public ActionResult Login(User model) { if (!ModelState.IsValid) { return(View(model)); } var user = _context.Users.SingleOrDefault(u => u.UserName == model.UserName); var decryptedPassword = CustomDecrypt.Decrypt(user.PasswordHash); if (model.UserName != null && model.PasswordHash == decryptedPassword) { //ClaimsIdentity contains information (Claims) about the current user var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.UserName), }, "ApplicationCookie"); //Request is an object that reads HTTP request values //GetOwinContext Gets the owin context that links the middleware to the request var ctx = Request.GetOwinContext(); //Authentication property links the middleware to an authentication to the app var authManager = ctx.Authentication; //SignIn gets the list of claims and uses to authenticate those values to be persisted throughout the app //SignIn sets the authentication cookie on the client. authManager.SignIn(identity); //return Redirect(GetRedirect(model.ReturnUrl)); return(RedirectToAction("Index", "Book")); } ModelState.AddModelError("", "Invalid email or password"); return(View(model)); }
public ActionResult Login(Users model) { if (!ModelState.IsValid) //Checks if input fields have the correct format { return (View(model)); //Returns the view with the input values so that the user doesn't have to retype again } using (var db = new MainDbContext()) { var emailCheck = db.Users.FirstOrDefault(u => u.UserEmail == model.UserEmail); var getPassword = db.Users.Where(u => u.UserEmail == model.UserEmail).Select(u => u.UserPass); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.UserEmail != null && model.UserPass == decryptedPassword) //Checks whether the input is the same as those literals. Note: Never ever do this! This is just to demo the validation while we're not yet doing any database interaction // if (model.UserEmail == "*****@*****.**" & model.UserPass == "123456") { var getName = db.Users.Where(u => u.UserEmail == model.UserEmail).Select(u => u.FName); var materializeName = getName.ToList(); var name = materializeName[0]; var getUserId = db.Users.Where(u => u.UserEmail == model.UserEmail).Select(u => u.UserId); var materializeUserId = getUserId.ToList(); var userId = materializeUserId[0]; var getUserTypeId = db.Users.Where(u => u.UserEmail == model.UserEmail).Select(u => u.UserTypeId); var materializeUserTypeId = getUserTypeId.ToList(); var UserTypeId = materializeUserTypeId[0]; var getEmail = db.Users.Where(u => u.UserEmail == model.UserEmail).Select(u => u.UserEmail); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.NameIdentifier, userId.ToString()), new Claim(ClaimTypes.Role, UserTypeId.ToString()) // new Claim(ClaimTypes.n, userId.ToString()) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); return(RedirectToAction("Index", "Home")); } } ModelState.AddModelError("", "Invalid email or password"); return(View(model)); //Should always be declared on the end of an action method }
public ActionResult Login(Users model) { if (!ModelState.IsValid) { ModelState.AddModelError("", "Email or Password should not be empty"); return(View(model)); } using (var db = new MainDbContext()) { var emailCheck = db.Users.FirstOrDefault(u => u.Email == model.Email); var getPassword = db.Users.Where(u => u.Email == model.Email). Select(u => u.Password); var materializePassword = getPassword.ToList(); if (materializePassword.Count() > 0) { var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email != null && model.Password == decryptedPassword) { var getName = db.Users.Where(u => u.Email == model.Email).Select(u => u.Name); var materializeName = getName.ToList(); var name = materializeName[0]; var getEmail = db.Users.Where(u => u.Email == model.Email).Select(u => u.Email); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var getCountry = db.Users.Where(u => u.Email == model.Email).Select(u => u.Country); var materializeCountry = getCountry.ToList(); var country = materializeCountry[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Country, country), }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); //return Redirect(GetRedirectUrl(model.ReturnUrl)); return(RedirectToAction("Index", "Home")); } } } ModelState.AddModelError("", "Invalid Email or Password"); return(View(model)); }
public ActionResult Login(Users model) { if (!ModelState.IsValid) //Checks if input fields have the correct format { return(View(model)); //Returns the view with the input values so that the user doesn't have to retype again } using (var db = new MainDbContext()) { var emailCheck = db.Users.FirstOrDefault(u => u.Email == model.Email); var getPassword = db.Users.Where(u => u.Email == model.Email).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email != null && model.Password == decryptedPassword) { var getName = db.Users.Where(u => u.Email == model.Email).Select(u => u.Name); var materializeName = getName.ToList(); var name = materializeName[0]; var getCountry = db.Users.Where(u => u.Email == model.Email).Select(u => u.Country); var materializeCountry = getCountry.ToList(); var country = materializeCountry[0]; var getEmail = db.Users.Where(u => u.Email == model.Email).Select(u => u.Email); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Country, country) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); return(RedirectToAction("Index", "Home")); } } ModelState.AddModelError("", "Invalid email or password"); return(View(model)); //Should always be declared on the end of an action method }
