/// <summary>
/// This function will be used for creating the encrypted url to be used for change/forgot password to be used by user.
/// </summary>
/// <param name="i_sSelectedcompanyConnectionString"></param>
/// <param name="i_nLoginId"></param>
/// <param name="i_sCompanyId"></param>
/// <returns></returns>
public static bool CreateForgetPasswordHashLink(string i_sSelectedcompanyConnectionString, string i_sLoginName, string i_sUserEmailId, string i_sCompanyId, string i_sSaltValue)
{
PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();
UserInfoSL objUserInfoSL = new UserInfoSL();
bool bReturn = false;
InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
string sHashCode = "";
try
{
sHashCode = objPwdHash.CreateHash(i_sLoginName.ToString() + i_sCompanyId, i_sSaltValue);
objPwdMgmtDTO.CompanyID = i_sCompanyId;
objPwdMgmtDTO.LoginID = i_sLoginName;
objPwdMgmtDTO.EmailID = i_sUserEmailId;
objPwdMgmtDTO.HashValue = sHashCode;
objPwdMgmtDTO = objUserInfoSL.ForgetPassword(i_sSelectedcompanyConnectionString, objPwdMgmtDTO);
bReturn = true;
}
catch (Exception exp)
{
}
return(bReturn);
}
/// <summary>
///
/// </summary>
/// <param name="i_sConnectionString"></param>
/// <param name="i_objUserInfoDTO"></param>
/// <returns></returns>
public PasswordManagementDTO GetUserFromHashCode(string i_sConnectionString, string i_sHashCode)
{
PasswordManagementDTO res = null;
try
{
using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL())
{
res = objUserInfoDAL.GetUserFromHashCode(i_sConnectionString, i_sHashCode);
}
}
catch (Exception exp)
{
throw exp;
}
return(res);
}
/// <summary>
///
/// </summary>
/// <param name="i_sConnectionString"></param>
/// <param name="i_objUserInfoDTO"></param>
/// <returns></returns>
public PasswordManagementDTO ForgetPassword(string i_sConnectionString, PasswordManagementDTO i_objPwdMgmtDTO)
{
PasswordManagementDTO res = null;
try
{
//InsiderTradingDAL.UserInfoDAL objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL();
using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL())
{
res = objUserInfoDAL.ForgetPassword(i_sConnectionString, i_objPwdMgmtDTO);
}
}
catch (Exception exp)
{
throw exp;
}
return(res);
}
/// <summary>
///
/// </summary>
/// <param name="i_sConnectionString"></param>
/// <param name="i_objUserInfoDTO"></param>
/// <returns></returns>
public bool ChangePassword(string i_sConnectionString, ref PasswordManagementDTO i_objPwdMgmtDTO)
{
bool bReturn = false;
try
{
//InsiderTradingDAL.UserInfoDAL objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL();
using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL())
{
bReturn = objUserInfoDAL.ChangePassword(i_sConnectionString, ref i_objPwdMgmtDTO);
}
}
catch (Exception exp)
{
throw exp;
}
return(bReturn);
}
public ActionResult SetPassword(PasswordManagementModel objPwdMgmtModel)
{
bool bErrorOccurred = false;
string i_ErrorMessage = "";
string NewPassword = null;
InsiderTradingDAL.CompanyDTO objSelectedCompany = new CompanyDTO();
UserInfoDTO objUserInfoDTO = new UserInfoDTO();
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
try
{
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
if (objPwdMgmtModel.CompanyID == null || objPwdMgmtModel.CompanyID == "")
{
i_ErrorMessage = "Company is required field.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
{
i_ErrorMessage = "Please enter new password and confirm password.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
{
i_ErrorMessage = "New password and Confirm password are not matching.";
bErrorOccurred = true;
}
if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
{
Dictionary <string, string> objCompaniesDictionary = null;
objCompaniesDictionary = new Dictionary <string, string>();
using (CompaniesSL objCompanySL = new CompaniesSL())
{
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
{
objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower());
}
}
if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower()))
{
objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary
