public void AddEventLog1(EventLogType LogTypeEnum, string LogMessage, string ErrMessage, string UserName, int UserID) { EventLogType LogType = LogTypeEnum; string LoginRemoteIpAddress = _session.GetString("LoginRemoteIpAddress"); string LoginTypeParam = _session.GetString("LoginTypeParam"); string Source = _session.GetString("ApiSource"); string FormName = _session.GetString("ControllerAction"); if (LogMessage != "" || ErrMessage != "") { try { var newobj = new EventLog(); newobj.LogType = LogType; newobj.LogDateTime = DateTime.Now; newobj.Source = Source; newobj.FormName = FormName; newobj.LogMessage = LogMessage; newobj.ErrMessage = ErrMessage; newobj.UserID = UserID; newobj.UserType = UserName; newobj.ipAddress = LoginRemoteIpAddress; Create(newobj); Save(); } catch (Exception ex) { Globalfunction.WriteSystemLog("SQL Exception :" + ex.Message); } } }
public String GetUpdateEventLogString(dynamic entity) { PropertyValues oldObj; string _OldObjString = ""; try { oldObj = this.RepositoryContext.Entry(entity).OriginalValues; if (oldObj == null) return ""; JObject _newObj = JObject.FromObject(entity); var _newList = _newObj.ToObject<Dictionary<string, object>>(); foreach (var item in oldObj.Properties) { var name = item.Name; var val = oldObj[name] != null ? oldObj[name].ToString().Trim() : ""; var newval = _newList.GetValueOrDefault(name) != null ? _newList.GetValueOrDefault(name).ToString().Trim() : ""; string msg = ""; if(val != newval) msg = name + " : " + val + " >>> " + newval + "\r\n"; _OldObjString += msg; } } catch (Exception ex) { Globalfunction.WriteSystemLog("Exception :" + ex.Message); } return _OldObjString; }
public void AddEventLog(EventLogType LogTypeEnum, string LogMessage, string ErrMessage) { EventLogType LogType = LogTypeEnum; string LoginUserID = _session.GetString("LoginUserID"); string LoginRemoteIpAddress = _session.GetString("LoginRemoteIpAddress"); string LoginTypeParam = _session.GetString("LoginTypeParam"); string Source = _session.GetString("ApiSource"); string FormName = _session.GetString("ControllerAction"); if (LogMessage != "" || ErrMessage != "") { if (LoginTypeParam == "" || LoginTypeParam == null) { LoginTypeParam = "0"; } string LoginTypestr = "public"; int LoginType = 0; if (LoginTypeParam == "mobile") { LoginType = 2; } else { LoginType = int.Parse(LoginTypeParam); } if (LoginType == 1) { LoginTypestr = "admin"; } else if (LoginType == 2) { LoginTypestr = "Mobile_Customer"; } try { var newobj = new EventLog(); newobj.LogType = LogType; newobj.LogDateTime = DateTime.Now; newobj.Source = Source; newobj.FormName = FormName; newobj.LogMessage = LogMessage; newobj.ErrMessage = ErrMessage; newobj.UserID = int.Parse(LoginUserID); newobj.UserType = LoginTypestr; newobj.ipAddress = LoginRemoteIpAddress; Create(newobj); Save(); } catch (Exception ex) { Globalfunction.WriteSystemLog("SQL Exception :" + ex.Message); } } }
private async Task GenerateToken(HttpContext context) { //var username = context.Request.Form["username"]; //admin //var password = context.Request.Form["password"]; //gwtsoft //var _loginType = context.Request.Form["LoginType"]; LoginDataModel loginData = new LoginDataModel(); string username = ""; string password = ""; string _loginType = ""; string MemberID = ""; string MemberNo = ""; try { using (var reader = new System.IO.StreamReader(context.Request.Body)) { var request_body = reader.ReadToEnd(); loginData = JsonConvert.DeserializeObject <LoginDataModel>(request_body, _serializerSettings); if (loginData.username == null) { loginData.username = ""; } if (loginData.password == null) { loginData.password = ""; } if (loginData.LoginType == null) { loginData.LoginType = ""; } username = loginData.username; password = loginData.password; _loginType = loginData.LoginType; } } catch (Exception ex) { string error = ex.Message; } string ipaddress = "127.0.0.1"; // set ipaddress if (context.Connection.RemoteIpAddress != null) { ipaddress = context.Connection.RemoteIpAddress.ToString(); } string clienturl = context.Request.Headers["Referer"]; dynamic result = null; string ipaddresslist = ""; if (_loginType == "1") { result = doAdminTypeloginValidation(username, password, clienturl, ipaddress); if (result == null || result.Count <= 0) { context.Response.StatusCode = 400; await context.Response.WriteAsync("Invalid username or password."); return; } if (result[0].access_status == 1) { context.Response.StatusCode = 400; await context.Response.WriteAsync("This user account is deleted."); return; } if (result[0].access_status == 2) { context.Response.StatusCode = 400; await context.Response.WriteAsync("This user account is locked.Please check your email to unlock your