public ActionResult Login(Users model) { if (!ModelState.IsValid) //Checks if input fields have the correct format { return(View(model)); //Returns the view with the input values so that the user doesn't have to retype again } using (var db = new MainDbContext()) { var emailCheck = db.Users.FirstOrDefault(u => u.Email == model.Email); if (!String.IsNullOrEmpty(emailCheck.Email)) { var getUsername = db.Users.Where(u => u.Email == model.Email).Select(u => u.Username); var materializeName = getUsername.ToList(); var name = materializeName[0]; var getPassword = db.Users.Where(u => u.Email == model.Email).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email != null && model.Password == decryptedPassword) { var getEmail = db.Users.Where(u => u.Email == model.Email).Select(u => u.Email); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Name, name) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); return(RedirectToAction("Index", "Home")); } } } Warning("Invalid Email Address or Password", true); return(View(model)); }
public ActionResult Login(User model) { if (!ModelState.IsValid) { return(View(model)); } using (var db = new BettingSystemDbContext()) { var usernameCheck = db.Users.FirstOrDefault(u => u.Username == model.Username); var getPassword = db.Users.Where(u => u.Username == model.Username).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword.Count > 0? materializePassword[0] : ""; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Username != null & model.Password == decryptedPassword) { var getUsername = db.Users.Where(u => u.Username == model.Username).Select(u => u.Username); var materializeName = getUsername.ToList(); var name = materializeName.Count > 0? materializeName[0] : ""; var getRoleStatus = db.Users.Where(u => u.Username == model.Username).Select(u => u.IsAdmin); var materializeRole = getRoleStatus.ToList(); var role = materializeRole.Count > 0 ? materializeName[0] : ""; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Role, role) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); return(RedirectToAction("Index", "Home")); } } ModelState.AddModelError("", "Invalid username or password"); return(View(model)); }
public ActionResult Login(Models.User model) { using (var db = new MainDbContext()) { var emailCheck = db.UserDbContext.FirstOrDefault(u => u.UserEmail == model.Email); var getPassword = db.UserDbContext.Where(u => u.UserEmail == model.Email).Select(u => u.UserPassword); var materializePassword = getPassword.ToList(); if (emailCheck == null || materializePassword.Count == 0) { ModelState.AddModelError("", "Invalid Email or Password"); return(View(model)); } var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email != null && model.Password == decryptedPassword) { var getEmail = db.UserDbContext.Where(u => u.UserEmail == model.Email).Select(u => u.UserEmail); model.IsAdmin = db.UserDbContext.Where(u => u.UserEmail == model.Email).Select(u => u.UserIsAdmin).FirstOrDefault(); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, email) }, "ApplicationCookie"); Session["User"] = identity.Name; currentUserCookie = identity.Name; var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); if (model.IsAdmin == true) { TempData["IsAdmin"] = "yes"; return(RedirectToAction("Index", "Admin")); } return(RedirectToAction("Index", "Home")); } } return(View(model)); }
// GET: Users/Edit/5 public ActionResult Edit(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } Users users = db.Users.Find(id); if (users == null) { return(HttpNotFound()); } var decryptPassword = CustomDecrypt.Decrypt(users.UserPass); users.UserPass = decryptPassword; ViewBag.UserTypeId = new SelectList(db.UserTypes, "UserTypeId", "UserType", users.UserTypeId); ViewBag.StatusId = new SelectList(db.RStatus, "StatusId", "StatusName", users.StatusId); ViewBag.UStatusId = new SelectList(db.UStatus, "UStatusId", "UStatusName", users.UStatusId); return(View(users)); }
public ActionResult Login(users model) { using (var db = new MainDbContext()) { var IdCheck = db.users.FirstOrDefault(u => u.USER_ID == model.USER_ID); var getPassword = db.users.Where(u => u.USER_ID == model.USER_ID).Select(u => u.PASSWORD); var materializePassword = getPassword.ToList(); string password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); var getUserNo = db.users.Where(u => u.USER_ID == model.USER_ID).Select(u => u.USER_NO).ToList(); string userNo = getUserNo[0].ToString(); if (model.USER_ID != null && model.PASSWORD == decryptedPassword) { Session["id"] = model.USER_ID; Session["User_No"] = userNo; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Daeyong"), new Claim(ClaimTypes.Email, "*****@*****.**"), new Claim(ClaimTypes.Country, "Seoul") }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); ViewBag.Result = "Success"; return(RedirectToAction("Index", "Home")); } else { ViewBag.Result = "False"; return(View(model)); } } }
