📄 security.cs
字号:
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace MyStarterKit.Portal.Web
{
//*********************************************************************
//
// PortalSecurity Class
//
// The PortalSecurity class encapsulates two helper methods that enable
// developers to easily check the role status of the current browser client.
//
//*********************************************************************
public class PortalSecurity {
#region 以MD5的方式加密指定字符串
//*********************************************************************
//
// Security.Encrypt() Method
//
// The Encrypt method encrypts a clean string into a hashed string
//
//*********************************************************************
/// <summary>
/// 以MD5的方式加密指定字符串
/// </summary>
/// <param name="cleanString"></param>
/// <returns></returns>
public static string Encrypt(string cleanString)
{
Byte[] clearBytes = new UnicodeEncoding().GetBytes(cleanString);
Byte[] hashedBytes = ((HashAlgorithm) CryptoConfig.CreateFromName("MD5")).ComputeHash(clearBytes);
return BitConverter.ToString(hashedBytes);
}
#endregion
#region 确定当前用户是否属于指定角色
//*********************************************************************
//
// PortalSecurity.IsInRole() Method
//
// The IsInRole method enables developers to easily check the role
// status of the current browser client.
//
//*********************************************************************
public static bool IsInRole(String role)
{
return HttpContext.Current.User.IsInRole(role);
}
#endregion
#region 检查当前角色是否在指定的角色中
//*********************************************************************
//
// PortalSecurity.IsInRoles() Method
//
// The IsInRoles method enables developers to easily check the role
// status of the current browser client against an array of roles
//
//*********************************************************************
/// <summary>
/// 检查当前用户角色是否在指定的角色中
/// </summary>
/// <param name="roles"></param>
/// <returns></returns>
public static bool IsInRoles(String roles)
{
HttpContext context = HttpContext.Current;
foreach (String role in roles.Split( new char[] {';'} ))
{
//指定角色中有All Users的也表示通过
if (role != "" && role != null && ((role == "All Users") || (context.User.IsInRole(role))))
{
return true;
}
}
return false;
}
#endregion
#region 判断用户是否可以修改指定用户模块
//*********************************************************************
//
// PortalSecurity.HasEditPermissions() Method
//
// The HasEditPermissions method enables developers to easily check
// whether the current browser client has access to edit the settings
// of a specified portal module
//
//*********************************************************************
/// <summary>
/// 判断用户是否可以修改指定用户模块
/// </summary>
/// <param name="moduleId">用户模块Id</param>
/// <returns></returns>
public static bool HasEditPermissions(int moduleId)
{
string accessRoles;
string editRoles;
// 获取站点的设置信息
SiteConfiguration siteSettings = (SiteConfiguration) HttpContext.Current.Items["SiteSettings"];
// 在设置信息中找到指定模块的行(XML中的用户模块表Module)
SiteConfiguration.ModuleRow moduleRow = siteSettings.Module.FindByModuleId(moduleId);
//可编辑指定模块的角色信息
editRoles = moduleRow.EditRoles;
//可访问模块所属标签的角色信息
accessRoles = moduleRow.TabRow.AccessRoles;
//既有模块的编辑权,又有模块所属标签的访问权的才可修改指定模块
if(PortalSecurity.IsInRoles(accessRoles) == false || PortalSecurity.IsInRoles(editRoles) == false)
return false;
else
return true;
}
#endregion
}
#region 用户数据库访问类UsersDB Class
//*********************************************************************
//
// UsersDB Class
//
// The UsersDB class encapsulates all data logic necessary to add/login/query
// users within the Portal Users database.
//
// Important Note: The UsersDB class is only used when forms-based cookie
// authentication is enabled within the portal. When windows based
// authentication is used instead, then either the Windows SAM or Active Directory
// is used to store and validate all username/password credentials.
//
//*********************************************************************
/// <summary>
/// 用户数据库访问类
/// </summary>
public class UsersDB
{
#region 添加一个新用户(返回值大于-1表示添加成功)
//*********************************************************************
//
// UsersDB.AddUser() Method <a name="AddUser"></a>
//
// The AddUser method inserts a new user record into the "Users" database table.
//
// Other relevant sources:
// + <a href="AddUser.htm" style="color:green">AddUser Stored Procedure</a>
//
//*********************************************************************
/// <summary>
/// 添加一个新用户(返回值大于-1表示添加成功)
/// </summary>
/// <param name="fullName"></param>
/// <param name="email"></param>
/// <param name="password"></param>
/// <returns></returns>
public int AddUser(String fullName, String email, String password)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
SqlCommand myCommand = new SqlCommand("Portal_AddUser", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
// Add Parameters to SPROC
SqlParameter parameterFullName = new SqlParameter("@Name", SqlDbType.NVarChar, 50);
parameterFullName.Value = fullName;
myCommand.Parameters.Add(parameterFullName);
SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
parameterEmail.Value = email;
myCommand.Parameters.Add(parameterEmail);
SqlParameter parameterPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
parameterPassword.Value = password;
myCommand.Parameters.Add(parameterPassword);
SqlParameter parameterUserId = new SqlParameter("@UserID", SqlDbType.Int);
parameterUserId.Direction = ParameterDirection.Output;
myCommand.Parameters.Add(parameterUserId);
// Execute the command in a try/catch to catch duplicate username errors
try
{
// Open the connection and execute the Command
myConnection.Open();
myCommand.ExecuteNonQuery();
}
catch
{
//因为Email被限制为唯一性的索引,当插入相同的Email后就会报错
// failed to create a new user
return -1;
}
finally
{
// Close the Connection
if (myConnection.State == ConnectionState.Open)
myConnection.Close();
}
return (int) parameterUserId.Value;
}
#endregion
#region 删除用户(通过userId)
//*********************************************************************
//
// UsersDB.DeleteUser() Method <a name="DeleteUser"></a>
//
// The DeleteUser method deleted a user record from the "Users" database table.
//
// Other relevant sources:
// + <a href="DeleteUser.htm" style="color:green">DeleteUser Stored Procedure</a>
//
//*********************************************************************
public void DeleteUser(int userId)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -