diff --git a/Bootstrap.Admin/Controllers/HomeController.cs b/Bootstrap.Admin/Controllers/HomeController.cs
index 4d7b3372..a05de20e 100644
--- a/Bootstrap.Admin/Controllers/HomeController.cs
+++ b/Bootstrap.Admin/Controllers/HomeController.cs
@@ -1,5 +1,6 @@
using Bootstrap.Admin.Models;
using Bootstrap.DataAccess;
+using Bootstrap.Security;
using Longbow.Security.Principal;
using System.Web.Mvc;
using System.Web.Security;
@@ -49,7 +50,7 @@ namespace Bootstrap.Admin.Controllers
var model = new LoginModel();
if (string.IsNullOrEmpty(userName)) return View(model);
model.UserName = userName;
- if (LgbPrincipal.IsAdmin(userName, password) || UserHelper.Authenticate(userName, password))
+ if (LgbPrincipal.IsAdmin(userName, password) || BootstrapUser.Authenticate(userName, password))
{
FormsAuthentication.RedirectFromLoginPage(userName, remember == "true");
return new EmptyResult();
diff --git a/Bootstrap.Admin/Controllers/LoginController.cs b/Bootstrap.Admin/Controllers/LoginController.cs
index 1bce1950..c2e6f88e 100644
--- a/Bootstrap.Admin/Controllers/LoginController.cs
+++ b/Bootstrap.Admin/Controllers/LoginController.cs
@@ -1,4 +1,4 @@
-using Bootstrap.DataAccess;
+using Bootstrap.Security;
using Bootstrap.Security.Mvc;
using Longbow.Caching;
using Longbow.Security.Principal;
@@ -34,7 +34,7 @@ namespace Bootstrap.Admin.Controllers
dynamic user = value;
string userName = user.userName;
string password = user.password;
- if (LgbPrincipal.IsAdmin(userName, password) || UserHelper.Authenticate(userName, password))
+ if (LgbPrincipal.IsAdmin(userName, password) || BootstrapUser.Authenticate(userName, password))
{
var interval = int.Parse(Math.Round(FormsAuthentication.Timeout.TotalSeconds).ToString());
var token = CacheManager.AddOrUpdate(string.Format("WebApi-{0}", userName), interval, k => new LoginInfo() { UserName = userName, Token = Guid.NewGuid().ToString() }, (k, info) => info, "WebApi 数据缓存");
diff --git a/Bootstrap.DataAccess/Bootstrap.DataAccess.csproj b/Bootstrap.DataAccess/Bootstrap.DataAccess.csproj
index 5c15ddf5..504c03f7 100644
--- a/Bootstrap.DataAccess/Bootstrap.DataAccess.csproj
+++ b/Bootstrap.DataAccess/Bootstrap.DataAccess.csproj
@@ -39,6 +39,7 @@
true
+
diff --git a/Bootstrap.DataAccess/UserHelper.cs b/Bootstrap.DataAccess/UserHelper.cs
index e129b38e..9155fb9a 100644
--- a/Bootstrap.DataAccess/UserHelper.cs
+++ b/Bootstrap.DataAccess/UserHelper.cs
@@ -1,4 +1,5 @@
-using Longbow;
+using Bootstrap.Security;
+using Longbow;
using Longbow.Caching;
using Longbow.Caching.Configuration;
using Longbow.Data;
@@ -70,7 +71,7 @@ namespace Bootstrap.DataAccess
return CacheManager.GetOrAdd(key, CacheSection.RetrieveIntervalByKey(RetrieveUsersByNameDataKey), k =>
{
User user = null;
- string sql = "select u.ID, UserName, [Password], PassSalt, DisplayName, RegisterTime, ApprovedTime, case isnull(d.Code, '') when '' then '~/Content/images/uploader/' else d.Code end + Icon from Users u left join Dicts d on d.Define = '0' and d.Category = N'头像地址' and Name = N'头像路径' where ApprovedTime is not null and UserName = @UserName";
+ string sql = "select u.ID, UserName, DisplayName, RegisterTime, ApprovedTime, case isnull(d.Code, '') when '' then '~/Content/images/uploader/' else d.Code end + Icon from Users u left join Dicts d on d.Define = '0' and d.Category = N'头像地址' and Name = N'头像路径' where ApprovedTime is not null and UserName = @UserName";
DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql);
try
{
@@ -83,12 +84,10 @@ namespace Bootstrap.DataAccess
{
ID = (int)reader[0],
UserName = (string)reader[1],
- Password = (string)reader[2],
- PassSalt = (string)reader[3],
- DisplayName = (string)reader[4],
- RegisterTime = (DateTime)reader[5],
- ApprovedTime = (DateTime)reader[6],
- Icon = (string)reader[7]
+ DisplayName = (string)reader[2],
+ RegisterTime = (DateTime)reader[3],
+ ApprovedTime = (DateTime)reader[4],
+ Icon = (string)reader[5]
};
}
}
@@ -194,17 +193,6 @@ namespace Bootstrap.DataAccess
return ret;
}
///
- /// 验证用户登陆账号与密码正确
- ///
- ///
- ///
- ///
- public static bool Authenticate(string userName, string password)
- {
- var user = RetrieveUsersByName(userName);
- return user != null && user.Password == LgbCryptography.ComputeHash(password, user.PassSalt);
- }
- ///
/// 通过roleId获取所有用户
///
///
@@ -424,7 +412,7 @@ namespace Bootstrap.DataAccess
bool ret = false;
try
{
- if (Authenticate(user.UserName, user.Password))
+ if (BootstrapUser.Authenticate(user.UserName, user.Password))
{
string sql = "Update Users set Password = @Password, PassSalt = @PassSalt where UserName = @userName";
user.PassSalt = LgbCryptography.GenerateSalt();