account!!!"); return; } ipaddresslist = result[0].restricted_iplist; } else if (_loginType == "2") { result = doCustomerTypeloginValidation(username, password, clienturl, ipaddress); if (result == null || result.Count <= 0) { context.Response.StatusCode = 400; string Message = "Invalid username or password."; var objresponse = new { status = 0, messages = Message }; await context.Response.WriteAsync(JsonConvert.SerializeObject(objresponse)); // await context.Response.WriteAsync("Invalid username or password."); return; } if (result[0].access_status == 1) { context.Response.StatusCode = 400; string Message = "This user account is deleted."; var objresponse = new { status = 0, messages = Message }; await context.Response.WriteAsync(JsonConvert.SerializeObject(objresponse)); // await context.Response.WriteAsync("This user account is deleted."); return; } if (result[0].access_status == 2) { context.Response.StatusCode = 400; string Message = "This user account is locked.Please check your email to unlock your account!!!"; var objresponse = new { status = 0, messages = Message }; await context.Response.WriteAsync(JsonConvert.SerializeObject(objresponse)); // await context.Response.WriteAsync("This user account is locked.Please check your email to unlock your account!!!"); return; } } else { // result = (_repository.Member.GetMemberLoginValidation(username)).ToList(); if (result.Count > 0) { MemberID = result[0].memberID.ToString(); MemberNo = result[0].memberNo; } if (result == null || result.Count <= 0) { context.Response.StatusCode = 400; await context.Response.WriteAsync("Invalid username or password."); return; } if (result[0].access_status == 1) { context.Response.StatusCode = 400; await context.Response.WriteAsync("This user account is deleted."); return; } if (result[0].access_status == 2) { context.Response.StatusCode = 400; await context.Response.WriteAsync("This user account is locked.Please check your email to unlock your account!!!"); return; } } Boolean sameip = true; if (ipaddresslist != "" && ipaddresslist != null) { sameip = false; string[] ipaddressarr = ipaddresslist.Split(','); for (int ip_index = 0; ip_index < ipaddressarr.Length; ip_index++) { if (ipaddress == ipaddressarr[ip_index].Trim()) { sameip = true; break; } } } if (sameip == false) { context.Response.StatusCode = 400; await context.Response.WriteAsync("Your IP Address is invalid for this account."); return; } if (_loginType == "1") { string userID = result[0].AdminID.ToString(); var now = DateTime.UtcNow; var _tokenData = new TokenData(); _tokenData.Sub = result[0].AdminName; _tokenData.Jti = await _options.NonceGenerator(); _tokenData.Iat = new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(); _tokenData.UserID = userID; _tokenData.Userlevelid = result[0].AdminLevelID.ToString(); //_tokenData.CompanyID = result[0].CompanyID; // _tokenData.branchID = result[0].branchID; _tokenData.LoginType = _loginType.ToString(); _tokenData.TicketExpireDate = now.Add(_options.Expiration); var claims = Globalfunction.GetClaims(_tokenData); // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: _options.Issuer, audience: _options.Audience, claims: claims, notBefore: now, expires: now.Add(_options.Expiration), signingCredentials: _options.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var settingresult = (_repository.Setting.GetPasswordValidation()).ToList(); var pwdlength = settingresult[0].Value; var response = new { access_token = encodedJwt, expires_in = (int)_options.Expiration.TotalSeconds, UserID = userID, LoginType = _loginType, userLevelID = result[0].AdminLevelID, displayName = result[0].AdminName, CompanyID = result[0].CompanyID, //branchID = result[0].branchID, MemberID = MemberID, userImage = result[0].ImagePath, PWDLength = pwdlength.ToString() }; context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(response, _serializerSettings)); } else if (_loginType == "2") { string userID = result[0].customerID.ToString(); var now = DateTime.UtcNow; var _tokenData = new TokenData(); _tokenData.Sub = result[0].customername; _tokenData.Jti = await _options.NonceGenerator(); _tokenData.Iat = new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(); _tokenData.UserID = userID; // _tokenData.branchID = result[0].branchID; _tokenData.LoginType = _loginType.ToString(); _tokenData.TicketExpireDate = now.Add(_options.Expiration); var claims = Globalfunction.GetClaims(_tokenData); // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: _options.Issuer, audience: _options.Audience, claims: claims, notBefore: now, expires: now.Add(_options.Expiration), signingCredentials: _options.