public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//filterContext.HttpContext.Session["GUIDSessionID"] = HttpContext.Current.Request.Cookies.Get("v_au").Value;
if (filterContext.HttpContext.Session["loginStatus"] != null)
{
loginStatusFlag = filterContext.HttpContext.Session["loginStatus"].ToString();
}
if (filterContext.HttpContext.Session["TwoFactor"] != null)
{
callForTwoFactor = filterContext.HttpContext.Session["TwoFactor"].ToString();
}
if (loginStatusFlag == "1")
{
if (filterContext.HttpContext.Session["CaptchaValue"] != null)
{
ActualText = filterContext.HttpContext.Session["CaptchaValue"].ToString();
}
else
{
ActualText = string.Empty;
}
if (filterContext.HttpContext.Session["SerCaptchaPath"] != null)
{
CaptchaDirServerPath = filterContext.HttpContext.Session["SerCaptchaPath"].ToString();
}
else
{
CaptchaDirServerPath = string.Empty;
}
}
bool bReturn = false;
LoginUserDetails objLoginUserDetails = null;
AuthenticationDTO objAuthenticationDTO = null;
UserInfoDTO objUserAfterValidationObject = null;
UserInfoDTO objUserAunthentication = null;
PasswordConfigDTO objPasswordConfig = null;
List <string> lstAuthorizationActionLinks = null;
List <int> lstAuthorisedActionId = null;
List <ActivityResourceMappingDTO> lstActivityResourceMappingDTO = null;
Dictionary <string, List <ActivityResourceMappingDTO> > dicActivityResourceMappingDTO = null;
int loginCount = 0;
bool lockFlag = false;
bool flag = false;
Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod());
try
{
objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
if (objLoginUserDetails != null)
{
//If IsAccountValidated is true in session abject then again it is not checked and only activity aauthorization
//is checked.
if (!objLoginUserDetails.IsAccountValidated)
{
objAuthenticationDTO = new AuthenticationDTO();
objAuthenticationDTO.LoginID = objLoginUserDetails.UserName;
objAuthenticationDTO.Password = objLoginUserDetails.Password;
//string sEncryptedPassword = "";
//Common.Common.encryptData(objAuthenticationDTO.Password, out sEncryptedPassword);
//objAuthenticationDTO.Password = sEncryptedPassword;
objUserAfterValidationObject = new UserInfoDTO();
using (var objUserInfoSL = new UserInfoSL())
{
if (objLoginUserDetails.CompanyDBConnectionString != null)
{
bReturn = objUserInfoSL.ValidateUser(objLoginUserDetails.CompanyDBConnectionString, objAuthenticationDTO, ref objUserAfterValidationObject);
Common.Common.WriteLogToFile("Validated User ", System.Reflection.MethodBase.GetCurrentMethod());
}
if (bReturn)
{
lstAuthorizationActionLinks = new List <string>();
lstAuthorisedActionId = new List <int>();
if (objUserAfterValidationObject.StatusCodeId == ConstEnum.UserStatus.Inactive)
{
string sErrMessage = Common.Common.getResourceForGivenCompany("usr_msg_11274", objLoginUserDetails.CompanyName);
if (sErrMessage == null || sErrMessage == "")
{
sErrMessage = "Your account has been inactivated. Please contact the Administrator.";
}
objLoginUserDetails = new LoginUserDetails();
objLoginUserDetails.AuthorisedActionId = lstAuthorisedActionId;
objLoginUserDetails.AuthorizedActions = lstAuthorizationActionLinks;
objLoginUserDetails.ErrorMessage = sErrMessage;
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
else
{
if (callForTwoFactor != "1")
{
string UsrCaptchaText = filterContext.HttpContext.Session["UserCaptchaText"].ToString();
if (ActualText == string.Empty || ActualText == UsrCaptchaText)
{
LoginUser(filterContext);
}
else
{
DeleteCaptcha(filterContext);
CaptchaValidation(filterContext);
}
}
}
}
}
}
if (objLoginUserDetails.IsAccountValidated && !checkActionAuthorization(filterContext, objLoginUserDetails))
{
//If the request is from the Renderaction call and there is unauthorised access then dont redirect the request.