where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower()
select entry.Key).FirstOrDefault();
}
else
{
objLoginUserDetails.ErrorMessage = "Invalid Company Name";
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
}
}
//hashed password to check password history
InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
string saltValue = string.Empty;
if (objPwdMgmtModel.NewPassword != null)
{
//NewPassword = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
string sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
NewPassword = sPasswordHashWithSalt.Split('~')[0].ToString();
saltValue = sPasswordHashWithSalt.Split('~')[1].ToString();
}
using (CompaniesSL objCompanySL = new CompaniesSL())
{
objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID);
}
//Check if the new password follows Password policy
if (!bErrorOccurred)
{
Common.Common objCommon = new Common.Common();
PasswordManagementDTO objPasswordManagementUserFromHashCodeDTO = new PasswordManagementDTO();
using (UserInfoSL objUserInfoSL = new UserInfoSL())
{
objPasswordManagementUserFromHashCodeDTO = objUserInfoSL.GetUserFromHashCode(objSelectedCompany.CompanyConnectionString, objPwdMgmtModel.HashValue);
objUserInfoDTO = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPasswordManagementUserFromHashCodeDTO.UserInfoID);
}
bool isPasswordValid = objCommon.ValidatePassword(objSelectedCompany.CompanyConnectionString, objUserInfoDTO.LoginID, objPwdMgmtModel.NewPassword, NewPassword, objUserInfoDTO.UserInfoId, out i_ErrorMessage);
if (!isPasswordValid)
{
bErrorOccurred = true;
}
}
if (bErrorOccurred)
{
//ModelState.AddModelError("Error", i_ErrorMessage);
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
objLoginUserDetails.ErrorMessage = i_ErrorMessage;
objLoginUserDetails.CompanyName = objPwdMgmtModel.CompanyID;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
PasswordConfigSL objPassConfigSL = new PasswordConfigSL();
PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel);
TempData["PasswordConfigModel"] = objPassConfigModel;
return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
//return View("SetPassword", objPwdMgmtModel);
}
PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
if (objSelectedCompany == null)
{
objLoginUserDetails.ErrorMessage = "Entered company is incorrect, please enter correct company and try again.";
}
else
{
objPwdMgmtModel.NewPassword = NewPassword;
objPwdMgmtModel.ConfirmNewPassword = NewPassword;
objPwdMgmtModel.SaltValue = saltValue;
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
using (UserInfoSL objUserInfoSL = new UserInfoSL())
{
objPwdMgmtDTO.UserInfoID = objUserInfoDTO.UserInfoId;
objUserInfoSL.ChangePassword(objSelectedCompany.CompanyConnectionString, ref objPwdMgmtDTO);
}
//InsiderTradingDAL.UserInfoDTO objUserInfo = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO.UserInfoID);
objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11271", objSelectedCompany.sCompanyDatabaseName);
}
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("Login", "Account"));
//return RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) });
}
catch (Exception exp)
{
string sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objSelectedCompany.sCompanyDatabaseName);
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
objLoginUserDetails.ErrorMessage = sErrMessage;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("Login", "Account"));
//ModelState.AddModelError("Error", sErrMessage);
//return View("SetPassword", objPwdMgmtModel);
}
finally
{
objLoginUserDetails = null;
}
}
public ActionResult ForgetPassword(PasswordManagementModel objPwdMgmtModel)
{
ModelState.Remove("KEY");
ModelState.Add("KEY", new ModelState());
ModelState.Clear();
Session["UserCaptchaTextForgotPwd"] = (objPwdMgmtModel.sCaptchaText == null) ? string.Empty : objPwdMgmtModel.sCaptchaText;
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
try
{
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();
UserInfoSL objUserInfoSL = new UserInfoSL();
