////------------------------------------------------------------------------------------------------------------------------------------------------------------- ///// <summary> ///// If deleteExisting groups is true the entered group type will overwrite ///// any existing groups assigned to this user. (This is require where ///// a user can only belong to one group) ///// </summary> ///// <param name="updatedUser"></param> ///// <param name="groupType"></param> ///// <param name="deleteExistingGroups"></param> ///// <returns></returns> //public bool EditUserPassword(int userID, SecureString Password, MGGroupType groupType, bool p) { // bool result = false; // try { // result = SecurityOperations.UpdateUserPassword(userID, Password, Authorisation.UseMGLRatherThanMySQLPasswordEncryption); // if (result) { // DateTime pWordChangeTimeStamp = DateTime.Now; // SecurityOperations.UpdatePasswordChangeDate(userID, pWordChangeTimeStamp); // // 13-Jul-2015 - lets email the user to confirm that their password has changed! // MGUser u = null; // Authorisation.GetUser(userID, out u); // SecurityOperations.PasswordChangedEmailUser(u, pWordChangeTimeStamp); // } // } catch (Exception ex) { // Logger.Log("Error in UserAdministration.AddUser." + ex.Message); // } finally { // SecurityOperations.Finish(); // } // return result; //} //------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// If deleteExisting groups is true the entered group type will overwrite /// any existing groups assigned to this user. (This is require where /// a user can only belong to one group) /// </summary> /// <param name="updatedUser"></param> /// <param name="groupType"></param> /// <param name="deleteExistingGroups"></param> /// <returns></returns> public bool EditUserDetails(MGUser updatedUser, MGGroupType groupType, bool p) { bool result = false; try { result = SecurityOperations.UpdateUserDetails(updatedUser.ID, updatedUser.Username, updatedUser.Email, updatedUser.JobTitle, updatedUser.Organisation, updatedUser.OrganisationID, updatedUser.Telephone); //need to add the user to the user_groups xref's result = result && SecurityOperations.DeleteUsersGroupXrefs(updatedUser.ID); result = result && SecurityOperations.UpdateUserToGroupXref(updatedUser.Username, groupType); //need to update the applications user to group to xref's if (result) { UserOperations userOps = new UserOperations(MGLApplicationSecurityInterface.Instance().DatabaseConfig); Dictionary <int, List <int> > userGroupDict = userOps.UserGroupDictionary(); userOps.Finish(); MGLApplicationSecurityInterface.Instance().UserGroupXref = userGroupDict; } } catch (Exception ex) { Logger.LogError(8, "Error in UserAdministration.AddUser." + ex.Message); } finally { SecurityOperations.Finish(); } return(result); }
//------------------------------------------------------------------------------------------------------------------------------------------------------------- protected void UpdateLoginPanel() { bool isLoggedIn = Authorisation.DoIsLoggedIn(); if (isLoggedIn) { MGUser currentUser = Authorisation.CurrentUser; // 22-Mar-2016 - The ResolveClientURL is now actioned in the preRender event in the MGLink itself, so no need to replicate here ... // We are now using relative links to make everything a bit shorter ... HL.HRef = "~/Code/Security/UserSplashPage.aspx"; HL.InnerText = SecureStringWrapper.Decrypt(currentUser.Username).ToString(); HL.Title = "Update my details"; //HLT.InnerHtml = "<a href='" + Page.ResolveClientUrl("~/Code/Security/Logout.aspx") + "' title='Logout of the site'>Logout</a>"; HLT.HRef = "~/Code/Security/Logout.aspx"; HLT.InnerText = "Log out"; HLT.Title = "Log out of the site"; } else { HL.HRef = "~/Code/Security/Login.aspx"; HL.InnerText = "Login"; HLT.InnerHtml = ""; HLT.Visible = false; } }
