public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var allusers = from usertabel in database.dx_user where usertabel.userid == model.UserName select usertabel;
if (allusers.ToList().Count == 1)
{
var UserRecord = allusers.First();
if (UserRecord.pwdhash.Equals(generateHash(UserRecord.psalt, model.Password)))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
//
// POST: /Account/LogOn
private bool logonValidations(LogOnModel model)
{
if (!Regex.IsMatch(model.UserName, @"^([\w\.\-]+)@([\w\-]+)((\.(\w){2,3})+)$"))
{
ModelState.AddModelError("", "Email-id or password incorrect please try agian!!.");
return false;
}
if (!Regex.IsMatch(model.Password, @"^.*(?=.{10,18})(?=.*\d)(?=.*[A-Za-z])(?=.*[@%&#]{0,}).*$"))
{
ModelState.AddModelError("", "Email-id or password incorrect please try agian!!.");
return false;
}
return true;
}
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
try
{
//Login attempts
if (SessionKeyMgmt.LoginAttempts == 0)
{
SessionKeyMgmt.LoginAttempts = 1;
}
else
{
int count = SessionKeyMgmt.LoginAttempts;
count++;
SessionKeyMgmt.LoginAttempts = count;
if (model.Captcha != null)
{
if (verifyCaptcha() == false)
{
ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
return View(model);
}
ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
}
}
if (model.Captcha == null)
{
model.Captcha = "";
}
//Login attempts end
if (logonValidations(model) == false)
{
return View(model);
}
if (ModelState.IsValid)
{
var allusers = from usertabel in database.DX_USER where usertabel.userid == model.UserName select usertabel;
if (allusers != null && allusers.ToList().Count == 1)
{
var UserRecord = allusers.First();
if (UserRecord.pwdhash.Equals(generateHash(UserRecord.salt, model.Password)))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
//Set userid in session
SessionKeyMgmt.UserId = model.UserName;
//Get the department
SessionKeyMgmt.UserDept = DbCommonQueries.getDepartmentName(model.UserName, database);
SessionKeyMgmt.LoginAttempts = 0;
// Roles.DeleteCookie();
//Security checkpoint for preventing open redirect attack
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("RespectiveHome");
}
}
else
{
ModelState.AddModelError("", "Email-id or password provided is incorrect please try again!!");
}
}
else
{
ModelState.AddModelError("", "Email-id or password incorrect please try agian!!");
}
}
else
{
ModelState.AddModelError("", "This is invalid request. Please provide email and passwod");
}
// If we got this far, something failed, redisplay form
}
catch (Exception)
{
ModelState.AddModelError("", "Can not process request, please try after some time!");
}
return View(model);
}
public ActionResult LogOnAsGuestUser(string returnUrl)
{
LogOnModel model = new LogOnModel();
model.UserName = "******";
model.Password = "******";
try
{
if (ModelState.IsValid)
{
var allusers = from usertabel in database.DX_USER where usertabel.userid == model.UserName select usertabel;
if (allusers != null && allusers.ToList().Count == 1)
{
var UserRecord = allusers.First();
if (UserRecord.pwdhash.Equals(generateHash(UserRecord.salt, model.Password)))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
//Set userid in session
SessionKeyMgmt.UserId = model.UserName;
//Get the department
SessionKeyMgmt.UserDept = DbCommonQueries.getDepartmentName(model.UserName, database);
//Security checkpoint for preventing open redirect attack
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("RespectiveHome");
}
}
else
{
ModelState.AddModelError("", "password provided is incorrect.");
}
}
else
{
ModelState.AddModelError("", "Email id incorrect please try again!");
}
}
else
{
ModelState.AddModelError("", "Email id and password provided is incorrect.");
}
// If we got this far, something failed, redisplay form
}
catch (Exception)
{
ModelState.AddModelError("", "Can not process request, please try after some time!");
}
return View(model);
}
public ActionResult LogOn()
{
ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
LogOnModel model = new LogOnModel();
return View(model);
}
