public ActionResult LogOnAsGuestUser(string returnUrl)
{
LogOnModel model = new LogOnModel();
model.UserName = "******";
model.Password = "******";
try
{
if (ModelState.IsValid)
{
var allusers = from usertabel in database.DX_USER where usertabel.userid == model.UserName select usertabel;
if (allusers != null && allusers.ToList().Count == 1)
{
var UserRecord = allusers.First();
if (UserRecord.pwdhash.Equals(generateHash(UserRecord.salt, model.Password)))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
//Set userid in session
SessionKeyMgmt.UserId = model.UserName;
//Get the department
SessionKeyMgmt.UserDept = DbCommonQueries.getDepartmentName(model.UserName, database);
//Security checkpoint for preventing open redirect attack
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("RespectiveHome"));
}
}
else
{
ModelState.AddModelError("", "password provided is incorrect.");
}
}
else
{
ModelState.AddModelError("", "Email id incorrect please try again!");
}
}
else
{
ModelState.AddModelError("", "Email id and password provided is incorrect.");
}
// If we got this far, something failed, redisplay form
}
catch (Exception)
{
ModelState.AddModelError("", "Can not process request, please try after some time!");
}
return(View(model));
}
public ActionResult Index()
{
List <UserNeedingApproval> AllUsersNeedingApproval = new List <UserNeedingApproval>();
try
{
if (ModelState.IsValid)
{
var allTempUsers = from usertable in database.DX_USER where usertable.accesslevel.Equals(Constants.TEMP_USER_ACCESS) select usertable;
if (allTempUsers != null && allTempUsers.ToList().Count >= 1)
{
List <DX_USER> users = (List <DX_USER>)allTempUsers.ToList();
foreach (DX_USER tempuser in users)
{
UserNeedingApproval tempUserNeedingApproval = new UserNeedingApproval();
tempUserNeedingApproval.Email = tempuser.userid;
tempUserNeedingApproval.Name = tempuser.fname + " " + tempuser.lname;
tempUserNeedingApproval.Position = tempuser.role;
List <string> depts = DbCommonQueries.getDepartmentName(tempuser.userid, database);
string department = "";
foreach (string dept in depts)
{
department = department + dept + ", ";
}
;
tempUserNeedingApproval.Department = department;
tempUserNeedingApproval.creationDate = new DateTime();
AllUsersNeedingApproval.Add(tempUserNeedingApproval);
}
}
}
}
catch { ModelState.AddModelError("", "Error occured while populating all user requests"); }
return(View(AllUsersNeedingApproval));
}
public ActionResult AllExistingUsers()
{
List <ExistingUsers> CurrentUsers = new List <ExistingUsers>();
try
{
if (ModelState.IsValid)
{
var allUsersNeeded = from usertable in database.DX_USER where usertable.accesslevel != Constants.TEMP_USER_ACCESS && usertable.accesslevel != Constants.ADMIN_USER_ACCESS && usertable.accesslevel != Constants.ADMINLESS_USER_ACCESS select usertable;
if (allUsersNeeded != null && allUsersNeeded.ToList().Count >= 1)
{
List <DX_USER> users = (List <DX_USER>)allUsersNeeded.ToList();
foreach (DX_USER presentuser in users)
{
ExistingUsers CurrentExistingUser = new ExistingUsers();
CurrentExistingUser.Email = presentuser.userid;
CurrentExistingUser.Name = presentuser.fname + " " + presentuser.lname;
CurrentExistingUser.Position = presentuser.role;
CurrentExistingUser.accessLevel = presentuser.accesslevel;
List <string> depts = DbCommonQueries.getDepartmentName(presentuser.userid, database);
string department = "";
foreach (string dept in depts)
{
department = department + dept + ", ";
}
;
CurrentExistingUser.Department = department;
CurrentExistingUser.creationDate = new DateTime();
CurrentUsers.Add(CurrentExistingUser);
}
}
}
}
catch { ModelState.AddModelError("", "Error occured while populating existing users"); }
return(View(CurrentUsers));
}
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
try
{
//Login attempts
if (SessionKeyMgmt.LoginAttempts == 0)
{
SessionKeyMgmt.LoginAttempts = 1;
}
else
{
int count = SessionKeyMgmt.LoginAttempts;
count++;
SessionKeyMgmt.LoginAttempts = count;
if (model.Captcha != null)
{
if (verifyCaptcha() == false)
{
ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
return(View(model));
}
ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
}
}
if (model.Captcha == null)
{
model.Captcha = "";
}
//Login attempts end
if (logonValidations(model) == false)
{
return(View(model));
}
if (ModelState.IsValid)
{
var allusers = from usertabel in database.DX_USER where usertabel.userid == model.UserName select usertabel;
if (allusers != null && allusers.ToList().Count == 1)
{
var UserRecord = allusers.First();
if (UserRecord.pwdhash.Equals(generateHash(UserRecord.salt, model.Password)))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
//Set userid in session
SessionKeyMgmt.UserId = model.UserName;
//Get the department
SessionKeyMgmt.UserDept = DbCommonQueries.getDepartmentName(model.UserName, database);
SessionKeyMgmt.LoginAttempts = 0;
// Roles.DeleteCookie();
//Security checkpoint for preventing open redirect attack
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("RespectiveHome"));
}
}
else
{
ModelState.AddModelError("", "Email-id or password provided is incorrect please try again!!");
}
}
else
{
ModelState.AddModelError("", "Email-id or password incorrect please try agian!!");
}
}
else
{
ModelState.AddModelError("", "This is invalid request. Please provide email and passwod");
}
// If we got this far, something failed, redisplay form
}
catch (Exception)
{
ModelState.AddModelError("", "Can not process request, please try after some time!");
}
return(View(model));
}