if (filterContext.HttpContext.PreviousHandler != null && filterContext.HttpContext.PreviousHandler is MvcHandler)
{
}
else
{
// filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, { "action", "Unauthorised" } });
}
}
}
else
{
Common.Common.WriteLogToFile("User is not login ", System.Reflection.MethodBase.GetCurrentMethod());
objLoginUserDetails = new LoginUserDetails();
objLoginUserDetails.ErrorMessage = "";
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
}
catch (Exception exp)
{
using (var objPassConfigSL = new PasswordConfigSL())
{
if (objLoginUserDetails.CompanyDBConnectionString != null)
{
objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString);
int count = (Convert.ToInt16(Common.Common.GetSessionValue("LoginCount")) == 0) ? loginCount : Convert.ToInt16(Common.Common.GetSessionValue("LoginCount"));
if (count < objPasswordConfig.LoginAttempts)
{
count++;
Common.Common.SetSessionValue("LoginCount", count);
filterContext.HttpContext.Session["UserLgnCount"] = count;
if (count >= objPasswordConfig.LoginAttempts)
{
DeleteCaptcha(filterContext);
CaptchaValidation(filterContext);
}
}
else
{
DeleteCaptcha(filterContext);
CaptchaValidation(filterContext);
}
}
}
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
// string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString());
// objLoginUserDetails.ErrorMessage = sErrMessage;
string sErrMessage = "";
if (exp.InnerException != null)
{
sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objLoginUserDetails.CompanyName);
}
else
{
sErrMessage = exp.Message;
}
if (sErrMessage == null || sErrMessage == "")
{
sErrMessage = "Invalid details entered, please try again with correct details.";
}
if (Convert.ToBoolean(Common.Common.GetSessionValue("flag")) == true)
{
sErrMessage = "Your account has been locked. Please contact the Administrator.";
}
objLoginUserDetails = new LoginUserDetails();
objLoginUserDetails.ErrorMessage = sErrMessage;
objLoginUserDetails.IsAccountValidated = false;
if (exp.Message != Common.Common.getResource("com_lbl_14027"))
{
using (SessionManagement sessionManagement = new SessionManagement())
{
//sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT");
sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT");
}
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
else if (exp.Message.ToString().Equals(Common.Common.getResource("com_lbl_14027")) &&
HttpContext.Current.Request.Cookies["v_au2"] != null &&
HttpContext.Current.Request.Cookies["v_au2"].Value != "")
{
using (SessionManagement sessionManagement = new SessionManagement())
{
string decrypteddata = null;
Common.Common.dencryptData(HttpContext.Current.Request.Cookies["v_au2"].Value, out decrypteddata);
string strCookieName = (false ? string.Empty : decrypteddata + '~' + DateTime.Now.DayOfWeek.ToString().ToUpper());
UserInfoSL objUserInfoSL = new UserInfoSL();
InsiderTradingDAL.SessionDetailsDTO objSessionDetailsDTO = null;
LoginUserDetails loginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
objSessionDetailsDTO = objUserInfoSL.GetCookieStatus(loginUserDetails.CompanyDBConnectionString, loginUserDetails.LoggedInUserID, Convert.ToString(strCookieName), false, false);
if (objSessionDetailsDTO != null)
{
//sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "");
sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "");
objLoginUserDetails.ErrorMessage = string.Empty;
objLoginUserDetails.IsAccountValidated = true;
}
else
{
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
}
}
}
finally
{
filterContext.HttpContext.Session["loginStatus"] = 0;
objLoginUserDetails = null;
objAuthenticationDTO = null;
objUserAfterValidationObject = null;
lstAuthorizationActionLinks = null;
lstAuthorisedActionId = null;
lstActivityResourceMappingDTO = null;
dicActivityResourceMappingDTO = null;
objUserAunthentication = null;
}
Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
base.OnActionExecuting(filterContext);
}