public ActionResult Login(UserViewModel model) { if (!ModelState.IsValid) { //handle the error message: return to the login page return(View(model)); } using (var context = new MvcDbContext()) { //fetch the user details from db and validate user string email = model.Email; string password = model.Password; Users user = context.Users.FirstOrDefault(usr => usr.Email == email); if (user != null) { var encryptedPassword = user.Password; var decryptedPassword = CustomDecrypt.Decrypt(encryptedPassword); if (password == decryptedPassword) { List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.Country, user.Country) }; ClaimsIdentity identity = new ClaimsIdentity(claims, "ApplicationCookie"); IOwinContext owinContext = Request.GetOwinContext(); IAuthenticationManager authManager = owinContext.Authentication; authManager.SignIn(identity); string redirectUrl = GetRedirectUrl(model.ReturnUrl); return(Redirect(redirectUrl)); } } } return(View(model)); }
public ActionResult Login(UserViewModel model) { if (!ModelState.IsValid) //checks if input fields have the correct format and are valid { //if not, then return the same login view, with the inputs as is, so user doesn't have to retype them return(View(model)); } using (var context = new MvcDbContext()) { var user = model.Email != null?context.Users.FirstOrDefault(u => u.Email == model.Email) : null; if (user != null) { var email = user.Email; var password = user.Password; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email == email && model.Password == decryptedPassword) { //create a list of claims List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.Country, user.Country) }; //create a claims identity based on above claims, and instruct it to use cookie var identity = new ClaimsIdentity(claims, "ApplicationCookie"); var owinContext = Request.GetOwinContext(); var authManager = owinContext.Authentication; //gets the authentication middleware functionality available on the current context authManager.SignIn(identity); string redirectUrl = GetRedirectUrl(model.ReturnUrl); return(Redirect(redirectUrl)); } } } return(View(model)); //if email/psw entered by user is not correct, show the loginpage again }
public ClaimsIdentity IniciarSesion(string user, string password) { using (var db = new AccessDBContext()) { var usuarioID = db.Usuarios.FirstOrDefault(u => u.UserId == user); if (usuarioID != null) { var userPassword = usuarioID.Password; var decryptedPassword = CustomDecrypt.Decrypt(userPassword); if (password == decryptedPassword) { var getName2 = usuarioID.Personas_con_Accesos.Personas_Naturales.Nombres + ' ' + usuarioID.Personas_con_Accesos.Personas_Naturales.Apellido_Paterno + ' ' + usuarioID.Personas_con_Accesos.Personas_Naturales.Apellido_Materno; var permiso = usuarioID.Permisos.Descripcion; //cookie var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, getName2), new Claim(ClaimTypes.NameIdentifier, user), new Claim(ClaimTypes.Role, permiso) }, "ApplicationCookie"); //var ctx = Request.GetOwinContext(); //var authManager = ctx.Authentication; //authManager.SignIn(identity); return(identity); } else { throw new Exception("Password incorrecta..."); } } else { throw new Exception("Usuario inexistente..."); } } }
public ActionResult EditProfile() { using (var db = new MainDbContext()) { string firstname = User.Identity.Name; var NurseModel = db.Nurse.FirstOrDefault(u => u.FirstName.Equals(firstname)); var searchKeyAdd = db.Nurse.Select(u => u.Key_Address); var materializeAddKey = searchKeyAdd.ToList(); var KeyAdd = materializeAddKey[0]; var AddModel = db.Address.FirstOrDefault(u => u.Id.Equals(KeyAdd)); var searchKeyCon = db.Nurse.Select(u => u.Key_Contact); var materializeConKey = searchKeyCon.ToList(); var KeyCon = materializeConKey[0]; var ConModel = db.Contact.FirstOrDefault(u => u.Id.Equals(KeyCon)); var searchUserKey = db.Nurse.Select(u => u.Key_Users); var materializeUserKey = searchUserKey.ToList(); var KeyUser = materializeUserKey[0]; var UsersModel = db.Users.FirstOrDefault(u => u.Id.Equals(KeyUser)); var password = CustomDecrypt.Decrypt(UsersModel.Password); UsersModel.Password = password; var viewmodel = new NurseModel { Contact = ConModel, Address = AddModel, Nurse = NurseModel, Users = UsersModel }; return(View(viewmodel)); } }
public ActionResult Login(Users model) { if (!ModelState.IsValid) //Checks if input fields have the correct format { return(View(model)); //Returns the view with the input values so that the user doesn't have to retype again } using (var db = new MainDbContext()) { var usernameCheck = db.Users.FirstOrDefault(u => u.Username == model.Username); var getPassword = db.Users.Where(u => u.Username == model.Username).