Esempio n. 1
0
        public ActionResult EditAnExistingUser(string id)
        {
            EditUser UserToBeEdited = new EditUser();

            try
            {
                if (id != null)
                {
                    var presentUserToBeEdited = from usertable in database.DX_USER where usertable.userid == id select usertable;
                    if (presentUserToBeEdited != null && presentUserToBeEdited.ToList().Count() == 1)
                    {
                        DX_USER user = (DX_USER)presentUserToBeEdited.ToList().First();



                        UserToBeEdited.FirstName = user.fname;
                        UserToBeEdited.LastName  = user.lname;
                        UserToBeEdited.Email     = user.userid;
                        UserToBeEdited.Position  = user.role;
                        List <int> depts = DbCommonQueries.getDepartmentIds(user.userid, database);
                        UserToBeEdited.Department  = depts;
                        UserToBeEdited.AccessLevel = user.accesslevel;
                    }
                }


                populateDepartmenetsList();
            }
            catch
            {
                ModelState.AddModelError("", "Error occured while editing existing user");
            }
            return(View(UserToBeEdited));
        }
Esempio n. 2
0
        public ActionResult LogOnAsGuestUser(string returnUrl)
        {
            LogOnModel model = new LogOnModel();

            model.UserName = "******";
            model.Password = "******";

            try
            {
                if (ModelState.IsValid)
                {
                    var allusers = from usertabel in database.DX_USER where usertabel.userid == model.UserName select usertabel;
                    if (allusers != null && allusers.ToList().Count == 1)
                    {
                        var UserRecord = allusers.First();
                        if (UserRecord.pwdhash.Equals(generateHash(UserRecord.salt, model.Password)))
                        {
                            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

                            //Set userid in session
                            SessionKeyMgmt.UserId = model.UserName;

                            //Get the department
                            SessionKeyMgmt.UserDept = DbCommonQueries.getDepartmentName(model.UserName, database);

                            //Security checkpoint for preventing open redirect attack
                            if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
                                !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                            {
                                return(Redirect(returnUrl));
                            }
                            else
                            {
                                return(RedirectToAction("RespectiveHome"));
                            }
                        }
                        else
                        {
                            ModelState.AddModelError("", "password provided is incorrect.");
                        }
                    }
                    else
                    {
                        ModelState.AddModelError("", "Email id incorrect please try again!");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "Email id and password provided is incorrect.");
                }
                // If we got this far, something failed, redisplay form
            }
            catch (Exception)
            {
                ModelState.AddModelError("", "Can not process request, please try after some time!");
            }
            return(View(model));
        }
Esempio n. 3
0
        public ActionResult Index()
        {
            List <UserNeedingApproval> AllUsersNeedingApproval = new List <UserNeedingApproval>();

            try
            {
                if (ModelState.IsValid)
                {
                    var allTempUsers = from usertable in database.DX_USER where usertable.accesslevel.Equals(Constants.TEMP_USER_ACCESS) select usertable;

                    if (allTempUsers != null && allTempUsers.ToList().Count >= 1)
                    {
                        List <DX_USER> users = (List <DX_USER>)allTempUsers.ToList();


                        foreach (DX_USER tempuser in users)
                        {
                            UserNeedingApproval tempUserNeedingApproval = new UserNeedingApproval();

                            tempUserNeedingApproval.Email    = tempuser.userid;
                            tempUserNeedingApproval.Name     = tempuser.fname + " " + tempuser.lname;
                            tempUserNeedingApproval.Position = tempuser.role;
                            List <string> depts      = DbCommonQueries.getDepartmentName(tempuser.userid, database);
                            string        department = "";
                            foreach (string dept in depts)
                            {
                                department = department + dept + ", ";
                            }
                            ;
                            tempUserNeedingApproval.Department   = department;
                            tempUserNeedingApproval.creationDate = new DateTime();
                            AllUsersNeedingApproval.Add(tempUserNeedingApproval);
                        }
                    }
                }
            }
            catch { ModelState.AddModelError("", "Error occured while populating all user requests"); }
            return(View(AllUsersNeedingApproval));
        }
Esempio n. 4
0
        public ActionResult AllExistingUsers()
        {
            List <ExistingUsers> CurrentUsers = new List <ExistingUsers>();

            try
            {
                if (ModelState.IsValid)
                {
                    var allUsersNeeded = from usertable in database.DX_USER where usertable.accesslevel != Constants.TEMP_USER_ACCESS && usertable.accesslevel != Constants.ADMIN_USER_ACCESS && usertable.accesslevel != Constants.ADMINLESS_USER_ACCESS select usertable;

                    if (allUsersNeeded != null && allUsersNeeded.ToList().Count >= 1)
                    {
                        List <DX_USER> users = (List <DX_USER>)allUsersNeeded.ToList();

                        foreach (DX_USER presentuser in users)
                        {
                            ExistingUsers CurrentExistingUser = new ExistingUsers();
                            CurrentExistingUser.Email       = presentuser.userid;
                            CurrentExistingUser.Name        = presentuser.fname + " " + presentuser.lname;
                            CurrentExistingUser.Position    = presentuser.role;
                            CurrentExistingUser.accessLevel = presentuser.accesslevel;
                            List <string> depts      = DbCommonQueries.getDepartmentName(presentuser.userid, database);
                            string        department = "";
                            foreach (string dept in depts)
                            {
                                department = department + dept + ", ";
                            }
                            ;
                            CurrentExistingUser.Department   = department;
                            CurrentExistingUser.creationDate = new DateTime();
                            CurrentUsers.Add(CurrentExistingUser);
                        }
                    }
                }
            }
            catch { ModelState.AddModelError("", "Error occured while populating existing users"); }
            return(View(CurrentUsers));
        }
Esempio n. 5
0
        public ActionResult LogOn(LogOnModel model, string returnUrl)
        {
            try
            {
                //Login attempts
                if (SessionKeyMgmt.LoginAttempts == 0)
                {
                    SessionKeyMgmt.LoginAttempts = 1;
                }
                else
                {
                    int count = SessionKeyMgmt.LoginAttempts;
                    count++;
                    SessionKeyMgmt.LoginAttempts = count;

                    if (model.Captcha != null)
                    {
                        if (verifyCaptcha() == false)
                        {
                            ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
                            return(View(model));
                        }
                        ViewBag.CaptchaGuid = Guid.NewGuid().ToString("N");
                    }
                }

                if (model.Captcha == null)
                {
                    model.Captcha = "";
                }
                //Login attempts end

                if (logonValidations(model) == false)
                {
                    return(View(model));
                }

                if (ModelState.IsValid)
                {
                    var allusers = from usertabel in database.DX_USER where usertabel.userid == model.UserName select usertabel;
                    if (allusers != null && allusers.ToList().Count == 1)
                    {
                        var UserRecord = allusers.First();
                        if (UserRecord.pwdhash.Equals(generateHash(UserRecord.salt, model.Password)))
                        {
                            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

                            //Set userid in session
                            SessionKeyMgmt.UserId = model.UserName;

                            //Get the department
                            SessionKeyMgmt.UserDept = DbCommonQueries.getDepartmentName(model.UserName, database);

                            SessionKeyMgmt.LoginAttempts = 0;

                            //  Roles.DeleteCookie();

                            //Security checkpoint for preventing open redirect attack
                            if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
                                !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                            {
                                return(Redirect(returnUrl));
                            }
                            else
                            {
                                return(RedirectToAction("RespectiveHome"));
                            }
                        }
                        else
                        {
                            ModelState.AddModelError("", "Email-id or password provided is incorrect please try again!!");
                        }
                    }
                    else
                    {
                        ModelState.AddModelError("", "Email-id or password incorrect please try agian!!");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "This is invalid request. Please provide email and passwod");
                }
                // If we got this far, something failed, redisplay form
            }
            catch (Exception)
            {
                ModelState.AddModelError("", "Can not process request, please try after some time!");
            }
            return(View(model));
        }