protected void btnUpdatePassword_Click(object sender, EventArgs e)
{
// once the new password is submitted, redirect them to the default url
// update the password for this user
RunStoredProcedure rsp = new RunStoredProcedure();
// join these two methods together
// encrypt password
string encryptedPassword = rsp.EncryptPassword(txtNewPassword.Text);
// update password stored in the database
rsp.UpdatePassword(txtUsername.Text, encryptedPassword);
//ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('Password updated');location.href='/Web_Forms/Default.aspx';", true); // show alert textbox first then redirect to default url
AlertMessage alert = new AlertMessage();
alert.DisplayMessage("Password updated!");
// hide the current objetcs displayed and display a textbox to write their new password
divLogin.Visible = true;
divNewPassword.Visible = false;
txtUsername.Focus();
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string groups, displayName;
string[] groupArray;
StringBuilder groupsList = new StringBuilder();
AuthenticateUser authUser = new AuthenticateUser("LDAP://MRSLGROUP");
try
{
using (HostingEnvironment.Impersonate())
{
if (true == authUser.IsAuthenticated("MRSLGROUP", txtUsername.Text, txtPassword.Text)) // check if login details are valid - checking from Active Directory User Account details
{
groups = authUser.GetGroups(txtUsername.Text); // retrieve user groups + display name
groupArray = groups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
Session["Username"] = txtUsername.Text;
UserCredentials.Username = txtUsername.Text; // record username
displayName = groupArray[groupArray.Length - 1];
Session["DisplayName"] = displayName;
UserCredentials.DisplayName = displayName;
groupArray = groupArray.Take(groupArray.Count() - 1).ToArray(); // delete the last array item (display name), to keep this array variable set to usr groups only
for (int i = 0; i < groupArray.Length; i++)
{
groupsList.Append(groupArray[i]); // store group name
groupsList.Append("|"); // add a back slash delimeter
}
groups = groupsList.ToString(); // set user groups
UserCredentials.Groups = groups;
SqlQuery sqlQuery = new SqlQuery();
string query = "SELECT * FROM Staff WHERE Username = '******'",
data = "CheckStaffExist";
sqlQuery.RetrieveData(query, data); // check if staff is registered in the database
sqlQuery.RetrieveData(query, data); // run this method again just in case the Staff Name has just been created
RunStoredProcedure rsp = new RunStoredProcedure();
// encrypt password
string encryptedPassword = rsp.EncryptPassword(txtPassword.Text);
// update password stored in the database
rsp.UpdatePassword(txtUsername.Text, encryptedPassword);
// log the login activity
try
{
rsp.Log();
}
catch { }
bool isCookiePersistent = false; // Create the ticket, and add the groups.
// set expiration of the authentication ticket - current set: 720 minutes / 12 hours
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(720), isCookiePersistent, groups);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //Encrypt the ticket.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); //Create a cookie, and then add the encrypted ticket to the cookie as data.
if (true == isCookiePersistent)
{
authCookie.Expires = authTicket.Expiration;
}
Response.Cookies.Add(authCookie); //Add the cookie to the outgoing cookies collection.
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false), false); //You can redirect now.
}
else
{
bool passwordGiven = CheckIfPasswordIsGiven();
if (!passwordGiven)
{
errorLabel.Text = "Invalid details. Please check your username and password.";
}
}
}
}
catch (Exception ex)
{
bool passwordGiven = CheckIfPasswordIsGiven();
if (!passwordGiven)
{
errorLabel.Text = "Error logging in user. " + ex.Message;
}
}
}