public void CSRFCheck()
{
if (Page.IsPostBack)
{
if (AntiCRSF.ValidateToken() == false)
{
Session.Clear();
Session.Abandon();
Response.Redirect("~/Default.aspx");
}
AntiCRSF.GenerateCSRFToken();
}
else
{
AntiCRSF.GenerateCSRFToken();
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Application["loginid_" + GetUserIP().Replace(".", "_")] == null)
{
Response.Redirect("~/Login.aspx");
}
if (Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")] == null)
{
Response.Redirect("~/Login.aspx");
}
//authenticate the user and set session variables.
string loginId = Application["loginid_" + GetUserIP().Replace(".", "_")].ToString();
Session["LoginId"] = loginId;
string passwordSaltedHash = Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")].ToString();
string passwordSalt = Application["salt_" + GetUserIP().Replace(".", "_")].ToString();
//clear global application variables
Application["loginid_" + GetUserIP().Replace(".", "_")] = null;
Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")] = null;
Application["salt_" + GetUserIP().Replace(".", "_")] = null;
//userLevel required for granting & denying access to pages lator.
objau = new AuthenticatedModuleBL();
obj = new LoginBL();
string Roll = objau.AuthenticateBL(loginId, passwordSaltedHash, passwordSalt);
string userdetails = objau.AuthenticateGetUseridBL(loginId, passwordSaltedHash, passwordSalt);
string[] udetails = userdetails.Split(';');
string UserId = udetails[0].ToString();
#region cokiesbasedsessionassing
HttpCookie PPRCookie = new HttpCookie("PPRCookie");
Response.Cookies.Remove("PPRCookie");
Response.Cookies.Add(PPRCookie);
#endregion
if (Roll.Equals("NOTAUTHENTICATED") == false)
{
string ministry = objau.GetMinistryIdBL(loginId);
if (ministry.Equals("deactivated"))
{
int existingFailedAttempts = obj.GetExistingFaildLoginAttempsBL(loginId);
int newFailedAttempts = existingFailedAttempts + 1;
objau.UpdateFaildLoginAttempsBL(loginId, newFailedAttempts);
obj.LogEntryBL(String.Format("Invalid login attempt reached {0}.", newFailedAttempts), loginId);
Response.Redirect("~/Default.aspx?error=deactivated");
}
else
{
Session["ministry"] = HttpUtility.HtmlEncode(ministry);
PPRCookie.Values.Add("ministry", HttpUtility.HtmlEncode(ministry));
}
//objcrsf = new AntiCRSF();
AntiCRSF.GenerateCSRFToken();
objau.UpdateFaildLoginAttempsBL(loginId, 0);
PPRCookie.Values.Add("Rolls", HttpUtility.HtmlEncode(Roll));
PPRCookie.Values.Add("LoginId", HttpUtility.HtmlEncode(loginId));
PPRCookie.Values.Add("UserId", HttpUtility.HtmlEncode(UserId));
PPRCookie.Values.Add("passwordSaltedHash", passwordSaltedHash);
PPRCookie.Values.Add("passwordSalt", passwordSalt);
DateTime dtxpiry = DateTime.Now.AddHours(1);
PPRCookie.Expires = dtxpiry;
Response.Cookies.Add(PPRCookie);
Session["Name"] = HttpUtility.HtmlDecode(udetails[1].ToString());
Session["Designation"] = HttpUtility.HtmlDecode(udetails[2].ToString());
Session["Rolls"] = HttpUtility.HtmlDecode(Roll);
Session["LoginId"] = HttpUtility.HtmlDecode(loginId);
Session["UserId"] = HttpUtility.HtmlDecode(UserId);
objau.UpdateLoginDateTimeBL(loginId);
obj.LogEntryBL("User Logged In Successfully", loginId);
Session["IsLoggedIn"] = "true";
string sessToken = Guid.NewGuid().ToString().Replace("-", "");
HttpCookie authCookie = new HttpCookie(".GISAUTH", sessToken);
authCookie.HttpOnly = true;
Session["ASPXAUTHToken"] = sessToken;
Response.Cookies.Add(authCookie);
if (Roll == "1")
{
Response.Redirect("~/Authenticate/admin/Default.aspx");
}
else if (Roll == "4")
{
Response.Redirect("~/Authenticate/LinMin/Default.aspx");
}
else if (Roll == "3")
{
Response.Redirect("~/Authenticate/NodalOfficer/Default.aspx");
}
else if (Roll == "2")
{
Response.Redirect("~/Authenticate/DEAAdmin/Default.aspx");
}
else if (Roll == "5")
{
Response.Redirect("~/Authenticate/admin/Default.aspx");
}
