client端:
首先通过MD5(MD5(输入密码)+登陆时间)方式加密,接着将生成的密码加loginTime发给服务器进行验证
//获取登陆时间
DateTime loginTime = DateTime.Now;
//生成登陆密码 MD5(MD5(输入密码)+登陆时间)
string password = MD5PasswordHelper.CreatPasswordWithLoginTime(MD5PasswordHelper.CreatePassword(txtPassword.Text.Trim()), loginTime.ToString("yyyyMMddhhmm"));
JsonResult<JsonUser> result = WebApiHelper.Logon(txtUserName.Text.Trim(), password, role, loginTime);
MD5PasswordHelper的CreatPasswordWithLoginTime方法:
/// <summary>
/// 创建登陆密码
/// </summary>
/// <param name="password">加密密码</param>
/// <param name="loginTime">登陆时间</param>
/// <returns></returns>
public static string CreatPasswordWithLoginTime(string password, string loginTime)
{
return MD5(password + loginTime);
}
/// <summary>
/// MD5函数
/// </summary>
/// <param name="str">原始字符串</param>
/// <returns>MD5结果</returns>
private static string MD5(string str)
{
byte[] b = Encoding.Default.GetBytes(str);
b = new MD5CryptoServiceProvider().ComputeHash(b);
string ret = "";
for (int i = 0; i < b.Length; i++)
ret += b[i].ToString("x").PadLeft(2, '0');
return ret;
}
然后通过webapi方式去服务器验证用户
bool result = WebApiHelper.Logon(txtUserName.Text.Trim(), password, role, loginTime);
WebApiHelper的Logon方法:
[HttpPost]
public static bool Logon(string account, string password, UserRole role, DateTime logonTime)
{
string errorMessage = null;
bool result = false;
string webapi = String.Format("api/Logon/Logon?account={0}&password={1}&role={2}&logonTime={3}", account, password, (int)role, logonTime);
HttpClient client = CreateNewHttpClient();
try
{
HttpResponseMessage response = client.GetAsync(webapi).Result;
if(response.IsSuccessStatusCode)
result = response.Content.ReadAsAsync<bool>().Result;
else
throw new HttpRequestException(String.Format("登录出错,错误代码: {0}", response.StatusCode));
}
catch (Exception e)
{
throw new Exception(String.Format("登录出错,错误代码: {0}", e.Message));
}
return result;
}
webapi服务端:
public class LogonController : ApiController
{
/// <summary>
/// 用户按照指定的角色进行登录
/// </summary>
/// <param name="account"></param>
/// <param name="password"></param>
/// <param name="role"></param>
/// <param name="logonTime">登陆时间</param>
/// <returns></returns>
[HttpGet]
public bool Logon(string account, string password, int role, DateTime logonTime)
{
bool result =false;
//判断登陆时间是否在规定的时间之内
TimeSpan a = new TimeSpan(0, 10, 0);
if ((DateTime.Now - logonTime).CompareTo(a) > 0)
{
result = false;
}
else
{
jsonUser user = UserModelHelper.RetrieveUser(account, password, role, logonTime);
if (user == null)
{
result = false;
}
else
result.IsSuccess = true;
}
return result;
}
}
public class UserModelHelper
{
//MD5加密方法
public static JsonUser RetrieveUser(string accountName, string password, int role, DateTime logonTime)
{
using (TeleMedicineEntities context = new TeleMedicineEntities())
{
var user = (from u in context.User
where u.EmployeeNo == accountName && u.Role == role && u.Status == (int)UserStatus.NormalUser
select u).FirstOrDefault();
if (user == null)
return null;
else
{
if (!MD5PasswordHelper.CheckPassword(user, password, logonTime.ToString("yyyyMMddhhmm")))//如果不密码不正确,返回null
return null;
JsonUser ju = new JsonUser();
ObjectHelper.CopyToObject<JsonUser>(user, ref ju);
return ju;
}
}
}