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Username != null && model.Password == decryptedPassword) { var getUsername = db.Users.Where(u => u.Username == model.Username).Select(u => u.Username); var materializeUsername = getUsername.ToList(); var username = materializeUsername[0]; var getName = db.Users.Where(u => u.Username == model.Username).Select(u => u.Name); var materializeName = getName.ToList(); var name = materializeName[0]; var getId = db.Users.Where(u => u.Username == model.Username).Select(u => u.User_Id); var materializeId = getId.ToList(); var userid = materializeId[0]; var getEmail = db.Users.Where(u => u.Username == model.Username).Select(u => u.Email); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var getKategori = db.Users.Where(u => u.Username == model.Username).Select(u => u.Kategori); var materializeKategori = getKategori.ToList(); var kategori = materializeKategori[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, username), new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Sid, userid.ToString()), new Claim(ClaimTypes.Role, kategori) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); if (kategori.Equals("1") || kategori.Equals("2")) { return(RedirectToAction("Index", "User")); } else { return(RedirectToAction("Index", "StokPengecer")); } } } ModelState.AddModelError("", "Invalid email or password"); return(View(model)); }
public ActionResult Login(Models.UserLoginInfo uli_cl) { // check if there are any errors inside the form's values if (!ModelState.IsValid) { return(View(uli_cl)); } using (var dbLogin = new MainDbContext()) { var userLoginInfo = dbLogin.applicationUser.FirstOrDefault(u => u.UserName == uli_cl.username); if (userLoginInfo != null) { var getPassword = dbLogin.applicationUser.Where(u => u.UserName == uli_cl.username).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (uli_cl.password == decryptedPassword && userLoginInfo.UserName == uli_cl.username) { var getUserFullName = dbLogin.applicationUser.Where(u => u.UserName == uli_cl.username).Select(u => u.UserFullName); var materializeFullName = getUserFullName.ToList(); var userFullName = materializeFullName[0]; // we need to store the employer somewhere var getUserEmployer = dbLogin.applicationUser.Where(u => u.UserName == uli_cl.username).Select(u => u.UserEmployer); var materializeUserEmployer = getUserEmployer.ToList(); var userEmployer = materializeUserEmployer[0]; var getUserRole = dbLogin.applicationUser.Where(u => u.UserName == uli_cl.username).Select(u => u.UserRole); var materializeUserRole = getUserRole.ToList(); var userRole = materializeUserRole[0]; var getUserId = dbLogin.applicationUser.Where(u => u.UserName == uli_cl.username).Select(u => u.Id); var materializeUserId = getUserId.ToList(); var userId = materializeUserId[0].ToString(); // create an identity with name and role var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userFullName), new Claim(ClaimTypes.Role, userRole), new Claim("userId", userId), new Claim("clientName", userEmployer), }, "ApplicationCookie"); // actually login with identity var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); if (userRole == RoleNames.ROLE_ADMIN) { return(RedirectToAction("Index", "Admin")); } else if (userRole == RoleNames.ROLE_REGISTRAR) { return(RedirectToAction("Index", "Registrar")); } else { return(RedirectToAction("Index", "Client")); } } else { ModelState.AddModelError("", "Invalid username or password"); return(View(uli_cl)); } } else { ModelState.AddModelError("", "Invalid username or password"); return(View(uli_cl)); } } }
public ActionResult Login(LoginViewModel model) { if (!ModelState.IsValid) //check if input field are empty. { TempData["msg-type"] = "alert-warning"; TempData["msg-head"] = "Warning"; TempData["msg-des"] = "Email/Password cannot be empty!!"; return(View(model)); } try { using (var db = new MainDbContext()) { var getPassword = db.Users.Where(u => u.Email == model.Email).Select(u => u.Password); //get password linked to the given email var materializePassword = getPassword.ToList(); if (materializePassword.Count == 0) //count = 0 if the email is not available. { TempData["msg-type"] = "alert-warning"; TempData["msg-head"] = "Warning"; TempData["msg-des"] = "Account does not exist!!"; return(View(model)); } var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email != null && model.Password == decryptedPassword ) //check if email password combination is valid { var getFirstName = db.Users.Where(u => u.Email == model.Email).Select(u => u.FirstName); var materializeFirstName = getFirstName.ToList(); var firstname = materializeFirstName[0]; var getLastName = db.Users.Where(u => u.Email == model.Email).Select(u => u.LastName); var materializeLastName = getLastName.ToList(); var lastname = materializeLastName[0]; var getEmail = db.Users.Where(u => u.Email == model.Email).Select(u => u.Email); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var getCountry = db.Users.Where(u => u.Email == model.Email).Select(u => u.Country); var materializeCountry = getCountry.ToList(); var country = materializeCountry[0]; var identify = new ClaimsIdentity(new[] //creation of cookie. { new Claim(ClaimTypes.Name, firstname + " " + lastname), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Country, country), }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identify); return(RedirectToAction("Index", "Home")); //redirect to homepage } TempData["msg-type"] = "alert-warning"; TempData["msg-head"] = "Warning"; TempData["msg-des"] = "Invalid Email or Password!!"; return(View(model)); } } catch (ProviderIncompatibleException) { TempData["msg-type"] = "alert-danger"; TempData["msg-head"] = "Oh Snap!!"; TempData["msg-des"] = "Unable to login!! Could not establish connection with server!!"; return(View(model)); } catch (EntityException) { TempData["msg-type"] = "alert-danger"; TempData["msg-head"] = "Oh Snap!!"; TempData["msg-des"] = "Server Timeout!! Check your connection!!"; return(View(model)); } }