else if (Roll == "6")
{
Response.Redirect("~/Authenticate/admin/filterreport.aspx");
}
}
else
{
int existingFailedAttempts = obj.GetExistingFaildLoginAttempsBL(loginId);
int newFailedAttempts = existingFailedAttempts + 1;
objau.UpdateFaildLoginAttempsBL(loginId, newFailedAttempts);
obj.LogEntryBL(string.Format("Invalid login attempt reached {0}.", newFailedAttempts), loginId);
Response.Redirect("~/Default.aspx?error=invalid");
}
}
public string AuthenticateUser(string loginid, string salthas, string passshas)
{
string loginId = loginid;//Application["loginid_" + GetUserIP().Replace(".", "_")].ToString();
Session["LoginId"] = loginId;
string passwordSaltedHash = salthas; //Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")].ToString();
string passwordSalt = passshas; //Application["salt_" + GetUserIP().Replace(".", "_")].ToString();
objau = new AuthenticatedModuleBL();
obj = new LoginBL();
string Roll = objau.AuthenticateBL(loginId, passwordSaltedHash, passwordSalt);
string UserId = objau.AuthenticateGetUseridBL(loginId, passwordSaltedHash, passwordSalt);
#region cokiesbasedsessionassing
HttpCookie PPRCookie = new HttpCookie("PPRCookie");
HttpContext.Current.Response.Cookies.Remove("PPRCookie");
HttpContext.Current.Response.Cookies.Add(PPRCookie);
#endregion
if (Roll.Equals("NOTAUTHENTICATED") == false)
{
string ministry = objau.GetMinistryIdBL(loginId);
if (ministry.Equals("deactivated"))
{
int existingFailedAttempts = obj.GetExistingFaildLoginAttempsBL(loginId);
int newFailedAttempts = existingFailedAttempts + 1;
objau.UpdateFaildLoginAttempsBL(loginId, newFailedAttempts);
obj.LogEntryBL(String.Format("Invalid login attempt reached {0}.", newFailedAttempts), loginId);
Response.Redirect("~/Default.aspx?error=deactivated");
}
else
{
Session["ministry"] = HttpUtility.HtmlEncode(ministry);
PPRCookie.Values.Add("ministry", HttpUtility.HtmlEncode(ministry));
}
//objcrsf = new AntiCRSF();
AntiCRSF.GenerateCSRFToken();
objau.UpdateFaildLoginAttempsBL(loginId, 0);
PPRCookie.Values.Add("Rolls", HttpUtility.HtmlEncode(Roll));
PPRCookie.Values.Add("LoginId", HttpUtility.HtmlEncode(loginId));
PPRCookie.Values.Add("UserId", HttpUtility.HtmlEncode(UserId));
PPRCookie.Values.Add("passwordSaltedHash", passwordSaltedHash);
PPRCookie.Values.Add("passwordSalt", passwordSalt);
DateTime dtxpiry = DateTime.Now.AddHours(1);
PPRCookie.Expires = dtxpiry;
HttpContext.Current.Response.Cookies.Add(PPRCookie);
HttpContext.Current.Session["Rolls"] = HttpUtility.HtmlEncode(Roll);
HttpContext.Current.Session["LoginId"] = HttpUtility.HtmlEncode(loginId);
HttpContext.Current.Session["UserId"] = HttpUtility.HtmlEncode(UserId);
objau.UpdateLoginDateTimeBL(loginId);
obj.LogEntryBL("User Logged In Successfully", loginId);
HttpContext.Current.Session["IsLoggedIn"] = "true";
string sessToken = Guid.NewGuid().ToString().Replace("-", "");
HttpCookie authCookie = new HttpCookie(".GISAUTH", sessToken);
authCookie.HttpOnly = true;
HttpContext.Current.Session["ASPXAUTHToken"] = sessToken;
HttpContext.Current.Response.Cookies.Add(authCookie);
return(Roll);
}
else
{
int existingFailedAttempts = obj.GetExistingFaildLoginAttempsBL(loginId);
int newFailedAttempts = existingFailedAttempts + 1;
objau.UpdateFaildLoginAttempsBL(loginId, newFailedAttempts);
obj.LogEntryBL(string.Format("Invalid login attempt reached {0}.", newFailedAttempts), loginId);
return(Roll);
//HttpContext.Current. Response.Redirect("~/Default.aspx?error=invalid");
}
}
public void UserAuthentication()
{
AuthenticatedModuleBL objau;
LoginBL obj;
AntiCRSF objcrsf;
if (Application["loginid_" + GetUserIP().Replace(".", "_")] == null)
{
Response.Redirect("~/Login.aspx");
}
if (Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")] == null)
{
Response.Redirect("~/Login.aspx");
}
//authenticate the user and set session variables.
