首先贴出登陆部分的所有代码·
UI层的登陆部分代码
/// <summary>
/// 登陆按钮事件
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, ImageClickEventArgs e)
{
try
{
AuthorityManager am = new AuthorityManager();
if (Session["CheckCode"] == null || (this.textboxValid.Text.Trim() != Session["CheckCode"].ToString()))
{
this.messagePanel.ShowWarning("验证码输入错误,请核对后重新输入。");
ScriptManager.RegisterStartupScript(this.updatePanel, this.GetType(), "updatePanel", " ChangeCodeImg();", true);
return;
}
bool logined = false;
if (this.checkBoxCookie.Checked)
{
logined = am.Login(this.textboxLoginID.Text, this.textboxPassword.Text, false, null);
}
else
{
logined = am.Login(this.textboxLoginID.Text, this.textboxPassword.Text, false, null);
}
if (logined)
{
Response.Redirect("/Desktop/Default.aspx");
}
else
{
this.textboxPassword.Text = "";
this.textboxLoginID.Text = "";
this.textboxValid.Text = "";
this.messagePanel.ShowWarning("用户名和密码错误或者不存在,请核对后重新输入。");
ScriptManager.RegisterStartupScript(this.updatePanel, this.GetType(), "updatePanel", " ChangeCodeImg();", true);
}
}
catch (Exception exc)
{
Logger.Instance("Exception").Error(exc.Message);
return;
}
}
权限管理代码
public class AuthorityManager
{
private const string USER_LOGIN_COOKIE = "USER_LOGIN_COOKIE";
private const string USER_LOGIN_FOREVER_FLAG = "USER_LOGIN_FOREVER_FLAG";
private const string CURRENT_USER = "CURRENT_USER";
private static IList<string> Authorities = null;
public AuthorityManager()
{
Authorities = new List<string>();
if (CurrentUser == null)
{
return;
}
if (CurrentUser.UserInRoles == null || CurrentUser.UserInRoles.Count <= 0)
{
return;
}
foreach (var item in CurrentUser.UserInRoles)
{
foreach (var a in item.Role.Authorities)
{
Authorities.Add(a.Name);
}
}
}
/// <summary>
/// 当前用户
/// </summary>
public User CurrentUser
{
get
{
if (HttpContext.Current.Session[CURRENT_USER] != null)
{
return HttpContext.Current.Session[CURRENT_USER] as User;
}
Guid userID = GetUserIDFromCookie();
if (userID == Guid.Empty)
{
return null;
// HttpContext.Current.Response.Redirect("~/Login.aspx");
}
IMembership dao = SpringContext.Current.GetObject("MembershipDAO") as IMembership;
try
{
HttpContext.Current.Session[CURRENT_USER] = dao.GetUserBy(userID);
}
catch
{
return null;
}
return HttpContext.Current.Session[CURRENT_USER] as User;
}
}
/// <summary>
/// 判断用户是否保证某一权限
/// </summary>
/// <param name="auth">权限名称</param>
/// <returns>包含返回true,否则返回false</returns>
public bool IsAuthenticate(string auth)
{
return Authorities.Contains(auth);
}
/// <summary>
/// 用户登陆
/// </summary>
/// <param name="loginID">登陆ID</param>
/// <param name="password">登陆密码</param>
/// <param name="rememberMe">是否记住登陆</param>
/// <param name="expired">记住登陆的日期</param>
/// <returns>登陆是否成功</returns>
public bool Login(string loginID, string password, bool rememberMe, DateTime? expired)
{
IMembership dao = SpringContext.Current.GetObject("MembershipDAO") as IMembership;
try
{
if (!dao.Login(loginID, password))
{
return false;
}
User user = dao.GetUserBy(loginID);
Authorities.Clear();
foreach (var item in user.UserInRoles)