public ActionResult EditUser(string uniqueUserId) { if (uniqueUserId == "" || uniqueUserId == null) { return(HttpNotFound("Something went wrong. Please, contact the administration")); } try { SetRolesForViewBag(); SetTypeOfActionWithRequestForm("Edit"); string connectionStringCommon = CommonManager.ReturnNeededConnectionStringForCommonDatabase(); // select only those people who exist in the DB string sqlToGetUsersInfo = @"SELECT userId, userUniqueDatabaseId, userPwd FROM tblUser WHERE userUniqueDatabaseId = @userUniqueDatabaseId"; UserInfo ui = new UserInfo(); using (SqlConnection conn = new SqlConnection(connectionStringCommon)) { conn.Open(); SqlCommand cmdToGetUsersInfo = new SqlCommand(sqlToGetUsersInfo, conn); cmdToGetUsersInfo.Parameters.AddWithValue("@userUniqueDatabaseId", uniqueUserId); using (SqlDataReader dt_ToGetUsersInfo = cmdToGetUsersInfo.ExecuteReader()) { if (dt_ToGetUsersInfo.HasRows) { while (dt_ToGetUsersInfo.Read()) { ui = new UserInfo { userId = dt_ToGetUsersInfo[0].ToString().TrimEnd(), uniqueUserId = dt_ToGetUsersInfo[1].ToString().TrimEnd(), userPwd = CustomDecrypt.Decrypt(dt_ToGetUsersInfo[2].ToString().TrimEnd()) }; } } } } string connectionStringHotel = CommonManager.ReturnNeededConnectionStringForHotel(); // select only those people who exist in the DB string sqlToGetMainUsersInfo = @"SELECT userType, userFullName, userEmail, userPhoneNumber FROM tblUserInformation WHERE userUniqueDatabaseId = @uniqueUserId"; using (SqlConnection conn = new SqlConnection(connectionStringHotel)) { conn.Open(); SqlCommand cmdToGetUsersInfo = new SqlCommand(sqlToGetMainUsersInfo, conn); cmdToGetUsersInfo.Parameters.AddWithValue("@uniqueUserId", ui.uniqueUserId); using (SqlDataReader dt_ToGetUsersInfo = cmdToGetUsersInfo.ExecuteReader()) { if (dt_ToGetUsersInfo.HasRows) { while (dt_ToGetUsersInfo.Read()) { ui.userType = dt_ToGetUsersInfo[0].ToString().TrimEnd(); ui.userFullName = dt_ToGetUsersInfo[1].ToString().TrimEnd(); ui.userEmail = dt_ToGetUsersInfo[2].ToString().TrimEnd(); ui.userPhoneNumber = dt_ToGetUsersInfo[3].ToString().TrimEnd(); } } } } return(View(ui)); } catch (Exception ex) { //Console.WriteLine(ex); return(HttpNotFound("Something went wrong. Please, contact the administration")); } }
public ActionResult Login(Login model) { var isInternalUser = false; try { if (!ModelState.IsValid) //Checks if input fields have the correct format { return(View(model)); //Returns the view with the input values so that the user doesn't have to retype again } using (var db = new CuddlyWombatEntities()) { var loggedInUser = (from u in db.Users where u.Email == model.Email select u).FirstOrDefault(); if (loggedInUser != null) { isInternalUser = true; var decryptedPassword = CustomDecrypt.Decrypt(loggedInUser.Password); if (decryptedPassword != model.Password) { ModelState.AddModelError("", "Invalid email or password"); return(View(model)); } var identity = new ClaimsIdentity(new[] { new Claim("IsInternalUser", isInternalUser.ToString()), new Claim("UserID", loggedInUser.UserID.ToString()), new Claim(ClaimTypes.Name, loggedInUser.Name), new Claim(ClaimTypes.Email, loggedInUser.Email) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); ViewBag.IsInternalUser = Convert.ToBoolean(isInternalUser.ToString()); return(RedirectToAction("Index", "Home")); } else { var loggedInCustomer = (from u in db.Customers where u.Email == model.Email select u).FirstOrDefault(); if (loggedInCustomer != null) { var decryptedPassword = CustomDecrypt.Decrypt(loggedInCustomer.Password); if (decryptedPassword != model.Password) { ModelState.AddModelError("", "Invalid email or password"); return(View(model)); } var identity = new ClaimsIdentity(new[] { new Claim("IsInternalUser", isInternalUser.ToString()), new Claim("UserID", loggedInCustomer.CustomerID.ToString()), new Claim(ClaimTypes.Name, loggedInCustomer.GivenName + " " + loggedInCustomer.Surname), new Claim(ClaimTypes.Email, loggedInCustomer.Email) }, "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); ViewBag.IsInternalUser = Convert.ToBoolean(isInternalUser.ToString()); return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError("", "Invalid email or password"); } } } } catch (Exception ex) { ModelState.AddModelError("Exception", ex.Message); } ViewBag.IsInternalUser = Convert.ToBoolean(isInternalUser.ToString()); return(View(model)); //Should always be declared on the end of an action method }
