protected override bool IsAuthorized(HttpActionContext actionContext) { if (!base.IsAuthorized(actionContext)) { return false; } var userId = actionContext.RequestContext.Principal.Identity.GetUserId(); if (userId == null) { return false; } var httpContext = HttpContext.Current; if (httpContext.Session == null) { return false; } if (httpContext.Session[SessionIdKey] == null) { httpContext.Session[SessionIdKey] = httpContext.Session.SessionID; } var sessionId = httpContext.Session[SessionIdKey].ToString(); var loginService = new LoginInfoDataService(); var checkIfLoginIsValid = loginService.CurrentLoginIsValid(userId, sessionId); if (checkIfLoginIsValid.IsFatalFailure()) { return false; } var loginIsValid = checkIfLoginIsValid.Data; return loginIsValid; }
//Todo: Verify errors are acceptable to display to user //Todo: Validate or improve error messages public async Task<ActionResult> Login(LoginViewModel model) { if (!ModelState.IsValid) { return View(model); } var appUserService = new ApplicationUserDataService(); var userResult = await appUserService.GetByUserNameAsync(model.UserName); if (!userResult.IsSuccessful) { ModelState.AddModelError("", "An error occurred with the login username/password"); return View(model); } var user = userResult.Data; Session[SessionIdKey] = Session.SessionID; var sessionId = Session[SessionIdKey].ToString(); var loginInfoService = new LoginInfoDataService(); var checkIfLoggedInElsewhereResult = loginInfoService.IsUserLoggedInElsewhere(user.Id, sessionId); if (!checkIfLoggedInElsewhereResult.IsSuccessful) { ModelState.AddModelError("LoggedInElsewhere","An error occurred while verifying that the user is not logged in elsewhere."); return View(ModelState); } var userIsLoggedInElsewhere = checkIfLoggedInElsewhereResult.Data; if (userIsLoggedInElsewhere) { var logoutUserElsewhereResult = loginInfoService.LogOutUserElsewhere(user.Id); if (!logoutUserElsewhereResult.IsSuccessful) { ModelState.AddModelError("", "An error occurred logged out of your previous session"); return View(model); } } var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false); switch (result) { case SignInStatus.Success: return RedirectToAction("Index", "AngularAccess"); case SignInStatus.Failure: default:ModelState.AddModelError("", "Invalid login attempt."); return View(model); } }