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var settingresult = (_repository.Setting.GetPasswordValidation()).ToList(); var pwdlength = settingresult[0].Value; var response = new { access_token = encodedJwt, expires_in = (int)_options.Expiration.TotalSeconds, UserID = userID, LoginType = Convert.ToInt32(_loginType), displayName = result[0].customername, CustomerID = result[0].customerID, LoginName = result[0].username, Customercode = result[0].customercode, PWDLength = pwdlength.ToString() }; var objresponse = new { status = 1, messages = "success", data = response }; context.Response.ContentType = "application/json"; // await context.Response.WriteAsync(JsonConvert.SerializeObject(response, _serializerSettings)); await context.Response.WriteAsync(JsonConvert.SerializeObject(objresponse, _serializerSettings)); } else { string memberID = result[0].memberID.ToString(); var now = DateTime.UtcNow; var _tokenData = new TokenData(); _tokenData.Sub = result[0].memberName; _tokenData.Jti = await _options.NonceGenerator(); _tokenData.Iat = new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(); _tokenData.UserID = memberID; // _tokenData.Userlevelid = result[0].AdminLevelID.ToString(); //_tokenData.LoginType = _loginType.ToString(); _tokenData.TicketExpireDate = now.Add(_options.Expiration); var claims = Globalfunction.GetClaims(_tokenData); // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: _options.Issuer, audience: _options.Audience, claims: claims, notBefore: now, expires: now.Add(_options.Expiration), signingCredentials: _options.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var settingresult = (_repository.Setting.GetPasswordValidation()).ToList(); var pwdlength = settingresult[0].Value; var response = new { access_token = encodedJwt, expires_in = (int)_options.Expiration.TotalSeconds, // UserID = userID, // LoginType = _loginType, // userLevelID = result[0].AdminLevelID, displayName = result[0].memberName, MemberID = MemberID, MemberNo = MemberNo, //userImage = result[0].ImagePath, PWDLength = pwdlength.ToString() }; context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(response, _serializerSettings)); } // Serialize and return the response }
public async Task InvokeAsync(HttpContext context, RequestDelegate next) { string ipaddress = "127.0.0.1"; if (context.Connection.RemoteIpAddress != null) { ipaddress = context.Connection.RemoteIpAddress.ToString(); } _session.SetString("LoginUserID", "0"); _session.SetString("LoginRemoteIpAddress", ipaddress); _session.SetString("LoginTypeParam", "1"); TokenData _tokenData = null; var access_token = ""; var hdtoken = context.Request.Headers["Authorization"]; if (hdtoken.Count > 0) { access_token = hdtoken[0]; access_token = access_token.Replace("Bearer ", ""); var handler = new JwtSecurityTokenHandler(); var tokenS = handler.ReadToken(access_token) as JwtSecurityToken; _tokenData = Globalfunction.GetTokenData(tokenS); } else { //TODO for some var pathstr = context.Request.Path.ToString(); string[] patharr = pathstr.Split('/'); //int prequest = Array.IndexOf(patharr, "public"); int prequest = Array.IndexOf(patharr, "api"); if (prequest > 0) { await next(context); } else { await ResponseMessage(new { status = "fail", message = "Access Denied" }, context, 400); } } // _objdb = DB; if (!context.Request.Path.Equals(_options.Path, StringComparison.Ordinal)) { // await next(context); var methodName = context.Request.Path.ToString().Split("/")[3]; //Regenerate newtoken for not timeout at running string newToken = ""; try { var pathstr = context.Request.Path.ToString(); string[] patharr = pathstr.Split('/'); int prequest = Array.IndexOf(patharr, "public"); int trequest = Array.IndexOf(patharr, "testapi"); int flowrequest = Array.IndexOf(patharr, "TLG"); int customerrequest = Array.IndexOf(patharr, "CutomerMobile"); if (prequest < 1 && trequest < 1 && flowrequest < 1 && customerrequest < 1) { var handler = new JwtSecurityTokenHandler(); var allow = false; var tokenS = handler.ReadToken(access_token) as JwtSecurityToken; //check userlevel permission if (patharr[1].ToString() == "api") { var isadmin = false; tbl_role objAdminLevel = null; if (_tokenData.Userlevelid != "") { objAdminLevel = _repository.Role_Repository.GetRolebyid(int.Parse(_tokenData.Userlevelid)); } else { isadmin = true; } //var objAdminLevel = _repository.AdminLevel.FindAdminLevel(int.Parse(_tokenData.Userlevelid)); if (objAdminLevel != null) { isadmin = objAdminLevel.role_is_admin; } if (isadmin) { allow = true; } else { // string ipaddress = context.Connection.RemoteIpAddress.ToString(); // allow = checkURLPermission(_tokenData, patharr[2], patharr[3], ipaddress); string controllername = patharr[2]; string functionname = patharr[3]; string