public ActionResult Login(LoginModel2 model) { if (!ModelState.IsValid) //if (model.CaptchaCodeText != Convert.ToString(Session["Captcha"])) //check if input == to captcha shown { if (Session["time"] == null) { model.CapImage = "data:image/png;base64," + Convert.ToBase64String(new Utility().VerificationTextGenerator()); model.CapImageText = Convert.ToString(Session["Captcha"]); return(View("Sample", model)); } else { time = (int)Session["time"]; time++; Session["time"] = time; Response.Write("Wrong times: " + time.ToString()); if (time >= 3) { model.CapImage = "data:image/png;base64," + Convert.ToBase64String(new Utility().VerificationTextGenerator()); model.CapImageText = Convert.ToString(Session["Captcha"]); return(View("Sample", model));//Returns the view with the input values so that the user doesn't have to retype again } } //Returns the view with the input values so that the user doesn't have to retype again /*if (Session["time"] == null) * { * Session["time"] = time + 1; * Response.Write("Wrong times: 1"); * } * else * { * time = (int)Session["time"]; * time++; * Session["time"] = time; * Response.Write("Wrong times: " + time.ToString()); * if (time >= 3) * { * model.CapImage = "data:image/png;base64," + Convert.ToBase64String(new Utility().VerificationTextGenerator()); * model.CapImageText = Convert.ToString(Session["Captcha"]); * * return View("Sample", model);//Returns the view with the input values so that the user doesn't have to retype again * * } * }*/ return(View()); } else { //MainDbContext db = new MainDbContext(); using (var db = new MainDbContext()) { var usernameCheck = db.Users.FirstOrDefault(u => u.Username == model.Users.Username); var getPassword = db.Users.Where(u => u.Username == model.Users.Username).Select(u => u.Password); var materializePassword = getPassword.ToList(); if (materializePassword.Count != 0) { var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Users.Username != null && model.Users.Password == decryptedPassword) { var searchrole = db.Role.Where(u => u.Id == usernameCheck.Key_Role).Select(u => u.RoleType); var materializeRole = searchrole.ToList(); var role = materializeRole[0]; var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; if (role == "doctor") { var checkname = db.Doctor.FirstOrDefault(u => u.Key_Users == usernameCheck.Id); var getname = db.Doctor.Where(u => u.Id == checkname.Id).Select(u => u.FirstName); var materializeName = getname.ToList(); var name = materializeName[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Role, role) }, "ApplicationCookie"); authManager.SignIn(identity); return(RedirectToAction("Index", "Doctor")); } else if (role == "FDR") { var checkname = db.FDR.FirstOrDefault(u => u.Key_Users == usernameCheck.Id); //var getname = db.PersonInfo.Where(u => u.Id == checkname.Key_PersonInfo).Select(u => u.FirstName); var getname = db.FDR.Select(u => u.FirstName); var materializeName = getname.ToList(); var name = materializeName[0]; var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Role, role) }, "ApplicationCookie"); authManager.SignIn(identity); return(RedirectToAction("Index", "FDR")); } else if (role == "nurse") { /*var checkname = db.Nurse.FirstOrDefault(u => u.Key_Users == usernameCheck.Id); * var getname = db.PersonInfo.Where(u => u.Id == checkname.Key_PersonInfo).Select(u => u.FirstName); * var materializeName = getname.ToList(); * var name = materializeName[0];*/ var identity = new ClaimsIdentity(new[] { //new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Role, role) }, "ApplicationCookie"); authManager.SignIn(identity); return(RedirectToAction("Index", "Nurse")); } else if (role == "administrator") { /*var checkname = db.Admin.FirstOrDefault(u => u.Key_Users == usernameCheck.Id); * var getname = db.PersonInfo.Where(u => u.Id == checkname.Key_PersonInfo).Select(u => u.FirstName); * var materializeName = getname.ToList(); * var name = materializeName[0];*/ var identity = new ClaimsIdentity(new[] { //new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Role, role) }, "ApplicationCookie"); authManager.SignIn(identity); return(RedirectToAction("Index", "Admin")); } } if (Session["time"] == null) { Session["time"] = time + 1; Response.Write("Wrong times: 1"); } else { time = (int)Session["time"]; time++; Session["time"] = time; Response.Write("Wrong times: " + time.ToString()); if (time >= 3) { model.CapImage = "data:image/png;base64," + Convert.ToBase64String(new Utility().VerificationTextGenerator()); model.CapImageText = Convert.ToString(Session["Captcha"]); return(View("Sample", model));//Returns the view with the input values so that the user doesn't have to retype again } } } else { if (Session["time"] == null) { Session["time"] = time + 1; Response.Write("Wrong times: 1"); } else { time = (int)Session["time"]; time++; Session["time"] = time; Response.Write("Wrong times: " + time.ToString()); if (time >= 3) { model.CapImage = "data:image/png;base64," + Convert.ToBase64String(new Utility().VerificationTextGenerator()); model.CapImageText = Convert.ToString(Session["Captcha"]); return(View("Sample", model));//Returns the view with the input values so that the user doesn't have to retype again } } //model.CapImage = "data:image/png;base64," + Convert.ToBase64String(new Utility().VerificationTextGenerator()); //model.CapImageText = Convert.ToString(Session["Captcha"]); ModelState.AddModelError("", "Invalid username or password"); //Should always be declared on the end of an action method } return(View(model)); } } }
