/// <summary> /// This function will be used for creating the encrypted url to be used for change/forgot password to be used by user. /// </summary> /// <param name="i_sSelectedcompanyConnectionString"></param> /// <param name="i_nLoginId"></param> /// <param name="i_sCompanyId"></param> /// <returns></returns> public static bool CreateForgetPasswordHashLink(string i_sSelectedcompanyConnectionString, string i_sLoginName, string i_sUserEmailId, string i_sCompanyId, string i_sSaltValue) { PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO(); UserInfoSL objUserInfoSL = new UserInfoSL(); bool bReturn = false; InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity(); string sHashCode = ""; try { sHashCode = objPwdHash.CreateHash(i_sLoginName.ToString() + i_sCompanyId, i_sSaltValue); objPwdMgmtDTO.CompanyID = i_sCompanyId; objPwdMgmtDTO.LoginID = i_sLoginName; objPwdMgmtDTO.EmailID = i_sUserEmailId; objPwdMgmtDTO.HashValue = sHashCode; objPwdMgmtDTO = objUserInfoSL.ForgetPassword(i_sSelectedcompanyConnectionString, objPwdMgmtDTO); bReturn = true; } catch (Exception exp) { } return(bReturn); }
/// <summary> /// /// </summary> /// <param name="i_sConnectionString"></param> /// <param name="i_objUserInfoDTO"></param> /// <returns></returns> public PasswordManagementDTO GetUserFromHashCode(string i_sConnectionString, string i_sHashCode) { PasswordManagementDTO res = null; try { using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL()) { res = objUserInfoDAL.GetUserFromHashCode(i_sConnectionString, i_sHashCode); } } catch (Exception exp) { throw exp; } return(res); }
/// <summary> /// /// </summary> /// <param name="i_sConnectionString"></param> /// <param name="i_objUserInfoDTO"></param> /// <returns></returns> public PasswordManagementDTO ForgetPassword(string i_sConnectionString, PasswordManagementDTO i_objPwdMgmtDTO) { PasswordManagementDTO res = null; try { //InsiderTradingDAL.UserInfoDAL objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL(); using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL()) { res = objUserInfoDAL.ForgetPassword(i_sConnectionString, i_objPwdMgmtDTO); } } catch (Exception exp) { throw exp; } return(res); }
/// <summary> /// /// </summary> /// <param name="i_sConnectionString"></param> /// <param name="i_objUserInfoDTO"></param> /// <returns></returns> public bool ChangePassword(string i_sConnectionString, ref PasswordManagementDTO i_objPwdMgmtDTO) { bool bReturn = false; try { //InsiderTradingDAL.UserInfoDAL objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL(); using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL()) { bReturn = objUserInfoDAL.ChangePassword(i_sConnectionString, ref i_objPwdMgmtDTO); } } catch (Exception exp) { throw exp; } return(bReturn); }
public ActionResult SetPassword(PasswordManagementModel objPwdMgmtModel) { bool bErrorOccurred = false; string i_ErrorMessage = ""; string NewPassword = null; InsiderTradingDAL.CompanyDTO objSelectedCompany = new CompanyDTO(); UserInfoDTO objUserInfoDTO = new UserInfoDTO(); LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); try { if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } if (objPwdMgmtModel.CompanyID == null || objPwdMgmtModel.CompanyID == "") { i_ErrorMessage = "Company is required field."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "") { i_ErrorMessage = "Please enter new password and confirm password."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword) { i_ErrorMessage = "New password and Confirm password are not matching."; bErrorOccurred = true; } if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox") { Dictionary <string, string> objCompaniesDictionary = null; objCompaniesDictionary = new Dictionary <string, string>(); using (CompaniesSL objCompanySL = new CompaniesSL()) { foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString())) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower()); } } if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower())) { objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower() select entry.Key).FirstOrDefault(); } else { objLoginUserDetails.ErrorMessage = "Invalid Company Name"; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue })); } } //hashed password to check password history InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity(); string saltValue = string.Empty; if (objPwdMgmtModel.NewPassword != null) { //NewPassword = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword); string sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword); NewPassword = sPasswordHashWithSalt.Split('~')[0].ToString(); saltValue = sPasswordHashWithSalt.Split('~')[1].ToString(); } using (CompaniesSL objCompanySL = new CompaniesSL()) { objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID); } //Check if the new password follows Password policy if (!bErrorOccurred) { Common.Common objCommon = new Common.Common(); PasswordManagementDTO objPasswordManagementUserFromHashCodeDTO = new PasswordManagementDTO(); using (UserInfoSL objUserInfoSL = new UserInfoSL()) { objPasswordManagementUserFromHashCodeDTO = objUserInfoSL.GetUserFromHashCode(objSelectedCompany.CompanyConnectionString, objPwdMgmtModel.HashValue); objUserInfoDTO = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPasswordManagementUserFromHashCodeDTO.UserInfoID); } bool isPasswordValid = objCommon.ValidatePassword(objSelectedCompany.CompanyConnectionString, objUserInfoDTO.LoginID, objPwdMgmtModel.NewPassword, NewPassword, objUserInfoDTO.UserInfoId, out i_ErrorMessage); if (!isPasswordValid) { bErrorOccurred = true; } } if (bErrorOccurred) { //ModelState.AddModelError("Error", i_ErrorMessage); if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } objLoginUserDetails.ErrorMessage = i_ErrorMessage; objLoginUserDetails.CompanyName = objPwdMgmtModel.CompanyID; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); PasswordConfigSL objPassConfigSL = new PasswordConfigSL(); PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO(); objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString); PasswordConfigModel objPassConfigModel = new PasswordConfigModel(); InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel); TempData["PasswordConfigModel"] = objPassConfigModel; return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue })); //return View("SetPassword", objPwdMgmtModel); } PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO(); if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } if (objSelectedCompany == null) { objLoginUserDetails.ErrorMessage = "Entered company is incorrect, please enter correct company and try again."; } else { objPwdMgmtModel.NewPassword = NewPassword; objPwdMgmtModel.ConfirmNewPassword = NewPassword; objPwdMgmtModel.SaltValue = saltValue; InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO); using (UserInfoSL objUserInfoSL = new UserInfoSL()) { objPwdMgmtDTO.UserInfoID = objUserInfoDTO.UserInfoId; objUserInfoSL.ChangePassword(objSelectedCompany.CompanyConnectionString, ref objPwdMgmtDTO); } //InsiderTradingDAL.UserInfoDTO objUserInfo = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO.UserInfoID); objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11271", objSelectedCompany.sCompanyDatabaseName); } Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("Login", "Account")); //return RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) }); } catch (Exception exp) { string sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objSelectedCompany.sCompanyDatabaseName); if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } objLoginUserDetails.ErrorMessage = sErrMessage; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("Login", "Account")); //ModelState.AddModelError("Error", sErrMessage); //return View("SetPassword", objPwdMgmtModel); } finally { objLoginUserDetails = null; } }
public ActionResult ForgetPassword(PasswordManagementModel objPwdMgmtModel) { ModelState.Remove("KEY"); ModelState.Add("KEY", new ModelState()); ModelState.Clear(); Session["UserCaptchaTextForgotPwd"] = (objPwdMgmtModel.sCaptchaText == null) ? string.Empty : objPwdMgmtModel.sCaptchaText; LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); try { if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO(); UserInfoSL objUserInfoSL = new UserInfoSL(); CompaniesSL objCompanySL = new CompaniesSL(); if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox") { Dictionary <string, string> objCompaniesDictionary = null; objCompaniesDictionary = new Dictionary <string, string>(); foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString())) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower()); } if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower())) { objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower() select entry.Key).FirstOrDefault(); } } InsiderTradingDAL.CompanyDTO objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID); string SaltValue = Common.ConstEnum.User_Password_Encryption_Key; InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity(); string sHashCode = objPwdHash.CreateHash(objPwdMgmtModel.LoginID.ToString() + objPwdMgmtModel.CompanyID.ToString(), SaltValue); objPwdMgmtModel.HashValue = sHashCode; var CallBackUrl = Url.Action("SetPassword", "Account", new { @code = sHashCode }); string sLoginID = string.Empty; string sEmailID = string.Empty; string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; sLoginID = DecryptStringAES(objPwdMgmtModel.LoginID, javascriptEncryptionKey, javascriptEncryptionKey); sEmailID = DecryptStringAES(objPwdMgmtModel.EmailID, javascriptEncryptionKey, javascriptEncryptionKey); if (!string.IsNullOrEmpty(sEmailID)) { string emailRegex = @"^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$"; Regex re = new Regex(emailRegex); if (!re.IsMatch(sEmailID)) { ModelState.AddModelError("EmailID", "Please provide valid Email ID"); } } objPwdMgmtModel.LoginID = sLoginID; objPwdMgmtModel.EmailID = sEmailID; InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO); objPwdMgmtDTO = objUserInfoSL.ForgetPassword(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO); if (objPwdMgmtDTO.EmailID != null) { if (objPwdMgmtModel.sCaptchaText != Session["CaptchaValueForgotPwd"].ToString()) { TempData["ShowCaptchaForgotPwd"] = true; TempData["ErrorMessageForgotPwd"] = "Please provide valid Text"; @ViewBag.ErrorMessage = "Please provide valid Text"; objLoginUserDetails.ErrorMessage = "Please provide valid Text"; return(RedirectToAction("ForgetPassword", "Account")); } Common.Common.SendMail(CallBackUrl, objPwdMgmtDTO, objSelectedCompany.sCompanyDatabaseName); } objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11270", objSelectedCompany.sCompanyDatabaseName); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("Login", "Account"));//.Success(Common.Common.getResourceForGivenCompany("usr_msg_11270", objSelectedCompany.sCompanyDatabaseName)); } catch (Exception exp) { string sErrMessage = exp.Message; if (exp.InnerException != null && exp.InnerException.Data != null && exp.InnerException.Data.Count > 0) { sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objPwdMgmtModel.CompanyID); } @ViewBag.ErrorMessage = sErrMessage; objPwdMgmtModel.LoginID = null; objPwdMgmtModel.EmailID = null; Dictionary <string, string> objCompaiesDictionary = new Dictionary <string, string>(); objCompaiesDictionary.Add("", "Select Company"); CompaniesSL objCompanySL = new CompaniesSL(); List <InsiderTradingDAL.CompanyDTO> lstCompanies = new List <InsiderTradingDAL.CompanyDTO>(); lstCompanies = objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()); foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in lstCompanies) { objCompaiesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName); } ViewBag.CompaniesDropDown = objCompaiesDictionary; objLoginUserDetails.ErrorMessage = sErrMessage; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("ForgetPassword", "Account")); } }
public ActionResult ChangePassword(int formId, int acid, PasswordManagementModel objPwdMgmtModel) { bool bErrorOccurred = false; string i_ErrorMessage = ""; LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO(); PasswordConfigModel objPassConfigModel = new PasswordConfigModel(); UserInfoSL objUserInfoSL = new UserInfoSL(); UserPolicyDocumentEventLogDTO objChangePasswordEventLogDTO = null; PasswordExpiryReminderDTO objPassExpiryReminderDTO = null; InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity(); try { DataSecurity objDataSecurity = new DataSecurity(); string sOldPassword = string.Empty; string sNewPassword = string.Empty; string sConfirmNewPassword = string.Empty; string sPasswordHash = string.Empty; string sPasswordHashWithSalt = string.Empty; string sSaltValue = string.Empty; string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key; if (objPwdMgmtModel.OldPassword == null || objPwdMgmtModel.OldPassword == "" || objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "") { i_ErrorMessage = "All fields are required fields."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "") { i_ErrorMessage = "Please enter new password and confirm new password."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword) { i_ErrorMessage = "New password and Confirm password are not matching."; bErrorOccurred = true; } else if (objPwdMgmtModel.OldPassword == objPwdMgmtModel.NewPassword) { i_ErrorMessage = "New password should not be same as old password."; bErrorOccurred = true; } else if (!string.IsNullOrEmpty(objPwdMgmtModel.OldPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.NewPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.ConfirmNewPassword)) { sOldPassword = DecryptStringAES(objPwdMgmtModel.OldPassword, javascriptEncryptionKey, javascriptEncryptionKey); sNewPassword = DecryptStringAES(objPwdMgmtModel.NewPassword, javascriptEncryptionKey, javascriptEncryptionKey); sConfirmNewPassword = DecryptStringAES(objPwdMgmtModel.ConfirmNewPassword, javascriptEncryptionKey, javascriptEncryptionKey); sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(sNewPassword); sPasswordHash = sPasswordHashWithSalt.Split('~')[0].ToString(); sSaltValue = sPasswordHashWithSalt.Split('~')[1].ToString(); } //Check if the new password follows Password policy if (!bErrorOccurred) { Common.Common objCommon = new Common.Common(); bool isPasswordValid = objCommon.ValidatePassword(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName, sNewPassword, sPasswordHash, objLoginUserDetails.LoggedInUserID, out i_ErrorMessage); if (!isPasswordValid) { bErrorOccurred = true; } } if (bErrorOccurred) { ViewBag.LoginError = i_ErrorMessage; return(View("ChangePassword")); } objPwdMgmtModel.UserInfoID = objLoginUserDetails.LoggedInUserID; string saltValue = string.Empty; string calledFrom = "ChangPwd"; using (UserInfoSL ObjUserInfoSL = new UserInfoSL()) { List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objLoginUserDetails.CompanyDBConnectionString, Convert.ToString(objLoginUserDetails.LoggedInUserID), calledFrom); foreach (var UserDetails in lstUserDetails) { saltValue = UserDetails.SaltValue; } } string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue; if (saltValue != null && saltValue != "") { objPwdMgmtModel.OldPassword = objPwdHash.CreateHashToVerify(sOldPassword, usrSaltValue); } else { objPwdMgmtModel.OldPassword = objPwdHash.CreateHash(sOldPassword, usrSaltValue); } objPwdMgmtModel.NewPassword = sPasswordHash; objPwdMgmtModel.ConfirmNewPassword = sPasswordHash; objPwdMgmtModel.SaltValue = sSaltValue; InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO); objUserInfoSL.ChangePassword(objLoginUserDetails.CompanyDBConnectionString, ref objPwdMgmtDTO); objLoginUserDetails.PasswordChangeMessage = Common.Common.getResource("usr_msg_11271"); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.SetSessionValue("IsChangePassword", false); } catch (Exception exp) { string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString()); ViewBag.LoginError = sErrMessage; objPassConfigModel = GetPasswordConfigDetails(); return(View("ChangePassword")); } finally { objLoginUserDetails = null; objPwdMgmtDTO = null; objUserInfoSL = null; objPwdHash = null; } return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) })); }