public JsonResult AuthenticateUser(LoginModel loginModel) { _securityDataProvider = new SecurityDataProvider(); ServiceResponse response = _securityDataProvider.AuthenticateUser(loginModel, false); if (response.IsSuccess) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, loginModel.Email, DateTime.Now, DateTime.Now.AddMinutes(Constants.RememberMeDuration), true, loginModel.Email, FormsAuthentication.FormsCookiePath ); string encTicket = FormsAuthentication.Encrypt(ticket); // Create the cookie. HttpCookie httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket) { Expires = ticket.Expiration }; Response.Cookies.Add(httpCookie); SessionValueData sessiondata = (SessionValueData)response.Data; SessionHelper.UserId = sessiondata.UserId; SessionHelper.UserRoleId = sessiondata.UserRoleId; SessionHelper.CurrentUser = sessiondata.CurrentUser; } ; return(Json(response)); }
public ServiceResponse AuthenticateUser(LoginModel loginModel, bool isRegenerateSession) { ServiceResponse response = new ServiceResponse(); if (loginModel != null) { UserTable dbUserModel = GetEntity <UserTable>(new List <SearchValueData> { new SearchValueData { Name = "UserName", Value = loginModel.Email } }); if (dbUserModel == null) { response.Message = Common.MessageWithTitle(Resource.LoginFailed, Resource.NotRegisteredAccount); return(response); } if (!dbUserModel.IsActive) { response.Message = Common.MessageWithTitle(Resource.LoginFailed, Resource.InactiveAccount); return(response); } UserSessionModel dbLoginModel = GetEntity <UserSessionModel>(StoredProcedures.GetUserSessionDetailByUserId, new List <SearchValueData> { new SearchValueData { Name = "UserId", Value = dbUserModel.UserId.ToString() } }); if (dbLoginModel != null && dbLoginModel.UserId > 0 && (isRegenerateSession || dbUserModel.Password == Crypto.Encrypt(loginModel.Password))) { var sessionData = new SessionValueData { UserId = dbLoginModel.UserId, UserRoleId = dbUserModel.UserRoleId, CurrentUser = dbLoginModel }; response = Common.GenerateResponseWithTitle(Resource.LoginSuccess, Resource.LoginSuccessMessage, true); response.Data = sessionData; return(response); } else { response.Message = Common.MessageWithTitle(Resource.LoginFailed, Resource.UsernamePasswordIncorrect); return(response); } } response.Message = Common.MessageWithTitle(Resource.LoginFailed, Resource.ExceptionMessage); return(response); }
public override void OnAuthorization(AuthorizationContext filterContext) { var isAjaxRequest = filterContext.HttpContext.Request.IsAjaxRequest(); var currentUrl = filterContext.HttpContext.Request.RawUrl; //Check all allowed urls. if (CheckAllowedActions()) { return; } string[] strPermissions = string.IsNullOrEmpty(Permissions) ? new string[] { } : Permissions.Split(','); #region Authentication if (filterContext.HttpContext.Request.CurrentExecutionFilePath != Constants.LoginUrl) { bool removeFormsAuthenticationTicket = true; bool isTimeOut = false; if (filterContext.HttpContext.Request.IsAuthenticated && SessionHelper.UserId == 0) { HttpCookie decryptedCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(decryptedCookie.Value); if (ticket != null) { var identity = new GenericIdentity(ticket.Name); if (identity.IsAuthenticated) { ISecurityDataProvider securityDataProvider = new SecurityDataProvider(); LoginModel loginModel = new LoginModel { Email = ticket.Name }; ServiceResponse response = new ServiceResponse(); response = securityDataProvider.AuthenticateUser(loginModel, true); if (response.IsSuccess) { SessionValueData sessiondata = (SessionValueData)response.Data; SessionHelper.UserId = sessiondata.UserId; SessionHelper.UserRoleId = sessiondata.UserRoleId; SessionHelper.CurrentUser = sessiondata.CurrentUser; removeFormsAuthenticationTicket = false; } else { isTimeOut = true; } } else { isTimeOut = true; } } else { isTimeOut = true; } if (removeFormsAuthenticationTicket) { FormsAuthentication.SignOut(); if (filterContext.HttpContext.Request.CurrentExecutionFilePath != "/" && filterContext.HttpContext.Request.CurrentExecutionFilePath != Constants.LoginUrl) { RedirectToAction(filterContext, _loginUrl + GenerateReturnUrl(isAjaxRequest, filterContext), isAjaxRequest); } else { RedirectToAction(filterContext, _loginUrl, isAjaxRequest); } } } else if (SessionHelper.UserId == 0) { if (filterContext.HttpContext.Request.CurrentExecutionFilePath != "/" && filterContext.HttpContext.Request.CurrentExecutionFilePath != Constants.LoginUrl) { RedirectToAction(filterContext, _loginUrl + GenerateReturnUrl(isAjaxRequest, filterContext), isAjaxRequest); } else { RedirectToAction(filterContext, _loginUrl, isAjaxRequest); } } } #endregion #region Authorization if (SessionHelper.UserId > 0) { bool isAuthoized = strPermissions.Contains(Constants.AuthorizedPermission) || strPermissions.Contains(Constants.RememberMePermission); if (!isAuthoized && !isAjaxRequest) { filterContext.Result = new RedirectResult(_accessDeniedUrl); } else if (!isAuthoized) { RedirectToAction(filterContext, _accessDeniedUrl, isAjaxRequest); } else { } } //else //{ //TODO if some action has been performed for the unauthorized user. //} #endregion }