ServiceUrl = controllername + "/" + functionname; } } if (patharr[1].ToString() == "mobile") { allow = true; } if (allow) { // check token expired double expireTime = Convert.ToDouble(_options.Expiration.TotalMinutes); DateTime issueDate = _tokenData.TicketExpireDate.AddMinutes(-expireTime); DateTime NowDate = DateTime.UtcNow; if (issueDate > NowDate || _tokenData.TicketExpireDate < NowDate) { // return "-2"; newToken = "-2"; } // end of token expired check var now = DateTime.UtcNow; _tokenData.Jti = new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(); _tokenData.Jti = await _options.NonceGenerator(); var claims = Globalfunction.GetClaims(_tokenData); // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: _options.Issuer, audience: _options.Audience, claims: claims, notBefore: now, expires: now.Add(_options.Expiration), signingCredentials: _options.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); // return encodedJwt; newToken = encodedJwt; _session.SetString("LoginUserID", _tokenData.UserID); _session.SetString("LoginRemoteIpAddress", ipaddress); _session.SetString("LoginTypeParam", "1"); if (patharr[1].ToString() == "mobile") { _session.SetString("LoginUserID", _tokenData.UserID); _session.SetString("LoginRemoteIpAddress", ipaddress); _session.SetString("LoginTypeParam", "mobile"); } } else { //return "-1"; newToken = "-1"; } } else { // if request is public, let pass without token. await next(context); } } catch (Exception ex) { Globalfunction.WriteSystemLog(ex.Message); } if (newToken == "-1") { _repository.EventLog.Info("Not include Authorization Header, Access Denied"); context.Response.StatusCode = 400; await ResponseMessage(new { status = "fail", message = "Access Denied" }, context, 400); } else if (newToken == "-2") { context.Response.StatusCode = 400; await ResponseMessage(new { status = "fail", message = "The Token has expired" }, context, 400); } else if (newToken != "") { context.Response.Headers.Add("Access-Control-Expose-Headers", "newToken"); context.Response.Headers.Add("newToken", newToken); await next(context); } } else { // return GenerateToken(context); await GenerateToken(context); } }
dynamic doCustomerTypeloginValidation(string username, string password, string clienturl, string ipaddress) { var result = _repository.Customer.GetCustomerLoginMobile(username); if (result.Count <= 0) { return(null); } //To set for Session Data string LoginUserID = result[0].customerID.ToString(); _session.SetString("LoginUserID", LoginUserID); _session.SetString("LoginRemoteIpAddress", ipaddress); _session.SetString("LoginTypeParam", "1"); string oldhash = result[0].password; //"wlaf1//SXWsJp/2+Mo8+1wnmxbmZ5ZAt"; //gwtsoft string oldsalt = result[0].salt; //"/SApKtKXpIa6YnHCjKLxQJAeb279BlX8"; bool flag = Operational.Encrypt.SaltedHash.Verify(oldsalt, oldhash, password); if (flag == false) { //increase login_failure count Customer objCustomer = _repository.Customer.FindById(result[0].customerID); bool accLock = false; if (objCustomer != null) { var newfailcount = result[0].login_fail_count + 1; var settingresult = (_repository.Setting.GetAllowLoginFailCount()).ToList(); var settingfailcount = settingresult[0].Value; //change access_status to 2 if login_failure_count = 'Allow Login Failure Count' from setting table if (newfailcount >= Int32.Parse(settingfailcount)) { objCustomer.access_status = 2; accLock = true; //send email to unlock var emailtemplateresult = (_repository.EmailTemplate.GetEmailTemplate("Account Lock Notification")).ToList(); var settingResult = _repository.EmailTemplate.GetSettingResult(); string Message = emailtemplateresult[0].template_content; string Subject = emailtemplateresult[0].subject; string Variable = emailtemplateresult[0].variable; string FromEmail = emailtemplateresult[0].from_email; string Email = result[0].Email; string Account_Name = result[0].customername; string Login_Name = result[0].username; var plainTextBytes = Encoding.UTF8.GetBytes(result[0].customerID.ToString()); string ID = Convert.ToBase64String(plainTextBytes).Replace("=", "%3D");; string unlock_url = "#/unlock/" + ID; string body = Message.Replace("[Account Name]", Account_Name).Replace("[Login Name]", Login_Name).Replace("[Unlock URL]", unlock_url).Replace("\n", "<br/>"); Globalfunction.SendEmailAsync(settingResult, Email, FromEmail, Subject, body, true); } objCustomer.login_fail_count = newfailcount; _repository.Customer.Update(objCustomer); _repository.EventLog.Info("Login failed for this account UserName : "******" , Password : "******"Successful login for this account UserName : " + username); result = _repository.Customer.GetCustomerLoginMobile(username); } } return(result); }