public ActionResult DoHL7Login(HL7LoginModel model)
{
string validateRequestHashFormat = string.Format("{0}|{1}|{2}", model.userid, model.timestampUTCEpoch, AppSettings.HL7ApiKey);
string validateRequestHash = HL7AuthHelper.GetEncrypted(validateRequestHashFormat, AppSettings.HL7SharedKey);
// The hash does not match what we expect, this is an invalid request
if (validateRequestHash != model.requestHash)
{
Log.For(this).Error("Invalid attempt to login as HL7 user with user ID {0} and request hash '{1}'", model.userid, model.requestHash);
return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AttemptInvalid));
}
try
{
// Verify that the request sent from HL7 took less than 5 minutes
if (!HL7AuthHelper.ValidateTimestamp(model.timestampUTCEpoch))
{
Log.For(this).Warn("Request to login took longer than 5 minutes to reach the server.");
return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AuthTimeout));
}
}
catch
{
Log.For(this).Error("Timestamp passed in request to HL7 login is not a valid timestamp: {0}", model.timestampUTCEpoch);
return(Redirect("/?Message=An error occurred while logging in."));
}
string userData = string.Format("{0}=HL7;{1}={2};{3}={4}", CheckPoint.AUTH_DATA_ORGANIZATION, CheckPoint.AUTH_DATA_USERID, model.userid, CheckPoint.AUTH_DATA_ROLES, model.roles);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, model.userid, DateTime.Now, DateTime.Now.AddDays(20), true, userData);
string encAuthTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encAuthTicket);
faCookie.Expires = DateTime.Now.AddDays(20);
if (Response.Cookies[FormsAuthentication.FormsCookieName] != null)
{
Response.Cookies.Set(faCookie);
}
else
{
Response.Cookies.Add(faCookie);
}
CheckPoint.Instance.CheckHL7Roles(model.userid, model.roles);
// Audit the login
AuditEntryExtension.SaveAuditEntry("Login", "Success", model.userid, "HL7");
// Either return the user to the specified url, or to the default homepage if none is specified
return(Redirect(!string.IsNullOrEmpty(model.ReturnUrl) ? model.ReturnUrl : "/"));
}
/// <summary>
/// Checks if the authenticated user has a "Login" audit within the last 24 hours. If not, creates a
/// Login audit.
/// </summary>
/// <remarks>
/// When user is logged in via "remember me", Login does not have to occur.
/// </remarks>
private void AuditLogin()
{
using (TemplateDatabaseDataSource tdb = new TemplateDatabaseDataSource())
{
DateTime minDate = DateTime.Now.AddHours(-24);
string userName = string.Format("{0} ({1})", CheckPoint.Instance.UserName, CheckPoint.Instance.OrganizationName);
// Determine if a login audit has been recorded in the last 24 hours
if (tdb.AuditEntries.Count(y => y.AuditDate > minDate && y.Username == userName && y.Type == "Login") == 0)
{
AuditEntryExtension.SaveAuditEntry("Login", "Success");
}
}
}
/// <summary>
/// Checks if the authenticated user has a "Login" audit within the last 24 hours. If not, creates a
/// Login audit.
/// </summary>
/// <remarks>
/// When user is logged in via "remember me", Login does not have to occur.
/// </remarks>
private void AuditLogin()
{
using (IObjectRepository tdb = DBContext.Create())
{
var user = CheckPoint.Instance.GetUser(tdb);
DateTime minDate = DateTime.Now.AddHours(-24);
if (user == null)
{
return;
}
// Determine if a login audit has been recorded in the last 24 hours
if (tdb.AuditEntries.Count(y => y.AuditDate > minDate && y.Username == user.UserName && y.Type == "Login") == 0)
{
AuditEntryExtension.SaveAuditEntry("Login", "Success", user.UserName);
}
}
}
public ActionResult DoLogin(LoginModel model)
{
Organization org = this.tdb.Organizations.Single(y => y.Id == model.OrganizationId);
// Run the re-captcha checks unless we allow re-captcha to be bypassed or the client has not specified debug mode
if (!AppSettings.RecaptchaAllowBypass || !this.Request.Params.ToString().Split('&').Contains("debug"))
{
if (!ModelState.IsValid)
{
LoginModel newModel = GetLoginModel(model, App_GlobalResources.TrifoliaLang.RecaptchaInvalid);
AuditEntryExtension.SaveAuditEntry("Login", "Failed - The re-captcha response specified is not valid", model.Username, org.Name);
return(View("Login", newModel));
}
}
if (CheckPoint.Instance.ValidateUser(model.Username, org.Name, model.Password))
{
Response.Cookies.Clear();
string userData = string.Format("{0}={1}", CheckPoint.AUTH_DATA_ORGANIZATION, org.Name);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
2,
model.Username,
DateTime.Now,
DateTime.Now.AddDays(20),
model.RememberMe,
userData);
string encAuthTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encAuthTicket);
if (model.RememberMe)
{
faCookie.Expires = DateTime.Now.AddDays(20);
}
Response.Cookies.Set(faCookie);
// Audit the login
AuditEntryExtension.SaveAuditEntry("Login", "Success", model.Username, org.Name);
if (!string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(RedirectToAction("LoggedInIndex", "Home"));
}
else
{
LoginModel newModel = GetLoginModel(
model.ReturnUrl,
model.Username,
model.OrganizationId,
App_GlobalResources.TrifoliaLang.AuthenticationInvalid,
model.RememberMe);
// Audit the failed login
AuditEntryExtension.SaveAuditEntry("Login", "Failed", model.Username, org.Name);
return(View("Login", newModel));
}
}
