert(dRole, conn, transaction); //新增LOG log.CFUNCTION = "使用者管理(角色授權)-新增"; log.CACTION = "A"; log.CCONTENT = codeUserRoleDao.logContent(dRole); LogDao.Insert(log, Session["UserID"].ToString()); break; case "D": dRole = codeUserRoleDao.qryByKey(cODEUSERO.USER_ID, d.roleId); //新增LOG log.CFUNCTION = "使用者管理(角色授權)-刪除"; log.CACTION = "D"; log.CCONTENT = codeUserRoleDao.logContent(dRole); LogDao.Insert(log, Session["UserID"].ToString()); //刪除資料 codeUserRoleDao.delete(dRole, conn, transaction); break; default: break; } } } } }
public int Update(CODE_USER user, SqlConnection conn, SqlTransaction transaction) { string sql = @"update [CODE_USER] set USER_UNIT = @USER_UNIT ,IS_DISABLED = @IS_DISABLED ,IS_MAIL = @IS_MAIL ,MEMO = @MEMO ,DATA_STATUS = @DATA_STATUS ,CREATE_UID = @CREATE_UID ,CREATE_DT = @CREATE_DT ,LAST_UPDATE_UID = @LAST_UPDATE_UID ,LAST_UPDATE_DT = @LAST_UPDATE_DT ,APPR_UID = @APPR_UID ,APPR_DT = @APPR_DT ,FREEZE_UID = @FREEZE_UID ,FREEZE_DT = @FREEZE_DT ,LAST_LOGIN_DT = @LAST_LOGIN_DT ,LAST_LOGOUT_DT = @LAST_LOGOUT_DT where USER_ID = @USER_ID "; SqlCommand cmd = conn.CreateCommand(); cmd.Connection = conn; cmd.Transaction = transaction; try { cmd.CommandText = sql; cmd.Parameters.AddWithValue("@USER_ID", StringUtil.toString(user.USER_ID)); cmd.Parameters.AddWithValue("@USER_UNIT", StringUtil.toString(user.USER_UNIT)); cmd.Parameters.AddWithValue("@IS_DISABLED", StringUtil.toString(user.IS_DISABLED)); cmd.Parameters.AddWithValue("@IS_MAIL", StringUtil.toString(user.IS_MAIL)); cmd.Parameters.AddWithValue("@MEMO", StringUtil.toString(user.MEMO)); cmd.Parameters.AddWithValue("@DATA_STATUS", StringUtil.toString(user.DATA_STATUS)); cmd.Parameters.AddWithValue("@CREATE_UID", StringUtil.toString(user.CREATE_UID)); cmd.Parameters.Add("@CREATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.CREATE_DT ?? System.DBNull.Value; cmd.Parameters.AddWithValue("@LAST_UPDATE_UID", StringUtil.toString(user.LAST_UPDATE_UID)); cmd.Parameters.Add("@LAST_UPDATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_UPDATE_DT ?? System.DBNull.Value; cmd.Parameters.AddWithValue("@APPR_UID", StringUtil.toString(user.APPR_UID)); cmd.Parameters.Add("@APPR_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.APPR_DT ?? System.DBNull.Value; cmd.Parameters.AddWithValue("@FREEZE_UID", StringUtil.toString(user.FREEZE_UID)); cmd.Parameters.Add("@FREEZE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.FREEZE_DT ?? System.DBNull.Value; cmd.Parameters.Add("@LAST_LOGIN_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_LOGIN_DT ?? System.DBNull.Value; cmd.Parameters.Add("@LAST_LOGOUT_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_LOGOUT_DT ?? System.DBNull.Value; int cnt = cmd.ExecuteNonQuery(); return(cnt); } catch (Exception e) { throw e; } }
