public ActionResult LoadSecurity(string UserName)
{
///<summary>
/// Loads the Login Security Question and Answer
/// Stores the Answer for the corresponding chosen Question
/// </summary>
LMSDBContext context = new LMSDBContext();
List <SelectListItem> ddSecurityQuestions = new List <SelectListItem>();
LMSLogin login = context.LMSLogins.SingleOrDefault(x => x.UserName == UserName);
int questionId = 0;
if (login != null)
{
LMSUserSecurityAnswer answer = context.LMSUserSecurityAnswers.SingleOrDefault(x => x.LMSLoginId == login.UserId);
if (answer != null)
{
questionId = answer.LMSSecurityQuestionId;
if (questionId > 0)
{
IEnumerable <LMSSecurityQuestion> securityQuestions = unitofwork.LMSSecurityQuestionRepository.Get(x => x.LMSSecurityQuestionId == questionId);
securityQuestions.ToList().ForEach(x => ddSecurityQuestions.Add(new SelectListItem {
Text = x.Question, Value = x.LMSSecurityQuestionId.ToString(), Selected = true
}));
}
}
}
ViewBag.questionId = questionId;
ViewBag.ddSecurityQuestions = ddSecurityQuestions;
return(View());
}
/// <summary>
/// Register a new user login
/// </summary>
public virtual void Register(LMSLogin model)
{
string strCurrentDate = DateTime.Now.ToString();
byte[] passwordSalt = Encryptor.EncryptText(strCurrentDate, model.UserName);
string se = Convert.ToBase64String(passwordSalt);
byte[] passwordHash = Encryptor.GenerateHash(model.Password, se.ToString());
var data = new LMSLogin
{
UserName = model.UserName,
FirstName = model.FirstName,
LastName = model.LastName,
//commented on 11/14/2016
// EmployeeNo = model.EmployeeNo,
PasswordHash = passwordHash,
PasswordSalt = passwordSalt,
PermissionLevel = model.PermissionLevel,
UserType = model.UserType,
IssueDate = model.IssueDate,
CreatedBy = model.CreatedBy,
CreatedOn = model.CreatedOn,
StatusCode = model.StatusCode,
};
this.context.LMSLogins.Add(data);
}
public ActionResult ForgotPassword(LMSUserSecurityAnswer model)
{
///<summary>
/// To recover the forgotten password
/// Checks the user name and the Security Answer if it matches and then stores the new password entered by the user
///</summary>
bool isSuccess = false;
string message = "";
LMSLogin login = null;
LMSDBContext context = null;
LMSUserSecurityAnswer securityanswer = null;
try
{
context = new LMSDBContext();
login = context.LMSLogins.SingleOrDefault(x => x.UserName == model.UserName);
if (login != null)
{
securityanswer = context.LMSUserSecurityAnswers.SingleOrDefault(x => x.LMSLoginId == login.UserId);
if (securityanswer != null)
{
if (securityanswer.LMSSecurityQuestionId == model.LMSSecurityQuestionId && string.Equals(securityanswer.SecurityAnswer, model.SecurityAnswer, StringComparison.OrdinalIgnoreCase))
{
int charaters = CommonConstants.PasswordLength;
string newPassword = charaters.RandomString();
string strCurrentDate = DateTime.Now.ToString();
byte[] strSaltTemp = Encryptor.EncryptText(strCurrentDate, login.UserName);
string se = Convert.ToBase64String(strSaltTemp);
byte[] strPasswordHash = Encryptor.GenerateHash(newPassword, se.ToString());
login.PasswordHash = strPasswordHash;
login.PasswordSalt = strSaltTemp;
login.LastModifiedBy = login.UserId;
login.LastModifiedOn = DateTime.Now;
login.IsSecurityApplied = false;
context.SaveChanges();
isSuccess = true;
message = newPassword;
}
else
{
message = "Incorrect answer.";
}
}
else
{
message = "Security answer does not exists.";
}
}
else
{
message = "UserName does not exists.";
}
}
catch (Exception ex)
{
throw ex;
}
return(Json(new { isSuccess = isSuccess, message = message }, JsonRequestBehavior.AllowGet));
}
public ActionResult Index(LMSLogin model)
{
if (ModelState.IsValid)
{
unitofwork.LMSLoginRepository.Register(model);
unitofwork.Save();
return(RedirectToAction("Index", "Login"));
}
return(View(model));
}
/// <summary>
/// Checks if the password matches the stored encrypted password
/// </summary>
/// <param name="model"></param>
/// <returns></returns>
public LMSLogin CheckPassword(LMSLogin model)
