/// <summary> /// 用户密码加密处理功能 /// /// 用户的密码到底如何加密,数据库中如何存储用户的密码? /// 若是明文方式存储,在管理上会有很多漏洞,虽然调试时不方便,当时加密的密码相对是安全的, /// 而且最好是密码是不可逆的,这样安全性更高一些,各种不同的系统,这里适当的处理一下就饿可以了。 /// </summary> /// <param name="password">用户密码</param> /// <param name="salt">密码盐</param> /// <returns>处理后的密码</returns> public virtual string EncryptUserPassword(string password, string salt = null) { var result = SecretUtil.Md5(password, 32).ToUpper(); if (!string.IsNullOrEmpty(salt) && (salt.Length == 20)) { result = salt.Substring(6) + result + salt.Substring(6, 10); result = SecretUtil.Md5(result, 32).ToUpper(); result += salt; result = SecretUtil.Md5(result, 32).ToUpper(); } return(result); }
/// <summary> /// 对登录的用户进行数字签名 /// </summary> /// <param name="userInfo">登录信息</param> /// <returns>进行过数字签名的用户登录信息</returns> public static BaseUserInfo CreateSignature(BaseUserInfo userInfo) { if (userInfo != null) { if (string.IsNullOrEmpty(userInfo.Code)) { userInfo.Code = string.Empty; } if (string.IsNullOrEmpty(userInfo.CompanyCode)) { userInfo.CompanyCode = string.Empty; } if (string.IsNullOrEmpty(userInfo.CompanyId)) { userInfo.CompanyId = string.Empty; } if (string.IsNullOrEmpty(userInfo.CompanyName)) { userInfo.CompanyName = string.Empty; } if (string.IsNullOrEmpty(userInfo.DepartmentCode)) { userInfo.DepartmentCode = string.Empty; } if (string.IsNullOrEmpty(userInfo.DepartmentId)) { userInfo.DepartmentId = string.Empty; } if (string.IsNullOrEmpty(userInfo.DepartmentName)) { userInfo.DepartmentName = string.Empty; } if (string.IsNullOrEmpty(userInfo.NickName)) { userInfo.NickName = string.Empty; } if (string.IsNullOrEmpty(userInfo.OpenId)) { userInfo.OpenId = string.Empty; } if (string.IsNullOrEmpty(userInfo.RealName)) { userInfo.RealName = string.Empty; } if (string.IsNullOrEmpty(userInfo.UserName)) { userInfo.UserName = string.Empty; } // 需要签名的内容部分 var dataToSign = userInfo.Code + "_" + userInfo.CompanyCode + "_" + userInfo.CompanyId + "_" + userInfo.CompanyName + "_" + userInfo.DepartmentCode + "_" + userInfo.DepartmentId + "_" + userInfo.DepartmentName + "_" + userInfo.Id + "_" + userInfo.IdentityAuthentication + "_" + userInfo.IsAdministrator + "_" + userInfo.NickName + "_" + userInfo.OpenId + "_" + userInfo.RealName + "_" + userInfo.UserName; // 进行签名 userInfo.Signature = SecretUtil.Md5(dataToSign); } return(userInfo); }
/// <summary> /// 对登录的用户进行数字签名 /// </summary> /// <param name="userInfo">登录信息</param> /// <returns>进行过数字签名的用户登录信息</returns> public static bool VerifySignature(BaseUserInfo userInfo) { var result = false; if (userInfo != null && !string.IsNullOrEmpty(userInfo.Signature)) { if (string.IsNullOrEmpty(userInfo.Code)) { userInfo.Code = string.Empty; } if (string.IsNullOrEmpty(userInfo.CompanyCode)) { userInfo.CompanyCode = string.Empty; } if (string.IsNullOrEmpty(userInfo.CompanyId)) { userInfo.CompanyId = string.Empty; } if (string.IsNullOrEmpty(userInfo.CompanyName)) { userInfo.CompanyName = string.Empty; } if (string.IsNullOrEmpty(userInfo.DepartmentCode)) { userInfo.DepartmentCode = string.Empty; } if (string.IsNullOrEmpty(userInfo.DepartmentId)) { userInfo.DepartmentId = string.Empty; } if (string.IsNullOrEmpty(userInfo.DepartmentName)) { userInfo.DepartmentName = string.Empty; } if (string.IsNullOrEmpty(userInfo.NickName)) { userInfo.NickName = string.Empty; } if (string.IsNullOrEmpty(userInfo.OpenId)) { userInfo.OpenId = string.Empty; } if (string.IsNullOrEmpty(userInfo.RealName)) { userInfo.RealName = string.Empty; } if (string.IsNullOrEmpty(userInfo.UserName)) { userInfo.UserName = string.Empty; } // 需要签名的内容部分 var dataToSign = userInfo.Code + "_" + userInfo.CompanyCode + "_" + userInfo.CompanyId + "_" + userInfo.CompanyName + "_" + userInfo.DepartmentCode + "_" + userInfo.DepartmentId + "_" + userInfo.DepartmentName + "_" + userInfo.Id + "_" + userInfo.IdentityAuthentication + "_" + userInfo.IsAdministrator + "_" + userInfo.NickName + "_" + userInfo.OpenId + "_" + userInfo.RealName + "_" + userInfo.UserName; result = userInfo.Signature == SecretUtil.Md5(dataToSign); } return(result); }