public ActionResult Login(AllClasses ac) { MenuAndContent mC = new MenuAndContent(System.Web.HttpContext.Current.Session["LanguageVar"].ToString()); ac.MenuandContent = mC; if (string.IsNullOrEmpty(ac.User.Username)) { ac.User.ErrorMsg = mC.UserNameEmpty; return(View("Index", ac)); } else if (string.IsNullOrEmpty(ac.User.Password)) { ac.User.ErrorMsg = mC.PassWordEmpty; return(View("Index", ac)); } else { string Encrypt = CryptoUtility.Encrypt(ac.User.Password); PortalUsers u = new BusinessLogic().User(ac.User.Username, Encrypt); if (u == null) { ac.User.ErrorMsg = mC.UserNamePassWordInCorrect; return(View("Index", ac)); } else { Session["UserName"] = u.Username; return(RedirectToAction("Dashboard", "User")); } } }
public Users VerifyUserCredentials(Users u) { SqlCommand cmd = new SqlCommand("select List_User_Cred.loginattempts , List_Usr_Profile.* from List_User_Cred, List_Usr_Profile where List_User_Cred.username = @userName AND List_User_Cred.password = @passWord AND List_Usr_Profile.username = @userName ", DALUtil.getConnection()); cmd.Parameters.AddWithValue("@userName", u.userName); cmd.Parameters.AddWithValue("@passWord", CryptoUtility.Encrypt(u.passWord)); List<Users> temp = fetchData(cmd); return (temp != null) ? temp[0] : null; }
/// <summary> /// 客户端请求用户登陆 /// </summary> private void ClientLoginRequest(string rConnectorURL, int rConnectorPort) { NetworkClient.Instance.Connect(rConnectorURL, rConnectorPort, () => { string rMsg = mAccountName + "|" + mPassword + "|" + DateTime.Now.Ticks; string rToken = CryptoUtility.Encrypt(rMsg, UtilTool.SessionSecrect); GamePlayProtocol.DoClientLoginRequest(rToken); }); }
/// <summary> /// AutoCreateAccount will automatically create an account based on infomration found both in the web.config file /// and the database. /// </summary> /// <returns>MAccountProfile</returns> public static MAccountProfile AutoCreateAccount() { MAccountProfile mCurrentAccountProfile = AccountUtility.GetProfile("System"); MAccountProfile mAccountProfileToSave = new MAccountProfile(); Logger mLog = Logger.Instance(); mAccountProfileToSave.Id = -1; bool mSaveGroups = true; bool mSaveRoles = true; string mGroups = ConfigSettings.RegistrationGroups; string mRoles = ConfigSettings.RegistrationRoles; if (string.IsNullOrEmpty(mGroups)) { mSaveGroups = false; } if (string.IsNullOrEmpty(mRoles)) { mSaveRoles = false; } mAccountProfileToSave.Account = AccountUtility.HttpContextUserName(); mAccountProfileToSave.FirstName = "Auto created"; mAccountProfileToSave.MiddleName = ""; mAccountProfileToSave.LastName = "Auto created"; mAccountProfileToSave.PreferredName = "Auto created"; mAccountProfileToSave.Email = "*****@*****.**"; mAccountProfileToSave.Location = "Hawaii"; mAccountProfileToSave.TimeZone = -8; mAccountProfileToSave.AddedBy = mCurrentAccountProfile.Id; mAccountProfileToSave.AddedDate = DateTime.Now; mAccountProfileToSave.SetGroups(mGroups); mAccountProfileToSave.SetRoles(mRoles); mAccountProfileToSave.PasswordLastSet = DateTime.Now; mAccountProfileToSave.LastLogOn = DateTime.Now; mAccountProfileToSave.Password = CryptoUtility.Encrypt(ConfigSettings.RegistrationPassword, ConfigSettings.EncryptionType); mAccountProfileToSave.Status = (int)SystemStatus.SetAccountDetails; MClientChoicesState mClientChoiceState = ClientChoicesUtility.GetClientChoicesState(ConfigSettings.RegistrationAccountChoicesAccount, true); MSecurityEntityProfile mSecurityEntityProfile = SecurityEntityUtility.GetProfile(ConfigSettings.RegistrationSecurityEntityId); mClientChoiceState.IsDirty = false; mClientChoiceState[MClientChoices.AccountName] = mAccountProfileToSave.Account; mClientChoiceState[MClientChoices.SecurityEntityId] = mSecurityEntityProfile.Id.ToString(CultureInfo.InvariantCulture); mClientChoiceState[MClientChoices.SecurityEntityName] = mSecurityEntityProfile.Name; try { AccountUtility.Save(mAccountProfileToSave, mSaveRoles, mSaveGroups, mSecurityEntityProfile); ClientChoicesUtility.Save(mClientChoiceState, false); AccountUtility.SetPrincipal(mAccountProfileToSave); } catch (Exception ex) { mLog.Error(ex); throw; } return(mAccountProfileToSave); }
public ActionResult AddPU(AllClasses ac) { PortalUsers pU = new PortalUsers(); pU.Username = ac.PortalUser.Username; pU.Password = CryptoUtility.Encrypt(ac.PortalUser.Password); pU.UserType = ac.PortalUser.UserType; new BusinessLogic().AddPU(pU); return(RedirectToAction("Portalusers", "Home")); }
public static string Encrypt(string textValue) { string mRetVal = "Not Authorized"; MSecurityInfo mSecurityInfo = new MSecurityInfo(FunctionUtility.GetProfile(ConfigSettings.GetAppSettingValue("Actions_Encryption_Helper", true)), AccountUtility.CurrentProfile()); if (mSecurityInfo.MayView) { mRetVal = CryptoUtility.Encrypt(textValue.Trim(), SecurityEntityUtility.CurrentProfile().EncryptionType, ConfigSettings.EncryptionSaltExpression); } return(mRetVal); }
public IHttpActionResult RequestChange(string account) { string mRetVal = string.Empty; MAccountProfile mProfile = AccountUtility.GetProfile(account); MSecurityEntityProfile mSecurityEntityProfile = SecurityEntityUtility.CurrentProfile(); MMessageProfile mMessageProfile = MessageUtility.GetProfile("Request Password Reset UI"); mRetVal = mMessageProfile.Body; string clearTextAccount = string.Empty; Logger mLog = Logger.Instance(); if (mProfile != null) { MAccountProfile mAccountProfile = mProfile; mAccountProfile.FailedAttempts = 0; mAccountProfile.Status = 4; mAccountProfile.Password = CryptoUtility.Encrypt(GWWebHelper.GetNewGuid, mSecurityEntityProfile.EncryptionType); mAccountProfile.UpdatedBy = AccountUtility.GetProfile("anonymous").Id; mAccountProfile.UpdatedDate = DateTime.Now; clearTextAccount = CryptoUtility.Decrypt(mProfile.Password, mSecurityEntityProfile.EncryptionType); try { mMessageProfile = MessageUtility.GetProfile("RequestNewPassword"); MRequestNewPassword mRequestNewPassword = new MRequestNewPassword(mMessageProfile); mRequestNewPassword.AccountName = HttpUtility.UrlEncode(CryptoUtility.Encrypt(mProfile.Account, mSecurityEntityProfile.EncryptionType)); mRequestNewPassword.FullName = mProfile.FirstName + " " + mProfile.LastName; mRequestNewPassword.Password = HttpUtility.UrlEncode(mProfile.Password); mRequestNewPassword.Server = GWWebHelper.RootSite; mProfile = AccountUtility.Save(mProfile, false, false); NotifyUtility.SendMail(mRequestNewPassword, mProfile); mLog.Debug("Reset password for account " + clearTextAccount); } catch (SmtpException ex) { Exception myException = new Exception("Could not send e-mail." + ex.Message); mLog.Error(myException); mMessageProfile = (MMessageProfile)MessageUtility.GetProfile("PasswordSendMailError"); mRetVal = mMessageProfile.Body; } catch (Exception ex) { Exception mException = new Exception("Could not set account details." + ex.Message); mLog.Error(mException); mMessageProfile = (MMessageProfile)MessageUtility.GetProfile("ErrorAccountDetails"); mRetVal = mMessageProfile.Body; } } return(Ok(mRetVal)); }