public ActionResult Login(Users model) { if (!ModelState.IsValid) { return(View(model)); } using (var db = new MainDbContext()) { var emailCheck = db.Users.FirstOrDefault(u => u.Email == model.Email); var getPassword = db.Users.Where(u => u.Email == model.Email).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var decryptedPassword = CustomDecrypt.Decrypt(password); if (model.Email != null && model.Password == decryptedPassword) { var getName = db.Users.Where(u => u.Email == model.Email).Select(u => u.Name); var materializeName = getName.ToList(); var name = materializeName[0]; var getIc = db.Users.Where(u => u.Email == model.Email).Select(u => u.Ic); var materializeCountry = getIc.ToList(); var Ic = materializeCountry[0]; var getEmail = db.Users.Where(u => u.Email == model.Email).Select(u => u.Email); var materializeEmail = getEmail.ToList(); var email = materializeEmail[0]; var getRole = db.Users.Where(u => u.Email == model.Email).Select(u => u.Role); var materializeRole = getRole.ToList(); var role = materializeRole[0]; var getId = db.Users.Where(u => u.Email == model.Email).Select(u => u.Id); var materializeId = getId.ToList(); var Id = materializeId[0].ToString(); var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Sid, Ic), new Claim(ClaimTypes.Role, role), new Claim(ClaimTypes.NameIdentifier, Id) }, "ApplicationCookie"); var claimsPrincipal = new ClaimsPrincipal(identity); Thread.CurrentPrincipal = claimsPrincipal; var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); Session["email"] = model.Email; if (role == "Admin") { ViewBag.AlertMessageAdmin = "Welcome to RapidKL E-Ticketing"; return(RedirectToAction("Index", "Home")); } if (role == "User") { ViewBag.AlertMessageAdmin = "Welcome to RapidKL E-Ticketing"; return(RedirectToAction("UsersIndex", "Users")); } } else { ModelState.AddModelError("", "Wrong Password or Email"); } } return(View(model)); }
public ActionResult ChangePassword(ChangePassword model, string ReturnUrl = "") { string message = ""; bool Status = false; string type = "Success"; var userControl = new UserController(); if (!userControl.checkPasswordStrengt(model.NewPassword)) { message = "password does not match rules please include one uppercase letter, one number and one of these symbols !,@,#,$,%,^,&,*,?,_,~,-,£,(,)"; Status = true; type = "Error"; } else { var CurrentUserEmail = HttpContext.User.Identity.Name; using (MyDatabaseEntities dc = new MyDatabaseEntities()) { var user = dc.Users.Where(x => x.EmailID == CurrentUserEmail).FirstOrDefault(); var getPassword = dc.Users.Where(u => u.EmailID == user.EmailID).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var getCryptoOne = dc.cryptokeys.Where(u => u.UserID == user.UserID).Select(u => u.cryptone); var materializeCryptoOne = getCryptoOne.ToList(); var CryptoOne = materializeCryptoOne[0]; var getCryptoTwo = dc.cryptokeys.Where(u => u.UserID == user.UserID).Select(u => u.crypttwo); var materializeCryptoTwo = getCryptoTwo.ToList(); var CryptoTwo = materializeCryptoTwo[0]; var getCryptoTree = dc.cryptokeys.Where(u => u.UserID == user.UserID).Select(u => u.crypttree); var materializeCryptoTree = getCryptoTree.ToList(); var keyTree = materializeCryptoTree[0]; var keyTwo = CustomDecrypt.Decrypt(CryptoTwo, keyTree); var keyOne = CustomDecrypt.Decrypt(CryptoOne, keyTwo); var decryptPassword = CustomDecrypt.Decrypt(password, keyOne); if ((string.Compare(model.Password, decryptPassword) == 0)) { string NewkeyOne = CustomEnrypt.RandomString(15); string NewkeyTwo = CustomEnrypt.RandomString(15); string NewkeyTree = CustomEnrypt.RandomString(15); user.Password = CustomEnrypt.Encrypt(model.NewPassword, NewkeyOne); //user.Password = Crypto.Hash(user.Password); user.ConfirmPassword = CustomEnrypt.Encrypt(model.ConfirmPassword, NewkeyOne); var crypto = dc.cryptokeys.Where(x => x.UserID == user.UserID).FirstOrDefault(); crypto.cryptone = CustomEnrypt.Encrypt(NewkeyOne, NewkeyTwo); crypto.crypttwo = CustomEnrypt.Encrypt(NewkeyTwo, NewkeyTree); crypto.crypttree = NewkeyTree; try { if (user.TempPasswordSet) { user.TempPasswordSet = false; user.Failed_Logins = 0; } dc.SaveChanges(); message = "Your password have been successfuly changed."; Status = true; } catch (DbEntityValidationException ex) { foreach (var entityValidationErrors in ex.EntityValidationErrors) { foreach (var validationError in entityValidationErrors.ValidationErrors) { Response.Write("Property: " + validationError.PropertyName + " Error: " + validationError.ErrorMessage); } } } } else { message = "Password does not match if Error continues contact administrator."; Status = true; type = "Error"; } } } ViewBag.Message = message; ViewBag.Status = Status; ViewBag.Type = type; return(View()); }
