Beispiel #1
0
    /// <summary>
    /// Modified by Anjali DT:6-jun-2016.
    /// To Authenticate User ,
    ///     1, If entered user cretentilas are valid , user will be authenticted.
    ///     2. If entered user cretentilas are not  valid , alert will be displayed.
    /// After authentication .
    ///     1. User information needed for further reference  will be added in Session such as UserId,Username,role,UserType etc.
    ///     2. Depend on User type user will be redirected to respective pages.
    ///         eg.Usertype ='SUPPLIER' redirected to 'WebQuotationDetails.aspx' etc.
    ///     3. If entered password is default password i.e. 1234  ,user will be redirected to change password page.
    ///     4. If user not updated his/her password more than 180 days , in this case also user will be redirected to change password page.
    ///     Modified By Alok /19/10/2016
    ///     Session ID store in session variable.
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void LoginUser_Authenticate(object sender, AuthenticateEventArgs e)
    {
        DataSet ds_ntLan      = new DataSet();
        DataSet ds_admincheck = new DataSet();

        string strUserID        = "";
        string strUserStyle     = "";
        string strUserType      = "";
        string strUserFullName  = "";
        string strUserCompany   = "";
        string strUserCompanyID = "";
        string UserIP           = "";
        string ClientBrowser    = "";
        string userid           = LoginUser.UserName.Trim().ToString().ToUpper();
        string UserName         = LoginUser.UserName.Trim().ToString();
        string password         = LoginUser.Password.Trim().ToString();


        ds_ntLan      = objBLL.Get_UserCredentials(userid, DMS.DES_Encrypt_Decrypt.Encrypt(password));
        ClientBrowser = Request.UserAgent;
        UserIP        = Request.UserHostAddress;
        string hostName  = Dns.GetHostName(); // Retrive the Name of HOST
        string MachineIP = Dns.GetHostByName(hostName).AddressList[0].ToString();

        if (ds_ntLan.Tables["Login"] != null)
        {
            if (ds_ntLan.Tables["Login"].Rows.Count > 0)
            {
                strUserID        = ds_ntLan.Tables["Login"].Rows[0]["UserId"].ToString();
                strUserStyle     = ds_ntLan.Tables["Login"].Rows[0]["style"].ToString();
                strUserType      = ds_ntLan.Tables["Login"].Rows[0]["User_Type"].ToString();
                strUserFullName  = ds_ntLan.Tables["Login"].Rows[0]["User_FullName"].ToString();
                strUserCompany   = ds_ntLan.Tables["Login"].Rows[0]["Company_Name"].ToString();
                strUserCompanyID = ds_ntLan.Tables["Login"].Rows[0]["COMPANY_ID"].ToString();

                int    PWD_Last_Updated_InDays = UDFLib.ConvertToInteger(ds_ntLan.Tables["Login"].Rows[0]["PWD_Last_Updated_InDays"]);
                string Role = objBLL.Get_User_Role(int.Parse(strUserID));

                Session["OCAGUID"] = Guid.NewGuid().ToString();
                if (!string.IsNullOrEmpty(strUserID) && !string.IsNullOrEmpty(Convert.ToString(Session["OCAGUID"])))
                {
                    try
                    {
                        int result = SqlHelper.ExecuteNonQuery(ConfigurationManager.ConnectionStrings["demoasp"].ConnectionString, CommandType.Text, "UPDATE USER_MASTER SET PassKey='" + Convert.ToString(Session["OCAGUID"]) + "' WHERE SMSLOG_User_ID=" + strUserID);
                    }
                    catch (Exception ex)
                    {
                        UDFLib.WriteExceptionLog(ex);
                    }
                }

                Session["ACCESSLEVEL"]      = ds_ntLan.Tables["Login"].Rows[0]["ACCESSLEVEL"].ToString();
                Session["ROLE"]             = Role;
                Session["USERNAME"]         = ds_ntLan.Tables["Login"].Rows[0]["User_name"].ToString();
                Session["USERID"]           = strUserID;
                Session["USERSTYLE"]        = strUserStyle;
                Session["UTYPE"]            = strUserType;
                Session["USERFULLNAME"]     = strUserFullName;
                Session["USERCOMPANY"]      = strUserCompany;
                Session["USERCOMPANYID"]    = strUserCompanyID;
                Session["SUPPLIER_ID"]      = ds_ntLan.Tables["Login"].Rows[0]["SUPPLIER_ID"].ToString();
                Session["SUPPNAME"]         = ds_ntLan.Tables["Login"].Rows[0]["FULL_NAME"].ToString();;
                Session["PASSSTRING"]       = ds_ntLan.Tables["Login"].Rows[0]["PASSSTRING"].ToString();
                Session["SUPPCODE"]         = ds_ntLan.Tables["Login"].Rows[0]["SUPPLIER"].ToString();
                Session["pwd"]              = password;
                Session["APPCOMPANYID"]     = ConfigurationManager.AppSettings["Company_ID"];
                Session["COMPANYTYPE"]      = ds_ntLan.Tables["Login"].Rows[0]["Company_Type"].ToString();
                Session["USERDEPARTMENTID"] = ds_ntLan.Tables["Login"].Rows[0]["Dep_Code"].ToString();
                Session["USERFLEETID"]      = ds_ntLan.Tables["Login"].Rows[0]["Tech_Manager"].ToString() != "" ? ds_ntLan.Tables["Login"].Rows[0]["Tech_Manager"].ToString() : "0";
                Session["USERMAILID"]       = ds_ntLan.Tables["Login"].Rows[0]["MailID"].ToString();