//------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Parses the User Information from the database /// </summary> private MGUser BuildUserInfo(string[] row) { MGUser user = null; try { if (row != null) { user = new MGUser(); // These are the fields .... // protected static readonly string userFields = " ID, UserName, Password, FirstName, LastName, JobTitle, Organisation, Telephone, Email, NumberOfIncorrectLogins, // TotalLogins, Description, StartDate, LastLoginDate, LastIP, LastBrowser"; int i = 0; int tempInt = 0; int.TryParse(row[i++], out tempInt); // ID user.ID = tempInt; user.Username = SecureStringWrapper.Encrypt(row[i++]); // UserName user.Password = SecureStringWrapper.Encrypt(row[i++]); // Password // June 2013 - these are New new new NEW! user.FirstName = SecureStringWrapper.Encrypt(row[i++]); // FirstName user.LastName = SecureStringWrapper.Encrypt(row[i++]); // LastName user.JobTitle = SecureStringWrapper.Encrypt(row[i++]); // JobTitle user.Organisation = SecureStringWrapper.Encrypt(row[i++]); // Organisation user.Telephone = SecureStringWrapper.Encrypt(row[i++]); // Telephone user.Email = SecureStringWrapper.Encrypt(row[i++]); // Email int.TryParse(row[i++], out tempInt); // NumberOfIncorrectLogins user.NumIncorrectLogins = tempInt; int.TryParse(row[i++], out tempInt); // Total Logins ... user.TotalLogins = tempInt; user.Description = row[i++]; // Description // 13-Oct-2015 - bug!! The start date was not being set - it is now .... user.StartDate = DateTimeInformation.FormatDate(row[i++], true, true); // Start Date user.LastLogin = DateTimeInformation.FormatDate(row[i++], true, true); // Last Login Date user.LastIP = row[i++]; // Last IP ... user.LastBrowser = row[i++]; // Last Browser ... int.TryParse(row[i++], out tempInt); // Organisation ID ... user.OrganisationID = tempInt; } } catch (Exception ex) { Logger.LogError(8, "Error Parsing the MGUser: " + ex.ToString()); } return(user); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- public bool UserLoginDetailsCorrect(SecureString userName, SecureString password) { bool success = false; string sqlQuery = ""; if (Authorisation.UseMGLRatherThanMySQLPasswordEncryption) { // 13-Jul-2015 - This technique used to allow us to decrypt passwords for the password reminder // now the MGLPasswordHash is a one way encryption using salts and slow has algoriths, so we need to use the nicely rolled Compare method. // Get the user - with the encrypted password ... // This ensures that we are testing BOTH the username AND the PASSWORD in a single method ... MGUser user = GetUser(userName); //password = MGLPasswordHash.EncryptPassword(password); success = MGLPasswordHash.Compare(SecureStringWrapper.Decrypt(password), SecureStringWrapper.Decrypt(user.Password)); //Do this just in case the encryption adds quotes into string - this should NEVER happen //password = password.Replace("'", "\\'"); //password = password.Replace("\"", "\\\""); // check the user name and the encrypted password in the database //sqlQuery = "SELECT ID FROM " + tnUsers + " WHERE UserName='******' AND Password="******"'" + password + "';"; } else { //This is the legacy method used in Derby for e.g. // using MySQL password encryption // check the user name and the encrypted password in the database sqlQuery = "SELECT ID FROM " + tnUsers + " WHERE UserName='******' AND Password="******"PASSWORD( '" + DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(true, SecureStringWrapper.Decrypt(password).ToString()) + "');"; List <int> userIDList = dbInfo.GetIntegerList(sqlQuery); if (userIDList != null && userIDList.Count == 1) { success = true; } } return(success); }
//------------------------------------------------------------------------------------------------------------------------------------------------------------- public MGUser GetUserByEmail(SecureString email) { MGUser result = new MGUser(); UserOperations userOps = new UserOperations(MGLApplicationSecurityInterface.Instance().DatabaseConfig); try { result = userOps.GetUserByEmail(email); } catch (Exception ex) { Logger.LogError(8, "Error in UserAdministration.GetUserByEmail b at " + ex); } finally { userOps.Finish(); } return(result); }