string loginId = Application["loginid_" + GetUserIP().Replace(".", "_")].ToString();
Session["LoginId"] = loginId;
string passwordSaltedHash = Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")].ToString();
string passwordSalt = Application["salt_" + GetUserIP().Replace(".", "_")].ToString();
//clear global application variables
Application["loginid_" + GetUserIP().Replace(".", "_")] = null;
Application["passwordsaltedhash" + GetUserIP().Replace(".", "_")] = null;
Application["salt_" + GetUserIP().Replace(".", "_")] = null;
//userLevel required for granting & denying access to pages lator.
objau = new AuthenticatedModuleBL();
obj = new LoginBL();
string Roll = objau.AuthenticateBL(loginId, passwordSaltedHash, passwordSalt);
string UserId = objau.AuthenticateGetUseridBL(loginId, passwordSaltedHash, passwordSalt);
if (Roll.Equals("NOTAUTHENTICATED") == false)
{
string ministry = objau.GetMinistryIdBL(loginId);
if (ministry.Equals("deactivated"))
{
int existingFailedAttempts = obj.GetExistingFaildLoginAttempsBL(loginId);
int newFailedAttempts = existingFailedAttempts + 1;
objau.UpdateFaildLoginAttempsBL(loginId, newFailedAttempts);
obj.LogEntryBL(String.Format("Invalid login attempt reached {0}.", newFailedAttempts), loginId);
Response.Redirect("~/Login.aspx?error=deactivated");
}
else
{
Session["ministry"] = HttpUtility.HtmlEncode(ministry);
}
//objcrsf = new AntiCRSF();
AntiCRSF.GenerateCSRFToken();
objau.UpdateFaildLoginAttempsBL(loginId, 0);
Session["Rolls"] = HttpUtility.HtmlEncode(Roll);
Session["LoginId"] = HttpUtility.HtmlEncode(loginId);
Session["UserId"] = HttpUtility.HtmlEncode(UserId);
objau.UpdateLoginDateTimeBL(loginId);
obj.LogEntryBL("User Logged In Successfully", loginId);
Session["IsLoggedIn"] = "true";
string sessToken = Guid.NewGuid().ToString().Replace("-", "");
HttpCookie authCookie = new HttpCookie(".GISAUTH", sessToken);
authCookie.HttpOnly = true;
Session["ASPXAUTHToken"] = sessToken;
Response.Cookies.Add(authCookie);
if (Roll == "1")
{
Response.Redirect("~/Authenticate/admin/Default.aspx");
}
else if (Roll == "4")
{
Response.Redirect("~/Authenticate/LinMin/Default.aspx");
}
else if (Roll == "3")
{
Response.Redirect("~/Authenticate/NodalOfficer/Default.aspx");
}
else if (Roll == "2")
{
Response.Redirect("~/Authenticate/DEAAdmin/Default.aspx");
}
else if (Roll == "5")
{
Response.Redirect("~/Authenticate/admin/Default.aspx", false);
}
else if (Roll == "6")
{
Response.Redirect("~/Authenticate/admin/filterreport.aspx");
}
}
else
{
int existingFailedAttempts = obj.GetExistingFaildLoginAttempsBL(loginId);
int newFailedAttempts = existingFailedAttempts + 1;
objau.UpdateFaildLoginAttempsBL(loginId, newFailedAttempts);
obj.LogEntryBL(string.Format("Invalid login attempt reached {0}.", newFailedAttempts), loginId);
//Response.Redirect("~/Login.aspx?error=invalid");
}
}
