protected void btn_login_Click(object sender, EventArgs e)
{
// First Layer, check if attempts more than 3 for current session
// Second Layer, check if the account is locked
// Get our DB service
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
if (ValidateCaptcha_v3())
{
// If Login Attempt < 3
if (Convert.ToInt32(Session["LoginAttempts"]) < 3)
{
string email = HttpUtility.HtmlEncode(tb_email.Text.ToString().Trim());
string pwd = HttpUtility.HtmlEncode(tb_password.Text.ToString().Trim());
SHA512Managed hashing = new SHA512Managed();
string dbHash = client.getDBHash(email);
string dbSalt = client.getDBSalt(email);
try
{
if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
{
string pwdWithSalt = pwd + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
string userHash = Convert.ToBase64String(hashWithSalt);
if (userHash.Equals(dbHash))
{
if (client.GetOneUser(email).AccountLockExpiry < DateTime.Now)
{
client.RemoveAccountLockOut(email);
Session["UserEmail"] = email;
// Create a new GUID and save into the session
string guidToken = Guid.NewGuid().ToString();
Session["AuthCookie"] = guidToken;
// now create a new cookie with this guid value
Response.Cookies.Add(new HttpCookie("AuthCookie", guidToken));
Response.Redirect("UserPage.aspx", false);
}
else
{
lbl_loginErrMsg.Text = $"Your account has been temporarily locked due to multiple failed attempts,\n It will be available after {client.GetOneUser(email).AccountLockExpiry}";
lbl_loginErrMsg.ForeColor = System.Drawing.Color.Red;
}
}
else
{
// When password is wrong, but we still provide a generic error message
lbl_loginErrMsg.Text = "Invalid Email or Password";
lbl_loginErrMsg.ForeColor = System.Drawing.Color.Red;
Session["LoginAttempts"] = Convert.ToInt32(Session["LoginAttempts"]) + 1;
}
}
else
{
// When email is wrong
lbl_loginErrMsg.Text = "Invalid Email or Password";
lbl_loginErrMsg.ForeColor = System.Drawing.Color.Red;
Session["LoginAttempts"] = Convert.ToInt32(Session["LoginAttempts"]) + 1;
//Response.Write(Session["LoginAttempts"].ToString());
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally { }
}
// When there is no more login attempts available
else
{
lbl_loginErrMsg.Text = "You are temporarily locked from accessing the login system due to multiple failed attempts, try again later.";
var search_user = client.GetOneUser(tb_email.Text.Trim());
if (search_user != null)
{
client.SetAccountLockOut(search_user.Email);
//Response.Write($"SET LOG OUT FOR {search_user.FirstName} {search_user.LastName} {search_user.AccountLocked} {search_user.AccountLockExpiry}");
}
}
}
else
{
lbl_captchaScore.Text = "You did not pass the captcha validation";
}
}