{
foreach (var a in item.Role.Authorities)
{
Authorities.Add(a.Name);
}
}
HttpContext.Current.Session[CURRENT_USER] = user;
////写入cookie
if (rememberMe)
{
// SetUserIDToCookie(user.ID, expired);
}
return true;
}
catch
{
return false;
}
}
/// <summary>
/// 注销当前用户的登录。
/// </summary>
public void Logoff()
{
HttpContext.Current.Session[CURRENT_USER] = null;
if (HttpContext.Current.Request.Cookies.Get(USER_LOGIN_COOKIE) != null)
{
HttpContext.Current.Response.Cookies[USER_LOGIN_COOKIE].Expires = DateTime.Now;
}
}
/// <summary>
/// 将登录用户的ID和过期日期设置到客户端的Cookie中。
/// </summary>
/// <param name="userID">用户ID编号。</param>
/// <param name="expired">登录的过期日期。</param>
private void SetUserIDToCookie(Guid userID, DateTime? expired)
{
HttpContext context = HttpContext.Current;
HttpCookie cookie = context.Request.Cookies[USER_LOGIN_COOKIE];
if (cookie == null)
{
cookie = new HttpCookie(USER_LOGIN_COOKIE);
}
cookie.Expires = expired.Value;
string cookieValue = string.Format("{0}@{1}", userID, expired.Value);
cookie[USER_LOGIN_FOREVER_FLAG] = StringSecurity.DESEncrypt(cookieValue);
context.Response.Cookies.Add(cookie);
}
/// <summary>
/// 取得目前访问的客户端Cookie中保存的用户ID。如果不存在或Cookie保持的登录过期,则返回Guid.Empty。
/// </summary>
/// <returns></returns>
private Guid GetUserIDFromCookie()
{
HttpContext context = HttpContext.Current;
if (context.Request.Cookies[USER_LOGIN_COOKIE] == null)
{
return Guid.Empty;
}
if (context.Request.Cookies[USER_LOGIN_COOKIE][USER_LOGIN_FOREVER_FLAG] == null)
{
return Guid.Empty;
}
string cookieValue = context.Request.Cookies[USER_LOGIN_COOKIE][USER_LOGIN_FOREVER_FLAG];
string cookieString = null;
try
{
cookieString = StringSecurity.DESDecrypt(cookieValue);
}
catch
{
return Guid.Empty;
}
string[] array = cookieString.Split('@');
DateTime expired = DateTime.MinValue;
try
{
expired = DateTime.Parse(array[1]);
}
catch
{
return Guid.Empty;
}
if (expired < DateTime.Now)
{
return Guid.Empty;
}
try
{
return new Guid(array[0]);
}
catch
{
return Guid.Empty;
}
}
}
登陆的低层操作代码
/// <summary>
/// 用户登陆
/// </summary>
/// <param name="loginID">登陆ID</param>
/// <param name="password">登陆密码</param>
/// <returns>登陆成功返回true,否则返回false</returns>
public bool Login(string loginID, string password)
{
try
{
var user = this.Ctx.Users.Single(u => u.LoginID == loginID);
if (!user.Enable)
{
Logger.Instance("Warning").Warn(string.Format("用户[{0}]登陆失败,帐号已经被禁用。", loginID));
return false;
}
if (user.Password == StringSecurity.StringToSHA1Hash(password))
{
Logger.Instance("Information").Info(string.Format("用户[{0}]登陆成功。", loginID));
user.LastLoginDateTime = DateTime.Now;
this.Ctx.SubmitChanges();
return true;
}
Logger.Instance("Warning").Warn(string.Format("用户[{0}]登陆失败,密码错误。", loginID));
return false;
}
catch (Exception exc)
{
Logger.Instance("Exception").Error(exc.Message);
return false;
}
}
为了方便错误的检查··我已经禁用了记住密码的功能,问题出现在使用阶段,本地调试完全找不到出错的地方,只有发布到IIS后,才会出现错误,始终提示: 用户名和密码错误的 提示所有用户无法进入系统. log4net.记录的日志文件下没有发现错误的记录···,系统在重新重置后恢复正常(修改下web.config或者关闭IIS再启动·)
请大伙帮我看看··到底问题出现在什么地方啊··经验不足··以前也没遇到过···
悬赏园豆:100
[已关闭问题]