/// <summary> /// /// </summary> /// <param name="UserID"></param> /// <param name="Role"></param> /// <param name="IPAddress"></param> /// <param name="AES_KEY"></param> /// <param name="AES_SALT"></param> /// <param name="IsAdmin">If true it will fetch HashSalt from a_Admin table else from contact table</param> /// <param name="SaltLength"></param> /// <returns></returns> public T obtainAuthToken <T>(T adminEntity, string IPAddress) where T : new() { try { string AES_KEY = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_KEY); string AES_SALT = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_SALT); int SaltLength = Convert.ToInt32(CommonUtility.GetAppSettingKey(Constants.AuthToken.SaltLength)); PropertyInfo useridPropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_UserId)); PropertyInfo idPropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_ID)); PropertyInfo rolePropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_Role)); PropertyInfo authTokenPropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_AuthToken)); using (var objTokenDBService = new TokenDBService()) { var objAdminEntity = objTokenDBService.ValidateAdminCredentials(adminEntity); var id = (UInt64)idPropertyInfo.GetValue(objAdminEntity, null); var role = Convert.ToString(rolePropertyInfo.GetValue(objAdminEntity, null)); var userid = (string)useridPropertyInfo.GetValue(objAdminEntity, null); var authTolen = (string)authTokenPropertyInfo.GetValue(objAdminEntity, null); if (userid == (string)useridPropertyInfo.GetValue(adminEntity, null)) { var Inner_Msg = id + Constants.AuthToken.SeperatorString + role + Constants.AuthToken.SeperatorString + IPAddress + Constants.AuthToken.SeperatorString + CryptoUtility.GenerateTimeStamp(); var HASH_SALT = CryptoUtility.GenerateSalt(SaltLength); objTokenDBService.ChangeHashSalt(id.ToString(), HASH_SALT); var Msg_Hash = CryptoUtility.GenerateHash(Inner_Msg, HASH_SALT); authTokenPropertyInfo.SetValue(objAdminEntity, CryptoUtility.Encrypt(Inner_Msg + "##" + Msg_Hash, AES_KEY, AES_SALT), null); return(objAdminEntity); } else { throw new SecurityTokenException("-3|Error granting access token: You entered wrong UserId or Password(UserID: " + userid + " | IP Address: " + IPAddress + ")"); } } } catch (SecurityTokenException e) { throw e; } catch (MySqlException odbcEx) { throw odbcEx; } catch (Exception ex) { throw ex; } }
/// <summary> /// Saves the specified profile. /// </summary> /// <param name="profile">The profile.</param> public static void Save(MDirectoryProfile profile) { if (profile == null) { throw new ArgumentNullException("profile", "profile cannot be a null reference (Nothing in Visual Basic)!"); } CacheController.RemoveFromCache(s_DirectoryInfoCachedName); MSecurityEntityProfile mSecurityEntityProfile = SecurityEntityUtility.CurrentProfile(); Logger mLog = Logger.Instance(); try { profile.ImpersonatePassword = CryptoUtility.Decrypt(profile.ImpersonatePassword, mSecurityEntityProfile.EncryptionType); } catch (CryptoUtilityException) { profile.ImpersonatePassword = CryptoUtility.Encrypt(profile.ImpersonatePassword, mSecurityEntityProfile.EncryptionType); } try { profile.Directory = CryptoUtility.Decrypt(profile.Directory, mSecurityEntityProfile.EncryptionType); } catch (CryptoUtilityException) { profile.Directory = CryptoUtility.Encrypt(profile.Directory, mSecurityEntityProfile.EncryptionType); } try { profile.ImpersonateAccount = CryptoUtility.Decrypt(profile.ImpersonateAccount, mSecurityEntityProfile.EncryptionType); } catch (CryptoUtilityException) { profile.ImpersonateAccount = CryptoUtility.Encrypt(profile.ImpersonateAccount, mSecurityEntityProfile.EncryptionType); } BDirectories myBLL = new BDirectories(mSecurityEntityProfile, ConfigSettings.CentralManagement); try { myBLL.Save(profile); } catch (DataAccessLayerException ex) { mLog.Error(ex); throw new WebSupportException("Could not save the directory information!"); } String mCacheName = mSecurityEntityProfile.Id.ToString(CultureInfo.CurrentCulture) + "_" + s_DirectoryInfoCachedName; CacheController.RemoveFromCache(mCacheName); }
private string GetRefreshToken( IEnumerable <Claim> claims, string userId) { var time = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()); var key = CryptoUtility.CreateCryptographicallySecureGuid() .ToByteArray(); var timeKey = time.Concat(key) .ToArray(); var serializedClaims = JsonConvert.SerializeObject(claims, new ClaimConverter()); var payload = new RefreshTokenPayloadModel { UserId = userId, Claims = serializedClaims, TimeWithKey = timeKey }; var payloadByteArr = ObjectToByteArray(payload); var refreshToken = Convert.ToBase64String(payloadByteArr); var encryptedRefreshToken = CryptoUtility.Encrypt(refreshToken, _tokenProviderOptions.RefreshTokenSigningKey); return(encryptedRefreshToken); }
public IHttpActionResult Save(UIAccountProfile uiProfile) { if (uiProfile == null) { throw new ArgumentNullException("uiProfile", "uiProfile cannot be a null reference (Nothing in Visual Basic)!"); } string mRetVal = "false"; bool mSaveGroups = false; bool mSaveRoles = false; MAccountProfile mCurrentAccountProfile = AccountUtility.CurrentProfile(); MAccountProfile mAccountProfileToSave = new MAccountProfile(); Logger mLog = Logger.Instance(); if (HttpContext.Current.Request.QueryString["Action"].ToString().ToUpper(CultureInfo.InvariantCulture).IndexOf("REGISTER") > -1) { MAccountProfile mExistingAccount = AccountUtility.GetProfile(uiProfile.Account); if (mExistingAccount == null) { mAccountProfileToSave = populateAccountProfile(uiProfile, mAccountProfileToSave); mAccountProfileToSave.Id = uiProfile.Id; string mGroups = ConfigSettings.RegistrationGroups; string mRoles = ConfigSettings.RegistrationRoles; if (!string.IsNullOrEmpty(mGroups)) { mSaveGroups = true; } if (!string.IsNullOrEmpty(mRoles)) { mSaveRoles = true; } mAccountProfileToSave.AddedBy = mCurrentAccountProfile.Id; mAccountProfileToSave.AddedDate = DateTime.Now; mAccountProfileToSave.SetGroups(mGroups); mAccountProfileToSave.SetRoles(mRoles); mAccountProfileToSave.PasswordLastSet = DateTime.Now; mAccountProfileToSave.LastLogOn = DateTime.Now; mAccountProfileToSave.Password = CryptoUtility.Encrypt(ConfigSettings.RegistrationPassword, ConfigSettings.EncryptionType); mAccountProfileToSave.Status = int.Parse(ConfigSettings.RegistrationStatusId); if (HttpContext.Current.Request.QueryString["Action"].ToString().ToUpper(CultureInfo.InvariantCulture).IndexOf("REGISTER") > -1) { mAccountProfileToSave.Status = (int)SystemStatus.Active; } MClientChoicesState mClientChoiceState = ClientChoicesUtility.GetClientChoicesState(ConfigSettings.RegistrationAccountChoicesAccount, true); MSecurityEntityProfile mSecurityEntityProfile = SecurityEntityUtility.GetProfile(ConfigSettings.RegistrationSecurityEntityId); string mCurrentSecurityEntityId = mClientChoiceState[MClientChoices.SecurityEntityId]; mClientChoiceState.IsDirty = false; mClientChoiceState[MClientChoices.AccountName] = mAccountProfileToSave.Account; mClientChoiceState[MClientChoices.SecurityEntityId] = mSecurityEntityProfile.Id.ToString(CultureInfo.InvariantCulture); mClientChoiceState[MClientChoices.SecurityEntityName] = mSecurityEntityProfile.Name; try { AccountUtility.Save(mAccountProfileToSave, mSaveRoles, mSaveGroups, mSecurityEntityProfile); ClientChoicesUtility.Save(mClientChoiceState, false); AccountUtility.SetPrincipal(mAccountProfileToSave); mRetVal = "Your account has been created"; } catch (Exception ex) { mLog.Error(ex); } } else { mRetVal = "The account '" + uiProfile.Account + "' already exists please choose a different account/email"; } } else { if ((HttpContext.Current.Items["EditId"] != null) | mCurrentAccountProfile.Status == (int)SystemStatus.SetAccountDetails) { int mEditId = 0; if ((HttpContext.Current.Items["EditId"] != null)) { mEditId = int.Parse(HttpContext.Current.Items["EditId"].ToString()); } else { mEditId = mCurrentAccountProfile.Id; } if (mEditId == uiProfile.Id) { MSecurityInfo mSecurityInfo = new MSecurityInfo(FunctionUtility.CurrentProfile(), AccountUtility.CurrentProfile()); if ((mSecurityInfo != null)) { if (mEditId != -1) { if (mCurrentAccountProfile.Id != uiProfile.Id) { mSecurityInfo = new MSecurityInfo(FunctionUtility.GetProfile(ConfigSettings.GetAppSettingValue("Actions_EditOtherAccount", true)), mCurrentAccountProfile); } if (mSecurityInfo.MayEdit | mCurrentAccountProfile.Status == (int)SystemStatus.SetAccountDetails) { MSecurityInfo mGroupTabSecurity = new MSecurityInfo(FunctionUtility.GetProfile(ConfigSettings.GetAppSettingValue("Actions_View_Account_Group_Tab", true)), mCurrentAccountProfile); MSecurityInfo mRoleTabSecurity = new MSecurityInfo(FunctionUtility.GetProfile(ConfigSettings.GetAppSettingValue("Actions_View_Account_Role_Tab", true)), mCurrentAccountProfile); mAccountProfileToSave = AccountUtility.GetProfile(mEditId); mAccountProfileToSave = populateAccountProfile(uiProfile, mAccountProfileToSave); mAccountProfileToSave.Id = uiProfile.Id; string mGroups = string.Join(",", uiProfile.AccountGroups.Groups); string mRoles = string.Join(",", uiProfile.AccountRoles.Roles); if (mGroupTabSecurity.MayView & FunctionUtility.CurrentProfile().Action.ToLowerInvariant() == ConfigSettings.GetAppSettingValue("Actions_EditOtherAccount", true).ToLower(CultureInfo.InvariantCulture)) { if (mAccountProfileToSave.GetCommaSeparatedAssignedGroups != mGroups) { mSaveGroups = true; mAccountProfileToSave.SetGroups(mGroups); } } if (mRoleTabSecurity.MayView & FunctionUtility.CurrentProfile().Action.ToLowerInvariant() == ConfigSettings.GetAppSettingValue("Actions_EditOtherAccount", true).ToLower(CultureInfo.InvariantCulture)) { if (mAccountProfileToSave.GetCommaSeparatedAssignedRoles != mRoles) { mSaveRoles = true; mAccountProfileToSave.SetRoles(mRoles); } } mAccountProfileToSave.AddedBy = mCurrentAccountProfile.Id; mAccountProfileToSave.AddedDate = DateTime.Now; AccountUtility.Save(mAccountProfileToSave, mSaveRoles, mSaveGroups); mLog.Debug("Saved account " + mAccountProfileToSave.Account + " by " + mCurrentAccountProfile.Account); mRetVal = "true"; } else { Exception mError = new Exception("The account (" + AccountUtility.CurrentProfile().Account + ") being used does not have the correct permissions to edit"); mLog.Error(mError); return(this.InternalServerError(mError)); } } else { if (mSecurityInfo.MayAdd) { mSaveGroups = true; mSaveRoles = true; mAccountProfileToSave = populateAccountProfile(uiProfile, mAccountProfileToSave); mAccountProfileToSave.Id = -1; mAccountProfileToSave.AddedBy = mCurrentAccountProfile.Id; mAccountProfileToSave.AddedDate = DateTime.Now; mAccountProfileToSave.AddedBy = mCurrentAccountProfile.Id; mAccountProfileToSave.AddedDate = DateTime.Now; mAccountProfileToSave.PasswordLastSet = DateTime.Now; mAccountProfileToSave.LastLogOn = DateTime.Now; mAccountProfileToSave.Password = CryptoUtility.Encrypt(ConfigSettings.RegistrationPassword, ConfigSettings.EncryptionType); mAccountProfileToSave.Status = ConfigSettings.AutoCreateAccountStatusId; string mGroups = string.Join(",", uiProfile.AccountGroups.Groups); string mRoles = string.Join(",", uiProfile.AccountRoles.Roles); mAccountProfileToSave.SetGroups(mGroups); mAccountProfileToSave.SetRoles(mRoles); try { AccountUtility.Save(mAccountProfileToSave, mSaveRoles, mSaveGroups); } catch (Exception ex) { mLog.Error(ex); } mLog.Debug("Added account " + mAccountProfileToSave.Account + " by " + mCurrentAccountProfile.Account); mRetVal = "true"; } else { Exception mError = new Exception("The account (" + AccountUtility.CurrentProfile().Account + ") being used does not have the correct permissions to add"); mLog.Error(mError); return(this.InternalServerError(mError)); } } } else { Exception mError = new Exception("Security Info is not in context nothing has been saved!!!!"); mLog.Error(mError); return(this.InternalServerError(mError)); } } else { Exception mError = new Exception("Identifier you have last looked at does not match the one passed in nothing has been saved!!!!"); mLog.Error(mError); return(this.InternalServerError(mError)); } } } return(Ok(mRetVal)); }
public IHttpActionResult ChangePassword(MChangePassword mChangePassword) { if (mChangePassword == null) { throw new ArgumentNullException("mChangePassword", "mChangePassword cannot be a null reference (Nothing in Visual Basic)!"); } MMessageProfile mMessageProfile = new MMessageProfile(); MSecurityEntityProfile mSecurityEntityProfile = SecurityEntityUtility.CurrentProfile(); MAccountProfile mAccountProfile = AccountUtility.CurrentProfile(); string mCurrentPassword = ""; mMessageProfile = MessageUtility.GetProfile("SuccessChangePassword"); try { mCurrentPassword = CryptoUtility.Decrypt(mAccountProfile.Password, mSecurityEntityProfile.EncryptionType); } catch (Exception) { mCurrentPassword = mAccountProfile.Password; } if (mAccountProfile.Status != (int)SystemStatus.ChangePassword) { if (mChangePassword.OldPassword != mCurrentPassword) { mMessageProfile = MessageUtility.GetProfile("PasswordNotMatched"); } else { mAccountProfile.PasswordLastSet = System.DateTime.Now; mAccountProfile.Status = (int)SystemStatus.Active; mAccountProfile.FailedAttempts = 0; mAccountProfile.Password = CryptoUtility.Encrypt(mChangePassword.NewPassword.Trim(), mSecurityEntityProfile.EncryptionType); try { AccountUtility.Save(mAccountProfile, false, false); } catch (Exception) { mMessageProfile = MessageUtility.GetProfile("UnSuccessChangePassword"); } } } else { try { var _with2 = mAccountProfile; _with2.PasswordLastSet = System.DateTime.Now; _with2.Status = (int)SystemStatus.Active; _with2.FailedAttempts = 0; _with2.Password = CryptoUtility.Encrypt(mChangePassword.NewPassword.Trim(), mSecurityEntityProfile.EncryptionType); AccountUtility.Save(mAccountProfile, false, false); } catch (Exception) { mMessageProfile = MessageUtility.GetProfile("UnSuccessChangePassword"); } } AccountUtility.RemoveInMemoryInformation(true); return(Ok(mMessageProfile.Body)); }