//------------------------------------------------------------------------------------------------------------------------------------------------------------- public MGUser GetUser(int selectedUserID) { MGUser result = new MGUser(); UserOperations userOps = new UserOperations(MGLApplicationSecurityInterface.Instance().DatabaseConfig); try { result = userOps.GetUser(selectedUserID); } catch (Exception ex) { Logger.LogError(8, "Error in UserAdministration.GetUser by id." + ex.Message); } finally { userOps.Finish(); } return(result); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Called from an authorisation web service /// </summary> //public MGUser LoginWS(SecureString userName, SecureString password) { // //@@ // //Logger.LogError("AuthorisationOperations.LoginWS - attempting ..."); // MGUser loggedInUser = new MGUser(); // bool loggedIn = false; // string loginError = "Invalid username or password."; // UserOperations userOps = null; // try { // if (userName != null) { // userOps = new UserOperations(lcf); // MGUser user = userOps.GetUser(userName); // // check the number of logins has not been exceeded // if (user != null) { // if (user.IsLockedOut == true) { // loginError = "The maximum number of incorrect login attempts has been exceeded - Contact the website administrator to unlock your account."; // } else { // // Check the password // if (MGLApplicationSecurityInterface.Instance().AppLoginConfig.EnableAutomatedLogin == false && password != null) { // // check the user name and the encrypted password in the database // bool userLoginDetailsCorrect = userOps.UserLoginDetailsCorrect(user.Username, password); // // if incorrect, increment the incorrect logins // // if correct, increment the total logins // // The IP address wont be correct here, but the login time will be ... // userOps.LogLogin(user.ID, userLoginDetailsCorrect); // if (userLoginDetailsCorrect) { // loggedIn = true; // // Set the current user object in the session // loginError = null; // } // } else { // loggedIn = true; // // Set the current user object in the session // loginError = null; // } // } // if (loggedIn) { // loggedInUser = user; // //@@Logger.LogError("AuthorisationOperations.LoginWS - success!!! ..."); // } else { // //@@Logger.LogError("AuthorisationOperations.LoginWS - login unsuccess ful ..."); // } // } // } // } catch (Exception ex) { // Logger.LogError(8, "Problem logging in (in WS) at " + ex); // } finally { // if (userOps != null) // userOps.Finish(); // } // //MGLSessionSecurityInterface.Instance().SecurityError = loginError; // if (loggedIn == false) { // Logger.LogError(8, "AuthorisationOperations LoginExternal: " + loginError); // } // return loggedInUser; //} ////--------------------------------------------------------------------------------------------------------------------------------------------------------------- ///// <summary> ///// Called from an authorisation web service ///// </summary> //public bool IsLoggedInWS(SecureString emailHash, string ipAddress) { // bool loggedIn = false; // //string loginError = "Invalid email or ip address"; // if (emailHash != null && ipAddress != null) { // MGUser user = GetUserCredentials(emailHash, ipAddress); // // check the number of logins has not been exceeded // if (user != null && user.ID != int.MaxValue) { // if (user.IsLockedOut == true) { // //loginError = "The maximum number of incorrect login attempts has been exceeded - Contact the website administrator to unlock your account."; // } else { // loggedIn = true; // } // } // } // return loggedIn; //} //--------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Called