public ActionResult Logout() { logger.Info("[AccountController][Logout]Session[UserID]:" + Session["UserID"]?.ToString()); try { CodeUserDao codeUserDao = new CodeUserDao(); CODE_USER codeUser = codeUserDao.qryUserByKey(Session["UserID"]?.ToString()); writeLog("O", true, Session["UserID"]?.ToString(), codeUser); Session.Clear(); Session.Abandon(); //Response.Cookies["ASP.NET_SessionId"].Value = ""; //Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-30); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["adAuthCookie"] != null) { Response.Cookies["adAuthCookie"].Value = string.Empty; Response.Cookies["adAuthCookie"].Expires = DateTime.Now.AddMonths(-20); } ////建立一個同名的 Cookie 來覆蓋原本的 Cookie //HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, ""); //cookie1.Expires = DateTime.Now.AddYears(-1); //Response.Cookies.Add(cookie1); ////建立 ASP.NET 的 Session Cookie 同樣是為了覆蓋 //HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", ""); //cookie2.Expires = DateTime.Now.AddYears(-1); //Response.Cookies.Add(cookie2); TempData["Logout"] = "true"; //Response.Cache.SetNoStore(); return(RedirectToAction("Login")); } catch (Exception e) { return(RedirectToAction("Login")); logger.Error("[AccountController][Logout]e:" + e.ToString()); } }
/// <summary> /// 以鍵項查詢使用者資料 /// </summary> /// <param name="userId"></param> /// <returns></returns> public CODE_USER qryUserByKey(String userId) { using (new TransactionScope( TransactionScopeOption.Required, new TransactionOptions { IsolationLevel = System.Transactions.IsolationLevel.ReadUncommitted })) { using (dbTreasuryEntities db = new dbTreasuryEntities()) { CODE_USER codeUser = db.CODE_USER.Where(x => x.USER_ID == userId).FirstOrDefault <CODE_USER>(); return(codeUser); } } }
///// <summary> ///// 以userId為鍵項,查詢使用者資料 ///// </summary> ///// <param name="userId"></param> ///// <returns></returns> //public CODE_USER qryByKey(String userId) { // using (dbTreasuryEntities db = new dbTreasuryEntities()) // { // CODE_USER codeUser = db.CODE_USER.Where(x => x.USER_ID == userId).FirstOrDefault<CODE_USER>(); // return codeUser; // } //} /// <summary> /// 異動user的login、logout時間 /// </summary> /// <param name="userId"></param> /// <param name="type"></param> public void updateLogInOut(String userId, String type) { using (dbTreasuryEntities db = new dbTreasuryEntities()) { CODE_USER codeUser = db.CODE_USER.Where(x => x.USER_ID == userId).FirstOrDefault <CODE_USER>(); if ("I".Equals(type)) { codeUser.LAST_LOGIN_DT = DateUtil.getCurDateTime(); } else { codeUser.LAST_LOGOUT_DT = DateUtil.getCurDateTime(); } int cnt = db.SaveChanges(); } }
/// <summary> /// 新增稽核軌跡 /// </summary> /// <param name="codeUserDao"></param> /// <param name="codeUser"></param> /// <param name="conn"></param> /// <param name="transaction"></param> public void procTrackLog(string type, CodeUserDao codeUserDao, CODE_USER codeUser, SqlConnection conn, SqlTransaction transaction) { PIA_LOG_MAIN piaLog = new PIA_LOG_MAIN(); piaLog.TRACKING_TYPE = "A"; piaLog.ACCESS_ACCOUNT = Session["UserID"].ToString(); piaLog.ACCOUNT_NAME = Session["UserName"].ToString(); piaLog.PROGFUN_NAME = "UserReview"; piaLog.ACCESSOBJ_NAME = "CodeUser"; piaLog.EXECUTION_TYPE = type; piaLog.EXECUTION_CONTENT = codeUserDao.userLogContent(codeUser); piaLog.AFFECT_ROWS = 1; piaLog.PIA_OWNER1 = codeUser.USER_ID; piaLog.PIA_OWNER2 = ""; piaLog.PIA_TYPE = "0100000000"; PiaLogMainDao piaLogMainDao = new PiaLogMainDao(); piaLogMainDao.Insert(piaLog, conn, transaction); }