CompaniesSL objCompanySL = new CompaniesSL();
if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
{
Dictionary <string, string> objCompaniesDictionary = null;
objCompaniesDictionary = new Dictionary <string, string>();
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
{
objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower());
}
if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower()))
{
objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary
where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower()
select entry.Key).FirstOrDefault();
}
}
InsiderTradingDAL.CompanyDTO objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID);
string SaltValue = Common.ConstEnum.User_Password_Encryption_Key;
InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
string sHashCode = objPwdHash.CreateHash(objPwdMgmtModel.LoginID.ToString() + objPwdMgmtModel.CompanyID.ToString(), SaltValue);
objPwdMgmtModel.HashValue = sHashCode;
var CallBackUrl = Url.Action("SetPassword", "Account", new { @code = sHashCode });
string sLoginID = string.Empty;
string sEmailID = string.Empty;
string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
sLoginID = DecryptStringAES(objPwdMgmtModel.LoginID, javascriptEncryptionKey, javascriptEncryptionKey);
sEmailID = DecryptStringAES(objPwdMgmtModel.EmailID, javascriptEncryptionKey, javascriptEncryptionKey);
if (!string.IsNullOrEmpty(sEmailID))
{
string emailRegex = @"^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$";
Regex re = new Regex(emailRegex);
if (!re.IsMatch(sEmailID))
{
ModelState.AddModelError("EmailID", "Please provide valid Email ID");
}
}
objPwdMgmtModel.LoginID = sLoginID;
objPwdMgmtModel.EmailID = sEmailID;
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
objPwdMgmtDTO = objUserInfoSL.ForgetPassword(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO);
if (objPwdMgmtDTO.EmailID != null)
{
if (objPwdMgmtModel.sCaptchaText != Session["CaptchaValueForgotPwd"].ToString())
{
TempData["ShowCaptchaForgotPwd"] = true;
TempData["ErrorMessageForgotPwd"] = "Please provide valid Text";
@ViewBag.ErrorMessage = "Please provide valid Text";
objLoginUserDetails.ErrorMessage = "Please provide valid Text";
return(RedirectToAction("ForgetPassword", "Account"));
}
Common.Common.SendMail(CallBackUrl, objPwdMgmtDTO, objSelectedCompany.sCompanyDatabaseName);
}
objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11270", objSelectedCompany.sCompanyDatabaseName);
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("Login", "Account"));//.Success(Common.Common.getResourceForGivenCompany("usr_msg_11270", objSelectedCompany.sCompanyDatabaseName));
}
catch (Exception exp)
{
string sErrMessage = exp.Message;
if (exp.InnerException != null && exp.InnerException.Data != null && exp.InnerException.Data.Count > 0)
{
sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objPwdMgmtModel.CompanyID);
}
@ViewBag.ErrorMessage = sErrMessage;
objPwdMgmtModel.LoginID = null;
objPwdMgmtModel.EmailID = null;
Dictionary <string, string> objCompaiesDictionary = new Dictionary <string, string>();
objCompaiesDictionary.Add("", "Select Company");
CompaniesSL objCompanySL = new CompaniesSL();
List <InsiderTradingDAL.CompanyDTO> lstCompanies = new List <InsiderTradingDAL.CompanyDTO>();
lstCompanies = objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString());
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in lstCompanies)
{
objCompaiesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
}
ViewBag.CompaniesDropDown = objCompaiesDictionary;
objLoginUserDetails.ErrorMessage = sErrMessage;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("ForgetPassword", "Account"));
}
}
public ActionResult ChangePassword(int formId, int acid, PasswordManagementModel objPwdMgmtModel)
{
bool bErrorOccurred = false;
string i_ErrorMessage = "";
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();
PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
UserInfoSL objUserInfoSL = new UserInfoSL();