/// <summary> /// Checks if a token is valid. /// </summary> /// <param name="token">string - generated either by GenerateToken() or via client with cryptojs etc.</param> /// <param name="ip">string - IP address of client, passed in by RESTAuthenticate attribute on controller.</param> /// <param name="userAgent">string - user-agent of client, passed in by RESTAuthenticate attribute on controller.</param> /// <returns>bool</returns> //public static List<string> IsTokenValid(string token, string ip, string userAgent) public static bool IsTokenValid(string token, string ip, string userAgent) { List <string> info = new List <string>(); bool result = false; try { // Base64 decode the string, obtaining the token:username:timeStamp. string key = Encoding.UTF8.GetString(Convert.FromBase64String(token)); // Split the parts. string[] parts = key.Split(new char[] { ':' }); Console.WriteLine(parts); if (parts.Length == 3) { // Get the hash message, username, and timestamp. string hash = parts[0]; string userId = parts[1]; long ticks = long.Parse(parts[2]); DateTime timeStamp = new DateTime(ticks); info.Add("hash = " + hash); info.Add("username = "******"userAgent = " + userAgent); info.Add("ip = " + ip); // Ensure the timestamp is valid. bool expired = Math.Abs((DateTime.UtcNow - timeStamp).TotalMinutes) > _expirationMinutes; info.Add("expired = " + expired); if (!expired) { // // Lookup the user's account from the db. // try { var connectionString = CommonManager.ReturnNeededConnectionStringForCommonDatabase(); string sqlToCheckIfInsertionIsInProgress = "SELECT userPwd FROM tblUser WHERE userId = @userId AND ifRemoved='False'"; using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmdToCheckIfInsertionIsInProgress = new SqlCommand(sqlToCheckIfInsertionIsInProgress, conn); cmdToCheckIfInsertionIsInProgress.Parameters.AddWithValue("@userId", userId); string decryptedUserPwd = (string)cmdToCheckIfInsertionIsInProgress.ExecuteScalar(); string userPwd = CustomDecrypt.Decrypt(decryptedUserPwd); string computedToken = GenerateToken(userId, userPwd, ip, userAgent, ticks); // Compare the computed token with the one supplied and ensure they match. result = (token == computedToken); } } catch (Exception e) { //Console.WriteLine(e); return(false); } } } } catch (Exception e) { //Console.WriteLine(e); return(false); } return(result); //return info; }
public ActionResult Login(UserLogin login, string ReturnUrl = "") { bool Status = false; string message = ""; string type = "Success"; using (MyDatabaseEntities db = new MyDatabaseEntities()) { //var v = dc.Users.Where(a => a.EmailID == login.EmailID).FirstOrDefault(); var emailCheck = db.Users.FirstOrDefault(u => u.EmailID == login.EmailID); var usr_id = db.Users.Where(u => u.EmailID == login.EmailID).Select(u => u.UserID).FirstOrDefault(); var getPassword = db.Users.Where(u => u.EmailID == login.EmailID).Select(u => u.Password); var materializePassword = getPassword.ToList(); var password = materializePassword[0]; var getCryptoOne = db.cryptokeys.Where(u => u.UserID == usr_id).Select(u => u.cryptone); var materializeCryptoOne = getCryptoOne.ToList(); var CryptoOne = materializeCryptoOne[0]; var getCryptoTwo = db.cryptokeys.Where(u => u.UserID == usr_id).Select(u => u.crypttwo); var materializeCryptoTwo = getCryptoTwo.ToList(); var CryptoTwo = materializeCryptoTwo[0]; var getCryptoTree = db.cryptokeys.Where(u => u.UserID == usr_id).Select(u => u.crypttree); var materializeCryptoTree = getCryptoTree.ToList(); var keyTree = materializeCryptoTree[0]; var keyTwo = CustomDecrypt.Decrypt(CryptoTwo, keyTree); var keyOne = CustomDecrypt.Decrypt(CryptoOne, keyTwo); var decryptPassword = CustomDecrypt.Decrypt(password, keyOne); //TODO: add decrypt af decryptkey using master decryptkey var user = db.Users.Where(u => u.EmailID == login.EmailID).FirstOrDefault(); if (user != null && user.IsEmailVerified) { if ((string.Compare(login.Password, decryptPassword) == 0) && !(user.Locked)) { int timeout = login.RememberMe ? 525600 : 20; // 525600 min = 1 year var ticket = new FormsAuthenticationTicket(login.EmailID, login.RememberMe, timeout); string encrypted = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted); cookie.Expires = DateTime.Now.AddMinutes(timeout); cookie.HttpOnly = true; Response.Cookies.Add(cookie); if (user.TempPasswordSet) { return(RedirectToAction("ChangePassword", "UserSettings")); } if (Url.IsLocalUrl(ReturnUrl)) { return(Redirect(ReturnUrl)); } else { return(RedirectToAction("Index", "Home")); } } else { if (user.Failed_Logins < 3) { user.Failed_Logins++; message = "Invalid email or password"; type = "Error"; Status = true; } else if (user.Failed_Logins == 3 || user.Locked) { user.Locked = true; Status = true; type = "Error"; message = "To many log in attemtes you have been locked out please contact system admin to be unlocked."; } try { user.ConfirmPassword = user.Password; db.SaveChanges(); } catch (DbEntityValidationException ex) { foreach (var entityValidationErrors in ex.EntityValidationErrors) { foreach (var validationError in entityValidationErrors.ValidationErrors) { Response.Write("Property: " + validationError.PropertyName + " Error: " + validationError.ErrorMessage); } } } } } else { if (user == null) { message = "User does not exist "; Status = true; type = "Error"; } if (!user.IsEmailVerified) { message = "Please verify your account"; Status = true; type = "Error"; } } } ViewBag.Message = message; ViewBag.Status = Status; ViewBag.Type = type; return(View()); }