public JsonResult execReviewU(string aplyNo, string userId, string apprStatus) { string strConn = DbUtil.GetDBTreasuryConnStr(); using (SqlConnection conn = new SqlConnection(strConn)) { conn.Open(); SqlTransaction transaction = conn.BeginTransaction("Transaction"); try { AuthApprDao AuthApprDao = new AuthApprDao(); AUTH_APPR authAppr = AuthApprDao.qryByKey(aplyNo); if (StringUtil.toString(authAppr.CREATE_UID).Equals(Session["UserID"].ToString())) { return(Json(new { success = false, errors = "覆核人員與申請人員相同,不可執行覆核作業!!" }, JsonRequestBehavior.AllowGet)); } //異動使用者資料檔 string cExecType = ""; CodeUserHisDao codeUserHisDao = new CodeUserHisDao(); CodeUserDao codeUserDao = new CodeUserDao(); CODE_USER cODEUSERO = new CODE_USER(); CODE_USER_HIS codeUserHis = codeUserHisDao.qryByAplyNo(aplyNo); string execAction = ""; if (codeUserHis != null) { execAction = StringUtil.toString(codeUserHis.EXEC_ACTION); } if ("A".Equals(execAction)) //新增使用者 { } else { //異動角色 cODEUSERO = codeUserDao.qryUserByKey(userId); } if ("A".Equals(execAction)) { if ("2".Equals(apprStatus)) { cODEUSERO.USER_ID = StringUtil.toString(codeUserHis.USER_ID); cODEUSERO.IS_DISABLED = codeUserHis.IS_DISABLED; cODEUSERO.IS_MAIL = codeUserHis.IS_MAIL; cODEUSERO.MEMO = codeUserHis.MEMO; cODEUSERO.DATA_STATUS = "1"; cODEUSERO.CREATE_UID = authAppr.CREATE_UID; cODEUSERO.CREATE_DT = authAppr.CREATE_DT; cODEUSERO.LAST_UPDATE_UID = StringUtil.toString(authAppr.CREATE_UID); cODEUSERO.LAST_UPDATE_DT = authAppr.CREATE_DT; cODEUSERO.APPR_UID = Session["UserID"].ToString(); cODEUSERO.APPR_DT = DateTime.Now; int cnt = codeUserDao.Create(cODEUSERO, conn, transaction); //新增LOG Log log = new Log(); log.CFUNCTION = "使用者管理-新增"; log.CACTION = "A"; log.CCONTENT = codeUserDao.userLogContent(cODEUSERO); LogDao.Insert(log, Session["UserID"].ToString()); //新增稽核軌跡 procTrackLog("A", codeUserDao, cODEUSERO, conn, transaction); } } else { //新增LOG Log log = new Log(); log.CFUNCTION = "使用者管理-修改"; log.CACTION = "U"; log.CCONTENT = codeUserDao.userLogContent(cODEUSERO); LogDao.Insert(log, Session["UserID"].ToString()); cODEUSERO.DATA_STATUS = "1"; cODEUSERO.LAST_UPDATE_UID = StringUtil.toString(authAppr.CREATE_UID); cODEUSERO.LAST_UPDATE_DT = authAppr.CREATE_DT; cODEUSERO.APPR_UID = Session["UserID"].ToString(); cODEUSERO.APPR_DT = DateTime.Now; cODEUSERO.FREEZE_DT = null; cODEUSERO.FREEZE_UID = ""; if ("U".Equals(execAction) && "2".Equals(apprStatus)) { cODEUSERO.IS_DISABLED = codeUserHis.IS_DISABLED; cODEUSERO.IS_MAIL = StringUtil.toString(codeUserHis.IS_MAIL); cODEUSERO.MEMO = StringUtil.toString(codeUserHis.MEMO); } int cnt = codeUserDao.Update(cODEUSERO, conn, transaction); //20190418 201904160117-00 Bianco 修改稽核軌跡 procTrackLog("E", codeUserDao, cODEUSERO, conn, transaction); } //覆核狀態=核可時 if ("2".Equals(apprStatus)) { procUserRoleHis(cODEUSERO, aplyNo, conn, transaction); //異動使用者角色 } //異動覆核資料檔 procAuthAppr(aplyNo, apprStatus, conn, transaction); transaction.Commit(); return(Json(new { success = true })); } catch (Exception e) { transaction.Rollback(); logger.Error("[execReviewR]其它錯誤:" + e.ToString()); return(Json(new { success = false, errors = "其它錯誤,請洽系統管理員!!" }, JsonRequestBehavior.AllowGet)); } } }
