private void AuditLogin(string username, string ipAddress, bool isValidLogin) { CPDatabase database = null; try { database = new CPDatabase(); // Audit login AuditLogin audit = new AuditLogin(); audit.IPAddress = ipAddress; audit.Username = username; audit.LoginStatus = isValidLogin; audit.AuditTimeStamp = DateTime.Now; database.AuditLogins.Add(audit); database.SaveChanges(); this.logger.Debug(username + "attempted to login to CloudPanel. Is valid login? " + isValidLogin.ToString()); } catch (Exception ex) { this.logger.Error("Error adding entry to the login audit table.", ex); throw; } finally { if (database != null) { database.Dispose(); } } }
private void AuditLogin(ref AuditLogin data) { var repo = new AuditLoginRepository(_uow); try { var UserID = data.UserID; var currentData = repo.ReadByLambda(x => x.UserID == UserID & x.IsActive).FirstOrDefault(); if (currentData != null) { data = currentData; data.UserKey = Guid.NewGuid().ToString(); data.LoginDate = DateTime.Now; data.IPAddress = data.IPAddress; data.ModifiedBy = data.UserID; data.ModifiedDate = DateTime.Now; _uow.BeginTransaction(); repo.Update(data); _uow.CommitTransaction(); } else { data.LogID = Helper.GeneratedID(Convert.ToInt32(_uow.GetAppSettings("LengthRandomString")), data.UserID); data.UserKey = Guid.NewGuid().ToString(); data.IsActive = true; data.CreatedBy = data.UserID; data.CreatedDate = DateTime.Now; data.LoginDate = DateTime.Now; _uow.BeginTransaction(); repo.Insert(data); _uow.CommitTransaction(); } } catch (Exception ex) { _uow.RollbackTransaction(); throw; } finally { _uow.Dispose(); } }
public void OnActionExecuting(ActionExecutingContext context) { var response = new ApiResponseModel(); var validations = new List <Validation>(); var AuthToken = (context.HttpContext.Request.Headers.TryGetValue("AuthToken", out var authorizationToken)) ? authorizationToken.ToString() : string.Empty; var ip = context.HttpContext.Connection.RemoteIpAddress; var auditLoginRepo = new AuditLoginRepository(_uow); var currentData = new AuditLogin(); try { if (string.IsNullOrEmpty(AuthToken)) { validations.Add(new Validation() { Key = "Token", Value = "Please send your Token to Access this resource" }); } else { var val = AuthToken.Split("."); if (val.Length != int.Parse(_uow.GetAppSettings("SecuredTokenLength"))) { validations.Add(new Validation() { Key = "Token", Value = "Incorrect Token Format" }); } else { var UserClaim = Helper.Decrypt(val[0], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize"))); var UserToken = Helper.Decrypt(val[1], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize"))); var IpAddress = Helper.Decrypt(val[2], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize")));; var ExecutedDate = Helper.Decrypt(val[3], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize")));; UserClaim UserClaimResult = Helper.JSONDeserialize <UserClaim>(UserClaim); _uow.OpenConnection("dbConnection"); currentData = auditLoginRepo.ReadByLambda(x => x.UserID == UserClaimResult.UserID).FirstOrDefault(); if (currentData == null) { validations.Add(new Validation() { Key = "User", Value = "We couldnt find your user id" }); } else { if (currentData.UserKey != UserToken) { validations.Add(new Validation() { Key = "User", Value = "Incorrect User Token" }); } else { if (currentData.IPAddress != IpAddress) { validations.Add(new Validation() { Key = "User", Value = "Oooppsss another user use your user id" }); } else { if (currentData.IPAddress != ip.ToString()) { validations.Add(new Validation() { Key = "User", Value = "Oooppsss there is someone on middle" }); } else { ////7GgDQjrzTdLDVkw/2q6U3xYt3Kk7pKtWp1WHyMHhE3s= --> 2020-05-22 13:35:53 var date = DateTime.Parse(ExecutedDate); } } } } } } response.Validations = validations; if (response.Validations.Count > 0) { context.HttpContext.Response.StatusCode = (int)ResponseMessageEnum.UnAuthorized; context.Result = ApiHelper.Response(ResponseMessageEnum.UnAuthorized, response); } } catch { context.Result = ApiHelper.Response(ResponseMessageEnum.InternalServerError, response); } }
public ApiResponseModel Login(MasterUser data, string ipAddress) { var response = new ApiResponseModel(); var validations = new List <Validation>(); _uow.OpenConnection(base.SQLDBConn); var SaltFixed = _uow.GetAppSettings("SaltFixed"); var passPhrase = _uow.GetAppSettings("passPhrase"); var hashAlgorithm = _uow.GetAppSettings("hashAlgorithm"); var passwordIterations = _uow.GetAppSettings("passwordIterations"); var initVector = _uow.GetAppSettings("initVector"); var keySize = _uow.GetAppSettings("keySize"); MasterUser currentData = new MasterUser(); var UserRepository = new MasterUserRepository(_uow); var dataAudit = new AuditLogin(); var AuthToken = string.Empty; var UserKey = string.Empty; var Ip = string.Empty; var UserClaimResult = string.Empty; try { currentData = UserRepository.GetSingleData(data); if (currentData == null) { validations.Add(new Validation() { Key = "Username", Value = "We could not find your username, make sure you input the right username" }); } else { data.Password = Helper.HashWithSalt(data.Password, currentData.PasswordSalt, SHA384.Create()); if (data.Password != currentData.Password) { validations.Add(new Validation() { Key = "Password", Value = "Password is incorrect" }); } else { dataAudit.UserID = currentData.UserID; dataAudit.IPAddress = ipAddress; AuditLogin(ref dataAudit); var userClaim = GetUserClaim(data); var obj = new UserClaim { UserID = dataAudit.UserID, UserEmail = userClaim.Email, UserName = userClaim.UserName, UserFullName = userClaim.FullName }; UserClaimResult = Helper.Encrypt(Helper.JSONSerialize(obj), passPhrase, SaltFixed, hashAlgorithm, int.Parse(passwordIterations), initVector, int.Parse(keySize)); UserKey = Helper.Encrypt(dataAudit.UserKey, passPhrase, SaltFixed, hashAlgorithm, int.Parse(passwordIterations), initVector, int.Parse(keySize)); Ip = Helper.Encrypt(ipAddress, passPhrase, SaltFixed, hashAlgorithm, int.Parse(passwordIterations), initVector, int.Parse(keySize)); AuthToken = UserClaimResult + "." + UserKey + "." + Ip; response.Result = new { AuthToken = AuthToken }; } } response.Validations = validations; return(response); } catch { throw; } finally { _uow.Dispose(); } }