{
LMSLogin lMSLogin = null;
if (model != null && !string.IsNullOrEmpty(model.UserName) && !string.IsNullOrEmpty(model.Password))
{
var dbUser = this.context.LMSLogins.SingleOrDefault(x => x.UserName == model.UserName);
byte[] strSalt = dbUser.PasswordSalt;
string salt = Convert.ToBase64String(strSalt);
byte[] dbPasswordHash = dbUser.PasswordHash;
byte[] userPasswordHash = Encryptor.GenerateHash(model.Password, salt);
bool chkPassword = Encryptor.CompareByteArray(dbPasswordHash, userPasswordHash);
if (chkPassword)
{
lMSLogin = dbUser;
}
}
return(lMSLogin);
}
//comment here
/// <summary>
/// Store the changed passwrod in encrypted format
/// </summary>
/// <param name="model"></param>
public virtual void ChangePassword(LMSLogin model)
{
string strCurrentDate = DateTime.Now.ToString();
byte[] passwordSalt = Encryptor.EncryptText(strCurrentDate, model.UserName);
string se = Convert.ToBase64String(passwordSalt);
byte[] passwordHash = Encryptor.GenerateHash(model.Password, se.ToString());
var login = context.LMSLogins.SingleOrDefault(x => x.UserId == model.UserId);
if (login != null)
{
login.IsSecurityApplied = true;
login.PasswordHash = passwordHash;
login.PasswordSalt = passwordSalt;
login.LastModifiedBy = model.UserId;
login.LastModifiedOn = DateTime.Now;
}
}
public ActionResult Index()
{
// comment here
///<summary>
///
///</summary>
LMSLogin login = new LMSLogin();
if (Request.Cookies["LMSLogin"] != null)
{
var loginCookie = Request.Cookies["LMSLogin"];
if (loginCookie != null && loginCookie.Values.Count > 0)
{
login.UserName = loginCookie.Values["UserName"];
login.Password = loginCookie.Values["Password"];
}
}
return(View(login));
}
// comment here
/// <summary>
/// // Setting initial admin login
/// </summary>
/// <param name="context"></param>
protected override void Seed(LMSDBContext context)
{
//IList<Standard> defaultStandards = new List<Standard>();
//defaultStandards.Add(new Standard() { StandardName = "Standard 1", Description = "First Standard" });
//defaultStandards.Add(new Standard() { StandardName = "Standard 2", Description = "Second Standard" });
//defaultStandards.Add(new Standard() { StandardName = "Standard 3", Description = "Third Standard" });
//foreach (Standard std in defaultStandards)
// context.Standards.Add(std);
List <LMSStatusCodeDetail> lstSttausCode = new List <LMSStatusCodeDetail>
{
new LMSStatusCodeDetail {
StatusCodeId = StatusCodeConstants.Active, StatusCodeName = "Active", StatusCode = StatusCodeConstants.Active, CreatedOn = DateTime.Now
},
new LMSStatusCodeDetail {
StatusCodeId = StatusCodeConstants.InActive, StatusCodeName = "InActive", StatusCode = StatusCodeConstants.Active, CreatedOn = DateTime.Now
},
new LMSStatusCodeDetail {
StatusCodeId = StatusCodeConstants.OnLeave, StatusCodeName = "OnLeave", StatusCode = StatusCodeConstants.Active, CreatedOn = DateTime.Now
},
new LMSStatusCodeDetail {
StatusCodeId = StatusCodeConstants.Terminated, StatusCodeName = "Terminated", StatusCode = StatusCodeConstants.Active, CreatedOn = DateTime.Now
},
// Removed Retired 11/21/2016
// new LMSStatusCodeDetail { StatusCodeId=StatusCodeConstants.Retired,StatusCodeName="Retired",StatusCode=StatusCodeConstants.Active,CreatedOn=DateTime.Now },
};
context.StatusCodeDetails.AddRange(lstSttausCode);
//test
//List<TestModel1> lstTestModel = new List<TestModel1>();
//for (int i = 0; i < 300; i++)
//{
// lstTestModel.Add(new TestModel1
// { MyProperty1 = "MyProperty" + i.ToString(), MyProperty2 = "MyProperty" + i.ToString(), MyProperty3 = "MyProperty3" });
//}
//context.TestModel1.AddRange(lstTestModel);
string userName = "******";
string password = "******";
string strCurrentDate = DateTime.Now.ToString();
byte[] passwordSalt = Encryptor.EncryptText(strCurrentDate, userName);
string se = Convert.ToBase64String(passwordSalt);
byte[] passwordHash = Encryptor.GenerateHash(password, se.ToString());
LMSLogin lmsLogin = new LMSLogin
{
UserName = userName,
PasswordHash = passwordHash,