///// <summary> ///// 開啟使用者修改明細畫面 ///// </summary> ///// <param name="aplyNo"></param> ///// <returns></returns> //public ActionResult detailUser(string cReviewSeq) //{ // try // { // using (DbAccountEntities db = new DbAccountEntities()) // { // CodeUserHisDao codeUserHisDao = new CodeUserHisDao(); // AuthReviewUserModel userData = codeUserHisDao.qryByNowHis(cReviewSeq, db); // string[] cDateTime = userData.cCrtDateTime.Split(' '); // userData.cCrtDateTime = DateUtil.formatDateTimeDbToSc(cDateTime[0] + " " + cDateTime[1], "DT"); // ViewBag.bHaveData = "Y"; // ViewBag.cReviewSeq = cReviewSeq; // return View(userData); // } // } // catch (Exception e) // { // ViewBag.bHaveData = "N"; // return View(); // } //} /// <summary> /// 開啟使用者修改明細畫面 /// </summary> /// <param name="aplyNo"></param> /// <returns></returns> public ActionResult detailUser(string aplyNo, string userId) { try { string execAction = ""; AuthApprDao AuthApprDao = new AuthApprDao(); AUTH_APPR authAppr = new AUTH_APPR(); if (!"".Equals(StringUtil.toString(aplyNo))) { authAppr = AuthApprDao.qryByKey(aplyNo); ViewBag.bView = "N"; } else { authAppr = AuthApprDao.qryByFreeRole(userId); if (authAppr != null) { aplyNo = StringUtil.toString(authAppr.APLY_NO); } ViewBag.bView = "Y"; } AuthReviewUserModel userData = new AuthReviewUserModel(); userData.aplyNo = aplyNo; userData.userId = authAppr.APPR_MAPPING_KEY; userData.createUid = authAppr.CREATE_UID; OaEmpDao oaEmpDao = new OaEmpDao(); using (DB_INTRAEntities dbIntra = new DB_INTRAEntities()) { try { userData.createUid = userData.createUid == null ? "" : StringUtil.toString(oaEmpDao.qryByUsrId(userData.createUid, dbIntra).EMP_NAME); userData.userName = userData.userId == null ? "" : StringUtil.toString(oaEmpDao.qryByUsrId(userData.userId, dbIntra).EMP_NAME); } catch (Exception e) { } } userData.createDt = authAppr.CREATE_DT.ToString(); SysCodeDao sysCodeDao = new SysCodeDao(); Dictionary <string, string> dicExecAction = sysCodeDao.qryByTypeDic("EXEC_ACTION"); Dictionary <string, string> dicYNFlag = sysCodeDao.qryByTypeDic("YN_FLAG"); CodeUserHisDao codeUserHisDao = new CodeUserHisDao(); CODE_USER_HIS codeUserHis = codeUserHisDao.qryByAplyNo(aplyNo); if (codeUserHis != null) { execAction = StringUtil.toString(codeUserHis.EXEC_ACTION); } if ("".Equals(execAction)) { CodeUserDao codeUserDao = new CodeUserDao(); CODE_USER codeUser = new CODE_USER(); codeUser = codeUserDao.qryUserByKey(authAppr.APPR_MAPPING_KEY); userData.isMailB = StringUtil.toString(codeUser.IS_MAIL); userData.isDisabledB = StringUtil.toString(codeUser.IS_DISABLED); userData.memoB = StringUtil.toString(codeUser.MEMO); } else { if ("A".Equals(execAction)) { userData.isMail = StringUtil.toString(codeUserHis.IS_MAIL); userData.isDisabled = StringUtil.toString(codeUserHis.IS_DISABLED); userData.memo = StringUtil.toString(codeUserHis.MEMO); } else { userData.isMail = StringUtil.toString(codeUserHis.IS_MAIL); userData.isDisabled = StringUtil.toString(codeUserHis.IS_MAIL); userData.memo = StringUtil.toString(codeUserHis.MEMO); userData.isMailB = StringUtil.toString(codeUserHis.IS_MAIL_B); userData.isDisabledB = StringUtil.toString(codeUserHis.IS_DISABLED_B); userData.memoB = StringUtil.toString(codeUserHis.MEMO_B); } } userData.execAction = execAction; userData.execActionDesc = dicExecAction.ContainsKey(userData.execAction) ? dicExecAction[userData.execAction] : userData.execAction; userData.isDisabledDesc = dicYNFlag.ContainsKey(userData.isDisabled) ? dicYNFlag[userData.isDisabled] : userData.isDisabled; userData.isDisabledDescB = dicYNFlag.ContainsKey(userData.isDisabledB) ? dicYNFlag[userData.isDisabledB] : userData.isDisabledB; userData.isMailDesc = dicYNFlag.ContainsKey(userData.isMail) ? dicYNFlag[userData.isMail] : userData.isMail; userData.isMailDescB = dicYNFlag.ContainsKey(userData.isMailB) ? dicYNFlag[userData.isMailB] : userData.isMailB; ViewBag.bHaveData = "Y"; ViewBag.aplyNo = aplyNo; return(View(userData)); } catch (Exception e) { ViewBag.bHaveData = "N"; return(View()); } }
/// <summary> /// 異動使用者資訊 /// </summary> /// <param name="userMgrModel"></param> /// <returns></returns> public JsonResult updateUser(UserMgrModel userMgrModel, List <CodeUserRoleModel> roleData, string execAction) { bool bUserChg = false; bool bRoleChg = false; CodeUserDao codeUserDao = new CodeUserDao(); CODE_USER userO = codeUserDao.qryUserByKey(userMgrModel.cUserID); if ("A".Equals(execAction)) { if (userO != null) { if (!"".Equals(StringUtil.toString(userO.USER_ID))) { return(Json(new { success = false, err = "使用者已存在系統,不可新增!!" }, JsonRequestBehavior.AllowGet)); } } bUserChg = true; } else { if (userO == null) { return(Json(new { success = false, err = "該使用者不存在系統!!" }, JsonRequestBehavior.AllowGet)); } else { if (StringUtil.toString(userMgrModel.isDisabled).Equals(StringUtil.toString(userO.IS_DISABLED)) && StringUtil.toString(userMgrModel.isMail).Equals(StringUtil.toString(userO.IS_MAIL)) && StringUtil.toString(userMgrModel.vMemo).Equals(StringUtil.toString(userO.MEMO)) ) { bUserChg = false; } else { bUserChg = true; } } } //比對是否有異動"角色授權" CodeUserRoleDao codeUserRoleDao = new CodeUserRoleDao(); List <CodeUserRoleModel> roleDataO = codeUserRoleDao.qryByUserID(userMgrModel.cUserID); List <CodeUserRoleModel> roleList = new List <CodeUserRoleModel>(); if (roleData != null) { foreach (CodeUserRoleModel role in roleData) { CodeUserRoleModel codeUserRoleModel = new CodeUserRoleModel(); codeUserRoleModel.userId = StringUtil.toString(userMgrModel.cUserID); codeUserRoleModel.roleId = StringUtil.toString(role.roleId); if (roleDataO.Exists(x => x.roleId == role.roleId)) { codeUserRoleModel.execAction = ""; } else { bRoleChg = true; codeUserRoleModel.execAction = "A"; } roleList.Add(codeUserRoleModel); } } foreach (CodeUserRoleModel oRole in roleDataO) { if (roleList != null) { if (!roleList.Exists(x => x.roleId == oRole.roleId)) { bRoleChg = true; CodeUserRoleModel codeUserRoleModel = new CodeUserRoleModel(); codeUserRoleModel.userId = StringUtil.toString(userMgrModel.cUserID); codeUserRoleModel.roleId = StringUtil.toString(oRole.roleId); codeUserRoleModel.execAction = "D"; roleList.Add(codeUserRoleModel); } } else { bRoleChg = true; CodeUserRoleModel codeUserRoleModel = new CodeUserRoleModel(); codeUserRoleModel.userId = StringUtil.toString(oRole.userId); codeUserRoleModel.roleId = StringUtil.toString(oRole.roleId); codeUserRoleModel.execAction = "D"; roleList.Add(codeUserRoleModel); } } if (bUserChg == false && bRoleChg == false) { return(Json(new { success = false, errors = "未異動畫面資料,將不進行修改覆核作業!!" }, JsonRequestBehavior.AllowGet)); } /*------------------ DB處理 begin------------------*/ string strConn = DbUtil.GetDBTreasuryConnStr(); using (SqlConnection conn = new SqlConnection(strConn)) { conn.Open(); SqlTransaction transaction = conn.BeginTransaction("Transaction"); try { AuthApprDao authApprDao = new AuthApprDao(); AUTH_APPR authAppr = new AUTH_APPR(); authAppr.AUTH_APLY_TYPE = "U"; authAppr.APPR_STATUS = "1"; authAppr.APPR_MAPPING_KEY = userMgrModel.cUserID; authAppr.CREATE_UID = Session["UserID"].ToString(); //新增"覆核資料檔" string aplyNo = authApprDao.insert(authAppr, conn, transaction); // 異動"使用者資料檔"資料狀態 if (!"A".Equals(execAction)) { Log log = new Log(); log.CFUNCTION = "使用者管理-修改"; log.CACTION = "U"; log.CCONTENT = codeUserDao.userLogContent(userO); LogDao.Insert(log, Session["UserID"].ToString()); userO.DATA_STATUS = "2"; userO.LAST_UPDATE_UID = Session["UserID"].ToString(); userO.LAST_UPDATE_DT = DateTime.Now; userO.FREEZE_UID = Session["UserID"].ToString(); userO.FREEZE_DT = DateTime.Now; int cnt = codeUserDao.Update(userO, conn, transaction); } //處理使用者資料檔的異動 if (bUserChg) { CodeUserHisDao codeUserHisDao = new CodeUserHisDao(); CODE_USER_HIS userHis = new CODE_USER_HIS(); userHis.APLY_NO = aplyNo; userHis.USER_ID = userMgrModel.cUserID; userHis.IS_DISABLED = userMgrModel.isDisabled; userHis.IS_MAIL = userMgrModel.isMail; userHis.MEMO = userMgrModel.vMemo; if (!"A".Equals(execAction)) { userHis.IS_DISABLED_B = userO.IS_DISABLED; userHis.IS_MAIL_B = userO.IS_MAIL; userHis.MEMO_B = userO.MEMO; userHis.EXEC_ACTION = "U"; } else { userHis.EXEC_ACTION = "A"; } codeUserHisDao.insert(userHis, conn, transaction); } //處理角色金庫設備資料檔的異動 if (bRoleChg) { CodeUserRoleHisDao codeUserRoleHisDao = new CodeUserRoleHisDao(); foreach (CodeUserRoleModel role in roleList) { codeUserRoleHisDao.insert(aplyNo, role, conn, transaction); //if (!"".Equals(role.execAction)) //{ // codeUserRoleHisDao.insert(aplyNo, role, conn, transaction); //} } } transaction.Commit(); /*------------------ DB處理 end------------------*/ return(Json(new { success = true, aplyNo = aplyNo })); } catch (Exception e) { transaction.Rollback(); logger.Error("[updateUser]其它錯誤:" + e.ToString()); return(Json(new { success = false, err = "其它錯誤,請洽系統管理員!!" }, JsonRequestBehavior.AllowGet)); } } }
public ActionResult Login(LoginModel loginModel) { logger.Info("[AccountController][Login]UserId:" + loginModel.UserId); bool hasuser = System.Web.HttpContext.Current.User != null; bool isAuthenticated = hasuser && System.Web.HttpContext.Current.User.Identity.IsAuthenticated; if (ModelState.IsValid) //if (isAuthenticated) { logger.Info("[AccountController][Login]IsValid"); this.HttpContext.Response.RemoveOutputCacheItem(Url.Action("MenuByUser", "NavigationController")); string ADPath = System.Configuration.ConfigurationManager.AppSettings.Get("ADPath"); loginModel.UserId = loginModel.UserId.ToUpper(); DirectoryEntry entry = new DirectoryEntry(ADPath, loginModel.UserId, loginModel.Password); try { string objectSid = (new SecurityIdentifier((byte[])entry.Properties["objectSid"].Value, 0).Value); //AD驗證成功,檢查該user是否有系統權限 CodeUserDao codeUserDao = new CodeUserDao(); CODE_USER codeUser = codeUserDao.qryUserByKey(loginModel.UserId); if (codeUser != null) { if ("N".Equals(codeUser.IS_DISABLED)) { Session["UserID"] = loginModel.UserId; //Session["UserID"] = "A8272"; //Session["UserID"] = "A7040"; //Session["UserID"] = "A0190"; //Session["AgentID"] = codeUser.CAGENTID; //Session["UserName"] = ""; //Session["UserUnit"] = ""; OaEmpDao oaEmpDao = new OaEmpDao(); try { using (DB_INTRAEntities dbIntra = new DB_INTRAEntities()) { V_EMPLY2 emp = oaEmpDao.qryByUsrId(loginModel.UserId, dbIntra); if (emp != null) { Session["UserName"] = StringUtil.toString(emp.EMP_NAME); Session["UserUnit"] = StringUtil.toString(emp.DPT_CD); //Session["UserUnit"] = "VE303"; } } } catch (Exception e) { } writeLog("I", true, loginModel.UserId, codeUser); LoginProcess(loginModel.UserId, false); //System.Web.HttpContext context = System.Web.HttpContext.Current; //SessionIDManager smgr = new SessionIDManager(); //string newId = smgr.CreateSessionID(context); //string oldId = context.Session.SessionID; //bool redirected = false; //bool isAdded = false; //smgr.SaveSessionID(context, newId, out redirected, out isAdded); //string guid = Guid.NewGuid().ToString(); //string guid2 = Guid.NewGuid().ToString(); //Session["ASP.NET_SessionId"] = guid; //// now create a new cookie with this guid value //Response.Cookies["ASP.NET_SessionId"].Value = guid; //Response.Cookies["adAuthCookie"].Value = guid2; //Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", guid)); //Response.Cookies.Add(new HttpCookie("adAuthCookie", guid2)); return(RedirectToAction("Index", "Home")); } } writeLog("I", false, loginModel.UserId, null); ModelState.AddModelError("", "找不到這個使用者或登入帳號密碼失敗!"); return(View(loginModel)); } catch (Exception e) { logger.Error("[Login]其它錯誤:" + e.ToString()); writeLog("I", false, loginModel.UserId, null); //驗證失敗 ModelState.AddModelError("", "找不到這個使用者或登入帳號密碼失敗!"); return(View(loginModel)); } finally { logger.Info("[Login]finally:" + loginModel.UserId); //entry.Dispose(); } } else { logger.Info("[Login](ModelState.IsValid=false):" + loginModel.UserId); return(View(loginModel)); } }
private void writeLog(String type, bool bSuccess, String userId, CODE_USER codeUser) { CommonUtil commonUtil = new CommonUtil(); //logModel Log log = new Log(); log.CFUNCTION = "I".Equals(type) ? "登入作業" : "登出作業"; log.CACTION = "L"; log.CCONTENT = "UserId:" + userId + "| UserName:" + commonUtil.GetIPAddress() + "|" + ("I".Equals(type) ? "登入成功" : "登出成功"); //PiaLogMainModel PIA_LOG_MAIN piaLogMain = new PIA_LOG_MAIN(); piaLogMain.TRACKING_TYPE = "B"; piaLogMain.ACCESS_ACCOUNT = userId; piaLogMain.ACCOUNT_NAME = ""; piaLogMain.PROGFUN_NAME = "AccountController"; piaLogMain.EXECUTION_CONTENT = userId; piaLogMain.AFFECT_ROWS = 0; piaLogMain.PIA_TYPE = "0000000000"; if (bSuccess) { CodeUserDao codeUserDao = new CodeUserDao(); //更新login/logout日期時間 if ("I".Equals(type)) { codeUserDao.updateLogInOut(userId, "I"); } //codeUser.cLoginDateTime = DateTime.Now; else { codeUserDao.updateLogInOut(userId, "O"); } //codeUser.cLogoutDateTime = DateTime.Now; //寫入系統LOG LogDao.Insert(log, userId); //寫入稽核軌跡 //piaLogMain.ACCOUNT_NAME = codeUser.CUSERNAME; piaLogMain.EXECUTION_TYPE = "I".Equals(type) ? "LS" : "LO"; piaLogMain.ACCESSOBJ_NAME = "CodeUser"; PiaLogMainDao piaLogMainDao = new PiaLogMainDao(); piaLogMainDao.Insert(piaLogMain); } else { //寫入系統LOG log.CCONTENT = "UserId:" + userId + "| UserName:" + commonUtil.GetIPAddress() + "|" + "登入失敗"; LogDao.Insert(log, userId); //寫入稽核軌跡 piaLogMain.EXECUTION_TYPE = "LF"; piaLogMain.ACCESSOBJ_NAME = "AD"; PiaLogMainDao piaLogMainDao = new PiaLogMainDao(); piaLogMainDao.Insert(piaLogMain); } }
/// <summary> /// 新增使用者 /// </summary> /// <param name="user"></param> /// <param name="conn"></param> /// <param name="transaction"></param> /// <returns></returns> public int Create(CODE_USER user, SqlConnection conn, SqlTransaction transaction) { using (DB_INTRAEntities db = new DB_INTRAEntities()) { OaEmpDao oaEmpDao = new OaEmpDao(); V_EMPLY2 emp = new V_EMPLY2(); try { emp = oaEmpDao.qryByUsrId(user.USER_ID, db); if (emp != null) { user.USER_UNIT = StringUtil.toString(emp.DPT_CD); } } catch (Exception e) { throw e; } } string sql = @" INSERT INTO [dbo].[CODE_USER] ([USER_ID] ,[USER_UNIT] ,[IS_DISABLED] ,[IS_MAIL] ,[MEMO] ,[DATA_STATUS] ,[CREATE_UID] ,[CREATE_DT] ,[LAST_UPDATE_UID] ,[LAST_UPDATE_DT] ,[APPR_UID] ,[APPR_DT] ) VALUES ( @USER_ID ,@USER_UNIT ,@IS_DISABLED ,@IS_MAIL ,@MEMO ,@DATA_STATUS ,@CREATE_UID ,@CREATE_DT ,@LAST_UPDATE_UID ,@LAST_UPDATE_DT ,@APPR_UID ,@APPR_DT ) "; SqlCommand command = conn.CreateCommand(); command.Connection = conn; command.Transaction = transaction; try { command.CommandText = sql; command.Parameters.AddWithValue("@USER_ID", StringUtil.toString(user.USER_ID)); command.Parameters.AddWithValue("@USER_UNIT", StringUtil.toString(user.USER_UNIT)); command.Parameters.AddWithValue("@IS_DISABLED", StringUtil.toString(user.IS_DISABLED)); command.Parameters.AddWithValue("@IS_MAIL", StringUtil.toString(user.IS_MAIL)); command.Parameters.AddWithValue("@MEMO", StringUtil.toString(user.MEMO)); command.Parameters.AddWithValue("@DATA_STATUS", StringUtil.toString(user.DATA_STATUS)); command.Parameters.AddWithValue("@CREATE_UID", StringUtil.toString(user.CREATE_UID)); command.Parameters.Add("@CREATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.CREATE_DT ?? System.DBNull.Value; command.Parameters.AddWithValue("@LAST_UPDATE_UID", StringUtil.toString(user.LAST_UPDATE_UID)); command.Parameters.Add("@LAST_UPDATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_UPDATE_DT ?? System.DBNull.Value; command.Parameters.AddWithValue("@APPR_UID", StringUtil.toString(user.APPR_UID)); command.Parameters.Add("@APPR_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.APPR_DT ?? System.DBNull.Value; int cnt = command.ExecuteNonQuery(); return(cnt); } catch (Exception e) { throw e; } }