//**************************************
// URL: /Account/LogOn
// will return this view if invalid user, will login and go to home if valid user
// **************************************
public ActionResult LogOn()
{
//Check A Parameter
string a = this.HttpContext.Request.QueryString["a"];
if (string.IsNullOrEmpty(a))
{
//No A Parameter
string errorMessage = "No A Parameter detected - user not authorised";
logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false);
return(View());
}
try
{
string decodedURL = CWTAuthenticationHelper.Decrypt(a);
if (!string.IsNullOrEmpty(decodedURL))
{
//Split Parameters and put into NameValueCollection for easy access
string[] urlParameters = urlParameters = decodedURL.Split(';');
NameValueCollection qsValues = new NameValueCollection();
string[] nameAndValue;
foreach (string parameter in urlParameters)
{
if (parameter != "")
{
nameAndValue = parameter.Split(new char[] { '=' });
qsValues.Add(nameAndValue[0], nameAndValue[1]);
}
}
//Process User Id
if (qsValues["cwt_user_OID"] == null || string.IsNullOrEmpty(qsValues["cwt_user_OID"]))
{
string errorMessage = "(Err 0002) Failed Login Attempt - UID Parameter Missing";
logRepository.LogError(errorMessage);
logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false);
return(View());
}
;
//Process Timestamp
if (qsValues["timestamp"] == null || string.IsNullOrEmpty(qsValues["timestamp"]))
{
string errorMessage = "(Err 0004) Failed Login Attempt - Timestamp Parameter Missing";
logRepository.LogError(errorMessage);
logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false);
return(View());
}
;
//Check URL timestamp
long urlTimeStamp = Int64.Parse(qsValues["timestamp"]);
//Get current timestamp (based on UTC time)
DateTime times = new DateTime();
DateTime date1970 = new DateTime(1970, 1, 1);
times = DateTime.Now.ToUniversalTime(); //change Server time to UTC time
TimeSpan t = new TimeSpan();
t = times - date1970;
TimeZone localTimeZone = TimeZone.CurrentTimeZone;
long currentTimeStamp = new long();
currentTimeStamp = System.Convert.ToInt64(t.TotalMilliseconds - (60000 * ((localTimeZone.GetUtcOffset(times).Hours * 60) + (localTimeZone.GetUtcOffset(times).Minutes))));
//Check if more than 60 seconds since Login URL created
if ((Math.Abs(currentTimeStamp - urlTimeStamp) > 60000))
{
string errorMessage = "(Err 0005) Failed Login Attempt - Out Of Range TimeStamp, currentTimeStamp=" + currentTimeStamp.ToString() + ", urlTimeStamp=" + urlTimeStamp.ToString();
logRepository.LogError(errorMessage);
logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false);
return(View());
}
//Try login user
AccountRepository accountRepository = new AccountRepository();
SystemUser systemUser = accountRepository.GetUserBySystemUserGuid(qsValues["cwt_user_OID"]);
if (systemUser == null)
{
logRepository.LogError("(Err 0006) Failed Login Attempt - No Such User(" + qsValues["cwt_user_OID"].ToString() + ")");
logRepository.LogApplicationUsage(16, "", "", "No Such User(" + qsValues["cwt_user_OID"].ToString() + ")", "", null, false);
return(View());
}
//SUCCESSFUL LOGIN
//Store userdata in cookie for Forms Authentication
accountRepository.persistUser(systemUser.SystemUserGuid, ConfigurationManager.AppSettings["DefaultConnectionStringName"]);
//Log
logRepository.LogApplicationUsageFirstLogin(7, "", "", "", "", null, true, systemUser.SystemUserGuid);
//Update login TimeStamp
SystemUserRepository systemUserRepository = new SystemUserRepository();
systemUserRepository.UpdateSystemUserLastLoginTimestamp(qsValues["cwt_user_OID"]);
//go to Home Page
return(RedirectToAction("Index", "Home"));
}
}
catch (Exception ex)
{
//Other error
string errorMessage = "(Err 0007) Failed Login Attempt - " + ex.Message.ToString();
logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false);
logRepository.LogError(errorMessage);
}
return(View());
}