                Session["Company_Name_GL"]         = ds_ntLan.Tables["Login"].Rows[0]["Company_Name"].ToString();
                Session["Company_Address_GL"]      = ds_ntLan.Tables["Login"].Rows[0]["Company_Address"].ToString();
                Session["PWD_Last_Updated_InDays"] = PWD_Last_Updated_InDays;  //Added by Anjali DT:6-Jun-2016 JIT:9490 ||  To enforce Office user to change password ,when Office user not updated his/her password more than 180 days or password is default password i.e 1234 for all users.

                //Added a new session variable to store date format for logged in user.
                //Dateformat will be fetched from Lib_User table, if Lib_User doesn't have value then dateformat will be fetched from Lib_Company.
                //Session["User_DateFormat"] = ds_ntLan.Tables["Login"].Rows[0]["User_dateFormat"].ToString();

                Session["User_DateFormat"] = "dd-MM-yyyy";
                if (Convert.ToString(ds_ntLan.Tables["Login"].Rows[0]["Date_Format"]) != "")
                {
                    Session["User_DateFormat"] = ds_ntLan.Tables["Login"].Rows[0]["Date_Format"].ToString();
                }

                //string UserIP = "";
                //string ClientBrowser = "";

                //UserIP = Request.UserHostAddress;
                if (UserIP == null)
                {
                    UserIP = Request.ServerVariables["REMOTE_ADDR"];
                }


                objBLL.Start_Session(int.Parse(strUserID), Session.SessionID, UserIP, ClientBrowser);
                Session["Session"] = Session.SessionID;

                if (strUserType.ToUpper() == "SUPPLIER".ToUpper())
                {
                    FormsAuthentication.SetAuthCookie(strUserID, false);
                    Response.Redirect("~/webqtn/WebQuotationDetails.aspx");
                }
                else if (strUserType.ToUpper() == "TRAVEL AGENT".ToUpper())
                {
                    FormsAuthentication.SetAuthCookie(strUserID, false);
                    Response.Redirect("~/travel/RequestListAgent.aspx");
                }
                else
                {
                    //-- Default Password should be changed--
                    if (password == "1234" || password == Convert.ToString((1234 + Convert.ToInt32(Session["USERID"]))))
                    {
                        Response.Redirect("~/Account/ChangePassword.aspx?msg=YOUR DEFAULT PASSWORD IS EXPIRED!");
                    }
                    else if (strUserType == "OFFICE USER" && PWD_Last_Updated_InDays > 180)
                    {
                        FormsAuthentication.SetAuthCookie(strUserID, false);
                        Response.Redirect("~/Account/ChangePassword.aspx?msg=YOUR CURRENT PASSWORD IS EXPIRED! PLEASE CHANGE YOUR PASSWORD.");
                    }
                    else
                    {
                        FormsAuthentication.RedirectFromLoginPage(strUserID, false);
                    }
                    UserAccessLog(Session["USERNAME"].ToString(), Session["USERID"].ToString(), Session["Session"].ToString(), DateTime.Now, MachineIP, "Success", ClientBrowser, null);
                }
            }
            else
            {
                Session.Abandon();
                LoginUser.FailureText = "Log-In ID or Password is incorrect.";
                UserAccessLog(UserName, "NULL", "NULL", DateTime.Now, MachineIP, "Failure", ClientBrowser, ds_ntLan.Tables[1].Rows[0][0].ToString());
            }
        }
        else
        {
            Session.Abandon();
            LoginUser.FailureText = "Log-In ID or Password is incorrect.";
            UserAccessLog(UserName, "NULL", "NULL", DateTime.Now, MachineIP, "Failure", ClientBrowser, ds_ntLan.Tables[1].Rows[0][0].ToString());
        }
    }