PasswordSalt = passwordSalt,
FirstName = "admin",
LastName = "admin",
CreatedOn = DateTime.Now,
IsSecurityApplied = true,
StatusCode = StatusCodeConstants.Active,
IssueDate = DateTime.Now,
//PermissionLevel = PermissionConstants.All,
PermissionLevel = PermissionConstants.SuperAdmin,
UserType = UserTypeConstants.SuperAdmin
};
context.LMSLogins.Add(lmsLogin);
context.SaveChanges();
// Storing Security question in LMSSecurityQuestion table
var lstSecuritQuestions = new List <LMSSecurityQuestion>
{
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "In what city did you meet your spouse/significant other?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What was your childhood nickname?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What is the name of your favorite childhood friend?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What street did you live on in third grade?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What is your oldest sibling’s birthday month and year? (e.g., January 1900)"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What is the middle name of your oldest child?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What is your oldest sibling’s middle name?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What school did you attend for sixth grade?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What was your childhood phone number including area code? (e.g., 000-000-0000)"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What was the name of your first stuffed animal?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "What is your maternal grandmother’s maiden name?"
},
new LMSSecurityQuestion {
CreatedBy = lmsLogin.UserId, CreatedOn = DateTime.Now, StatusCode = StatusCodeConstants.Active, Question = "In what town was your first job?"
},
};
context.LMSSecurityQuestions.AddRange(lstSecuritQuestions);
context.SaveChanges();
base.Seed(context);
}
public ActionResult Index(LMSLogin model)
{
///<summary>
///Perform Login checks
///</summary>
LMSLogin dbUser = new LMSLogin();
if (ModelState.IsValid)
{
// Checks the Current user login and password matches and check the Permission level
bool userExists = unitofwork.LMSLoginRepository.CheckIfUserExists(model.UserName);
if (userExists)
{
dbUser = unitofwork.LMSLoginRepository.CheckPassword(model);
if (dbUser != null)
{
CurrentUser currentUser = new CurrentUser
{
UserId = dbUser.UserId,
UserName = dbUser.UserName,
FullName = dbUser.FirstName + " " + dbUser.LastName,
PermissionLevel = dbUser.PermissionLevel,
IsSecurityApplied = dbUser.IsSecurityApplied,
};
this.HttpContext.Session["CurrentUser"] = currentUser;
// add a record of User logging In.
LMSAudit lmsAudit = new LMSAudit();
lmsAudit.TransactionDate = DateTime.Now;
lmsAudit.UserName = currentUser.UserName;
lmsAudit.FullName = currentUser.FullName;
lmsAudit.Section = "Login";
lmsAudit.Action = "Logging In";
lmsAudit.Description = String.Format(" User Name : {0}, Name: {1} Logged In. Permission = {2}", currentUser.UserName, currentUser.FullName, currentUser.PermissionLevel);
unitofwork.LMSAuditRepository.Insert(lmsAudit);
unitofwork.Save();
//saves the user login name in cookies - for Remember Me option - for 15 days
if (model.IsRememberMe)
{
HttpCookie cookie = new HttpCookie("LMSLogin");
cookie.Values.Add("UserName", currentUser.UserName);
//cookie.Values.Add("Password", model.Password);
cookie.Expires = DateTime.Now.AddDays(15);
Response.Cookies.Add(cookie);
}
else
{
Response.Cookies["LMSLogin"].Expires = DateTime.Now.AddDays(-1);
//HttpCookie cookie = new HttpCookie("LMSLogin");
//cookie.Values.Add("UserName", currentUser.UserName);
//cookie.Expires = DateTime.Now.AddDays(15);
//Response.Cookies.Add(cookie);
}
return(RedirectToAction("EmployeeList", "Employee"));
}
else
{
dbUser = new LMSLogin
{
UserName = model.UserName,
Message = "Wrong Password."
};
}
}
else
{
dbUser.Message = "User does not exists.";
}
}
return(View(dbUser));
}