UserPolicyDocumentEventLogDTO objChangePasswordEventLogDTO = null;
PasswordExpiryReminderDTO objPassExpiryReminderDTO = null;
InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
try
{
DataSecurity objDataSecurity = new DataSecurity();
string sOldPassword = string.Empty;
string sNewPassword = string.Empty;
string sConfirmNewPassword = string.Empty;
string sPasswordHash = string.Empty;
string sPasswordHashWithSalt = string.Empty;
string sSaltValue = string.Empty;
string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key;
if (objPwdMgmtModel.OldPassword == null || objPwdMgmtModel.OldPassword == "" || objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" ||
objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
{
i_ErrorMessage = "All fields are required fields.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
{
i_ErrorMessage = "Please enter new password and confirm new password.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
{
i_ErrorMessage = "New password and Confirm password are not matching.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.OldPassword == objPwdMgmtModel.NewPassword)
{
i_ErrorMessage = "New password should not be same as old password.";
bErrorOccurred = true;
}
else if (!string.IsNullOrEmpty(objPwdMgmtModel.OldPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.NewPassword) &&
!string.IsNullOrEmpty(objPwdMgmtModel.ConfirmNewPassword))
{
sOldPassword = DecryptStringAES(objPwdMgmtModel.OldPassword, javascriptEncryptionKey, javascriptEncryptionKey);
sNewPassword = DecryptStringAES(objPwdMgmtModel.NewPassword, javascriptEncryptionKey, javascriptEncryptionKey);
sConfirmNewPassword = DecryptStringAES(objPwdMgmtModel.ConfirmNewPassword, javascriptEncryptionKey, javascriptEncryptionKey);
sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(sNewPassword);
sPasswordHash = sPasswordHashWithSalt.Split('~')[0].ToString();
sSaltValue = sPasswordHashWithSalt.Split('~')[1].ToString();
}
//Check if the new password follows Password policy
if (!bErrorOccurred)
{
Common.Common objCommon = new Common.Common();
bool isPasswordValid = objCommon.ValidatePassword(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName, sNewPassword, sPasswordHash, objLoginUserDetails.LoggedInUserID, out i_ErrorMessage);
if (!isPasswordValid)
{
bErrorOccurred = true;
}
}
if (bErrorOccurred)
{
ViewBag.LoginError = i_ErrorMessage;
return(View("ChangePassword"));
}
objPwdMgmtModel.UserInfoID = objLoginUserDetails.LoggedInUserID;
string saltValue = string.Empty;
string calledFrom = "ChangPwd";
using (UserInfoSL ObjUserInfoSL = new UserInfoSL())
{
List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objLoginUserDetails.CompanyDBConnectionString, Convert.ToString(objLoginUserDetails.LoggedInUserID), calledFrom);
foreach (var UserDetails in lstUserDetails)
{
saltValue = UserDetails.SaltValue;
}
}
string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue;
if (saltValue != null && saltValue != "")
{
objPwdMgmtModel.OldPassword = objPwdHash.CreateHashToVerify(sOldPassword, usrSaltValue);
}
else
{
objPwdMgmtModel.OldPassword = objPwdHash.CreateHash(sOldPassword, usrSaltValue);
}
objPwdMgmtModel.NewPassword = sPasswordHash;
objPwdMgmtModel.ConfirmNewPassword = sPasswordHash;
objPwdMgmtModel.SaltValue = sSaltValue;
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
objUserInfoSL.ChangePassword(objLoginUserDetails.CompanyDBConnectionString, ref objPwdMgmtDTO);
objLoginUserDetails.PasswordChangeMessage = Common.Common.getResource("usr_msg_11271");
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.SetSessionValue("IsChangePassword", false);
}
catch (Exception exp)
{
string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString());
ViewBag.LoginError = sErrMessage;
objPassConfigModel = GetPasswordConfigDetails();
return(View("ChangePassword"));
}
finally
{
objLoginUserDetails = null;
objPwdMgmtDTO = null;
objUserInfoSL = null;
objPwdHash = null;
}
return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) }));
}
