public ActionResult Login(LoginViewModel model, string ReturnUrl = "")
{
string EncryptionKey = "SHA512";
string message = "";
if (ModelState.IsValid)
{
using (EastMedDB db = new EastMedDB())
{
var userexist = db.user.Where(a => a.UNI_ID == model.UNI_ID && a.IsActive == true).FirstOrDefault();
if (userexist != null)
{
if (string.Compare((model.Password.Trim()), CustomDecrypt.passwordDecrypt(userexist.PASSWORD, EncryptionKey)) == 0)
{
// In here 2 method has been used to save user login atraction to specific pages
// Sessions and cookies give as to control menus and specification for each user.
// Cookies to used authorized the application and protect to anonymous enter
// Cookies are encrypted in client site the avoid from the cookie attacks.
Session["RoleID"] = userexist.FK_PRIVILEGE_ID;
Session["UserName"] = userexist.FIRST_NAME + " " + userexist.LAST_NAME;
Session["UserID"] = userexist.UNI_ID;
Session["UserDatabaseID"] = userexist.ID;
int timeout = model.RememberMe ? 525600 : 30; // 30 min to expire the cookie.
var ticket = new FormsAuthenticationTicket(model.UNI_ID, model.RememberMe, timeout);
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = DateTime.Now.AddMinutes(timeout);
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
if (Url.IsLocalUrl(ReturnUrl))
{
return(Redirect(ReturnUrl));
}
else
{
userexist.LAST_LOGINDATE = DateTime.Now;
db.user.Attach(userexist);
var entry = db.Entry(userexist);
entry.Property(x => x.LAST_LOGINDATE).IsModified = true;
db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
}
else
{
ModelState.AddModelError("", "Invalid user/pass");
return(View());
}
}
else
{
ModelState.AddModelError("", "Invalid user/pass");
return(View());
}
}
}
ViewBag.Message = message;
return(View());
}