from an authorisation web service /// </summary> public MGUser GetUserCredentials(SecureString emailHash, string ipAddress) { MGUser user = new MGUser(); try { if (emailHash != null && ipAddress != null) { UserOperations userOps = null; try { userOps = new UserOperations(lcf); user = userOps.GetUser(emailHash, ipAddress); //@@Logger.LogError("AuthorisationOperations.GetUserCredentials - User ..." + user.Username); // One final check - check that the time of login is not less than a certain period of time ... // WHy????? //if (user != null && user.LastLogin != null) //{ // if (TimeSpan.Compare(lcf.__WebsiteAbsoluteTimeOut, DateTime.Now.Subtract(user.LastLogin)) < 1) // { // user = new MGUser(); // } //} } catch (Exception ex) { Logger.LogError(9, "Problem getting user credentials at " + ex); } finally { if (userOps != null) { userOps.Finish(); } } //@@Logger.LogError("AuthorisationOperations.GetUserCredentials - User after time check ..." + user.Username); } } catch (Exception ex) { Logger.LogError(9, "AuthorisationOperations.GetUserCredentials - Error processing ..." + ex.ToString()); } return(user); }
public List <MGGroup> GetUnassignedGroups(MGUser SelectedUser, List <MGGroup> AssignedUser_Groups, bool isFilterOutSuperGroup) { if (SelectedUser == null) { Logger.LogError(5, "Null MG User is selected and passed. Quitting.."); return(null); } if (AssignedUser_Groups == null) { Logger.LogError(5, "Null list of assigned MG User is selected and passed. Quitting.."); return(null); } List <MGGroup> unAssignedGroups = null; try { //First Get All Groups List <MGGroup> allGroups = GetAllGroups(); if (allGroups == null) { Logger.LogError(5, "Failed to get all groups from system. Quitting"); return(null); } unAssignedGroups = new List <MGGroup>(); foreach (MGGroup group in allGroups) { if (isFilterOutSuperGroup) { if (group.Name != null && group.Name.Equals(GroupAdministration.SUPER_USER_GROUP_NAME, StringComparison.CurrentCultureIgnoreCase)) { continue; } } if (!AssignedUser_Groups.Contains(group)) { unAssignedGroups.Add(group); } } } catch (Exception ex) { Logger.LogError(5, "Error getting unassigned groups for user = "******" at: " + ex); return(null); } return(unAssignedGroups); }
//------------------------------------------------------------------------------------------------------------------------------------------------------------------ public static MGUser ParseUser(XmlDocument xmlDoc) { MGUser u = new MGUser(); try { // get the last bit of MGL.GEDI.DomainModel.MGUser .... //DEOBFUSCATE???? string typeOfUser = "******"; try { string[] bits = typeof(MGUser).ToString().Split('.'); typeOfUser = bits[bits.Length - 1]; } catch (Exception ex) { Logger.LogError(5, "Error parsing the User XML: " + ex.ToString()); } XmlNodeList users = xmlDoc.GetElementsByTagName(typeOfUser); foreach (XmlNode node in users) { foreach (XmlNode child in node.ChildNodes) { int tempInt = 0; bool tempBool = false; DateTime tempDate = DateTime.Now; if (child.Name.Equals("ID", StringComparison.CurrentCultureIgnoreCase)) { int.TryParse(child.ChildNodes[0].Value, out tempInt); u.ID = tempInt; } else if (child.Name.Equals("UserName", StringComparison.CurrentCultureIgnoreCase)) { u.Username = SecureStringWrapper.Encrypt(child.ChildNodes[0].Value); } else if (child.Name.Equals("IsNew", StringComparison.CurrentCultureIgnoreCase)) { bool.TryParse(child.ChildNodes[0].Value, out tempBool); u.IsNew = tempBool; } else if (child.Name.Equals("Email", StringComparison.CurrentCultureIgnoreCase)) { u.Email = SecureStringWrapper.Encrypt(child.ChildNodes[0].Value); } else if (child.Name.Equals("LastIP", StringComparison.CurrentCultureIgnoreCase)) { u.LastIP = child.ChildNodes[0].Value; } else if (child.Name.Equals("LastBrowser", StringComparison.CurrentCultureIgnoreCase)) { u.LastBrowser = child.ChildNodes[0].Value; } else if (child.Name.Equals("TotalLogins", StringComparison.CurrentCultureIgnoreCase)) { int.TryParse(child.ChildNodes[0].Value, out tempInt); u.TotalLogins = tempInt; } else if (child.Name.Equals("NumIncorrectLogins", StringComparison.CurrentCultureIgnoreCase)) { int.TryParse(child.ChildNodes[0].Value, out tempInt); u.NumIncorrectLogins = tempInt; } else if (child.Name.Equals("LastLogin", StringComparison.CurrentCultureIgnoreCase)) { DateTime.TryParse(child.ChildNodes[0].Value, out tempDate); u.LastLogin = tempDate; } else if (child.Name.Equals("StartDate", StringComparison.CurrentCultureIgnoreCase)) { DateTime.TryParse(child.ChildNodes[0].Value, out tempDate); u.StartDate = tempDate; } } } } catch (Exception ex) { Logger.LogError(5, "UserParseXML ParseUser:"******"Error extracting the User from the xml"); } finally { } return(u); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- // public bool Login( User user, string password) { public bool Login(SecureString userName, SecureString password) { bool loggedIn = false; string loginError = "Username or password not recognised."; UserOperations userOps = null; try { if (userName != null) { userOps = new UserOperations(lcf); MGUser user = userOps.GetUser(userName); // check the number of logins has not been exceeded if (user != null) { if (user.IsLockedOut == true) { loginError = "Too many incorrect attempts. Please contact the web team."; // to unlock your account."; } else { // 30-Nov-2015 - Strip the password out of the user information as this is applied to the session user.Password = null; // Check the password if (MGLApplicationSecurityInterface.Instance().AppLoginConfig.EnableAutomatedLogin == false && password != null) { // check the user name and the encrypted password in the database bool userLoginDetailsCorrect = userOps.UserLoginDetailsCorrect(user.Username, password); // if incorrect, increment the incorrect logins // if correct, increment the total logins userOps.LogLogin(user.ID, userLoginDetailsCorrect); // reextract the user as the LastIP and login date will have changed - better to keep this consistent, if its used for validation in the future ... user = userOps.GetUser(user.ID); if (userLoginDetailsCorrect) { loggedIn = true; // Set the current user object in the session loginError = null; MGLSessionSecurityInterface.Instance().CurrentUser = user; } } else { loggedIn = true; // Set the current user object in the session loginError = null; MGLSessionSecurityInterface.Instance().CurrentUser = user; } } if (loggedIn) { SecureContentWrapper.LiveDbContextInstance = new SecureContentWrapper(AppSecurityContext.MainDbLcf); // SecureContentWrapper.StagingDbContextInstance = new SecureContentWrapper(AppSecurityContext.StagingDbLcf); } } } } catch (Exception ex) { Logger.LogError(7, "Problem logging in at " + ex); } finally { if (userOps != null) { userOps.Finish(); } } MGLSessionSecurityInterface.Instance().SecurityError = loginError; return(loggedIn); }
public List <MGGroup> GetUserGroups(MGUser user, bool isFilterOutSuperGroup) { if (user == null) { Logger.LogError(5, "Cannot GetUserGroups for NULL user!"); return(null); } else if (user.ID < 1) { Logger.LogError(5, "Cannot GetUserGroups for invalid user.ID (" + user.ID + ")!"); return(null); } List <MGGroup> userGroups = null; UserOperations userHelper = null; GroupOperations groupHelper = null; try { userHelper = new UserOperations(Lcf); List <int> userGroupIDs = userHelper.GetUserGroupsIDs(user.ID); if (userGroupIDs == null) { Logger.LogError(5, "Cannot GetUserGroups as retrieved NULL list of userGroupIDs for user.ID (" + user.ID + ")!"); return(null); } userGroups = new List <MGGroup>(userGroupIDs.Count); groupHelper = new GroupOperations(Lcf); MGGroup group; foreach (int groupID in userGroupIDs) { if (groupID < 1) { Logger.LogError(5, "Invalid groupID detected, skipping it ..."); continue; } group = groupHelper.GetGroup(groupID); if (group == null) { Logger.LogError(5, "NULL MGGroup detected, skipping it ..."); continue; } if (isFilterOutSuperGroup) { if (group.Name != null && group.Name.Equals(GroupAdministration.SUPER_USER_GROUP_NAME, StringComparison.CurrentCultureIgnoreCase)) { continue; } } userGroups.Add(group); } } catch (Exception ex) { Logger.LogError(5, "Failure getting UserGroups for user.ID (" + user.ID + ") at " + ex.StackTrace); return(null); } finally { if (userHelper != null) { userHelper.Finish(); } if (groupHelper != null) { groupHelper.Finish(); } } return(userGroups); }
public List <MGGroup> GetUserGroups(MGUser user) { bool isFilterOutSuperGroup = false; return(GetUserGroups(user, isFilterOutSuperGroup)); }
public List <MGGroup> GetUnassignedGroups(MGUser SelectedUser, List <MGGroup> AssignedUser_Groups) { bool isFilterOutSuperGroup = false; return(GetUnassignedGroups(SelectedUser, AssignedUser_Groups, isFilterOutSuperGroup)); }
/// <summary> /// Get Users for a given Group. It populate only (3) three User Information (UserName, JobTitle, Email) /// </summary> /// <param name="group">Group for which to find users.</param> /// <param name="associationTypes">Assigned and Unassigned user to group.</param> /// <returns></returns> public List <MGUser> GetUsersForAGroup(MGGroup group, string searchString, AssociationTypes associationTypes) { List <MGUser> result = null; IDataReader reader = null; string strUserID = null; int userID = -1; string sql = ""; string msgPart = "getting users which are '" + associationTypes + "ed' to Group '" + group.Name + "'"; bool isLockAcquired = Monitor.TryEnter(UserAdministration.USER_ADMIN_LOCK_OBJ, UserAdministration.USER_ADMIN_LOCK_TIMEOUT); if (isLockAcquired) { try { Logger.Log("Start " + msgPart); DbInfo = new DatabaseWrapper(Lcf); DbInfo.Connect(); sql = GroupQB.GetSelectUsersForAGroupSql(group.ID, searchString, associationTypes); reader = DbInfo.RunSqlReader(sql); if (reader == null) { Logger.LogError(5, "Quitting, failed " + msgPart + " with sql : " + sql); return(null); } result = new List <MGUser>(); while (reader.Read()) { strUserID = null; userID = -1; MGUser user = new MGUser(); //Get USER ID if (reader[GroupQB.USER_ID_GENERAL_COL] != System.DBNull.Value) { strUserID = reader[GroupQB.USER_ID_GENERAL_COL].ToString(); if (!int.TryParse(strUserID, out userID)) { userID = -1; Logger.LogError(5, "Error parsing user ID into integer. Quitting"); return(null); } } user.ID = userID; //Get User Name if (reader[GroupQB.USER_NAME_COL] != System.DBNull.Value) { user.Username = SecureStringWrapper.Encrypt((string)reader[GroupQB.USER_NAME_COL]); } else { Logger.LogWarning("Null or empty User is found for ID =" + user.ID + ". Please check the database!"); user.Username = SecureStringWrapper.Encrypt(""); } //Get User EMAIL if (reader[GroupQB.USER_EMAIL_COL] != System.DBNull.Value) { user.Email = SecureStringWrapper.Encrypt((string)reader[GroupQB.USER_EMAIL_COL]); } else { Logger.LogWarning("Null or empty Email is found for ID =" + user.ID + ". Please check the database!"); user.Email = SecureStringWrapper.Encrypt(""); } //Get User Job Title if (reader[GroupQB.USER_JOBTITLE_COL] != System.DBNull.Value) { user.JobTitle = SecureStringWrapper.Encrypt((string)reader[GroupQB.USER_JOBTITLE_COL]); } else { //Logger.LogWarning("Null or empty job title is found for ID =" + user.ID + ". Please check the database!"); user.JobTitle = SecureStringWrapper.Encrypt(""); } result.Add(user); } } catch (Exception ex) { Logger.LogError(5, "Error " + msgPart + " at: " + ex); return(null); } finally { Monitor.Exit(UserAdministration.USER_ADMIN_LOCK_OBJ); if (reader != null && !reader.IsClosed) { reader.Close(); } if (DbInfo != null) { DbInfo.Disconnect(); } } } else { Logger.LogError(5, "Failed to get exclusive lock in GetUsersForAGroup when " + msgPart); return(null); } return(result); }