Esempio n. 1
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="i_sConnectionString"></param>
        /// <param name="i_sLoginId"></param>
        /// <param name="o_nReturnValue"></param>
        /// <param name="o_nErroCode"></param>
        /// <param name="o_sErrorMessage"></param>
        /// <returns></returns>
        public InsiderTradingDAL.SessionDetailsDTO SaveSessionStatus(string i_sConnectionString, int inp_UserId, string inp_CookieName)
        {
            InsiderTradingDAL.SessionDetailsDTO res = null;

            try
            {
                //InsiderTradingDAL.UserInfoDAL objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL();
                using (var objUserInfoDAL = new InsiderTradingDAL.UserInfoDAL())
                {
                    res = objUserInfoDAL.SaveSessionStatus(i_sConnectionString, inp_UserId, inp_CookieName);
                }
            }
            catch (Exception exp)
            {
                throw exp;
            }

            return(res);
        }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            //filterContext.HttpContext.Session["GUIDSessionID"] = HttpContext.Current.Request.Cookies.Get("v_au").Value;
            if (filterContext.HttpContext.Session["loginStatus"] != null)
            {
                loginStatusFlag = filterContext.HttpContext.Session["loginStatus"].ToString();
            }

            if (filterContext.HttpContext.Session["TwoFactor"] != null)
            {
                callForTwoFactor = filterContext.HttpContext.Session["TwoFactor"].ToString();
            }

            if (loginStatusFlag == "1")
            {
                if (filterContext.HttpContext.Session["CaptchaValue"] != null)
                {
                    ActualText = filterContext.HttpContext.Session["CaptchaValue"].ToString();
                }
                else
                {
                    ActualText = string.Empty;
                }

                if (filterContext.HttpContext.Session["SerCaptchaPath"] != null)
                {
                    CaptchaDirServerPath = filterContext.HttpContext.Session["SerCaptchaPath"].ToString();
                }
                else
                {
                    CaptchaDirServerPath = string.Empty;
                }
            }
            bool bReturn = false;

            LoginUserDetails objLoginUserDetails = null;

            AuthenticationDTO objAuthenticationDTO         = null;
            UserInfoDTO       objUserAfterValidationObject = null;
            UserInfoDTO       objUserAunthentication       = null;
            PasswordConfigDTO objPasswordConfig            = null;

            List <string> lstAuthorizationActionLinks = null;
            List <int>    lstAuthorisedActionId       = null;

            List <ActivityResourceMappingDTO> lstActivityResourceMappingDTO = null;
            Dictionary <string, List <ActivityResourceMappingDTO> > dicActivityResourceMappingDTO = null;
            int  loginCount = 0;
            bool lockFlag   = false;
            bool flag       = false;

            Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod());
            try
            {
                objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);

                if (objLoginUserDetails != null)
                {
                    //If IsAccountValidated is true in session abject then again it is not checked and only activity aauthorization
                    //is checked.
                    if (!objLoginUserDetails.IsAccountValidated)
                    {
                        objAuthenticationDTO = new AuthenticationDTO();

                        objAuthenticationDTO.LoginID  = objLoginUserDetails.UserName;
                        objAuthenticationDTO.Password = objLoginUserDetails.Password;

                        //string sEncryptedPassword = "";
                        //Common.Common.encryptData(objAuthenticationDTO.Password, out sEncryptedPassword);
                        //objAuthenticationDTO.Password = sEncryptedPassword;
                        objUserAfterValidationObject = new UserInfoDTO();

                        using (var objUserInfoSL = new UserInfoSL())
                        {
                            if (objLoginUserDetails.CompanyDBConnectionString != null)
                            {
                                bReturn = objUserInfoSL.ValidateUser(objLoginUserDetails.CompanyDBConnectionString, objAuthenticationDTO, ref objUserAfterValidationObject);

                                Common.Common.WriteLogToFile("Validated User ", System.Reflection.MethodBase.GetCurrentMethod());
                            }

                            if (bReturn)
                            {
                                lstAuthorizationActionLinks = new List <string>();
                                lstAuthorisedActionId       = new List <int>();

                                if (objUserAfterValidationObject.StatusCodeId == ConstEnum.UserStatus.Inactive)
                                {
                                    string sErrMessage = Common.Common.getResourceForGivenCompany("usr_msg_11274", objLoginUserDetails.CompanyName);

                                    if (sErrMessage == null || sErrMessage == "")
                                    {
                                        sErrMessage = "Your account has been inactivated. Please contact the Administrator.";
                                    }

                                    objLoginUserDetails = new LoginUserDetails();
                                    objLoginUserDetails.AuthorisedActionId = lstAuthorisedActionId;
                                    objLoginUserDetails.AuthorizedActions  = lstAuthorizationActionLinks;
                                    objLoginUserDetails.ErrorMessage       = sErrMessage;
                                    objLoginUserDetails.IsAccountValidated = false;
                                    Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                                        { "controller", "Account" }, { "action", "Login" }
                                    });
                                }
                                else
                                {
                                    if (callForTwoFactor != "1")
                                    {
                                        string UsrCaptchaText = filterContext.HttpContext.Session["UserCaptchaText"].ToString();
                                        if (ActualText == string.Empty || ActualText == UsrCaptchaText)
                                        {
                                            LoginUser(filterContext);
                                        }
                                        else
                                        {
                                            DeleteCaptcha(filterContext);

                                            CaptchaValidation(filterContext);
                                        }
                                    }
                                }
                            }
                        }
                    }

                    if (objLoginUserDetails.IsAccountValidated && !checkActionAuthorization(filterContext, objLoginUserDetails))
                    {
                        //If the request is from the Renderaction call and there is unauthorised access then dont redirect the request.
                        if (filterContext.HttpContext.PreviousHandler != null && filterContext.HttpContext.PreviousHandler is MvcHandler)
                        {
                        }
                        else
                        {
                            // filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, { "action", "Unauthorised" } });
                        }
                    }
                }
                else
                {
                    Common.Common.WriteLogToFile("User is not login ", System.Reflection.MethodBase.GetCurrentMethod());
                    objLoginUserDetails = new LoginUserDetails();
                    objLoginUserDetails.ErrorMessage       = "";
                    objLoginUserDetails.IsAccountValidated = false;
                    Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                        { "controller", "Account" }, { "action", "Login" }
                    });
                }
            }
            catch (Exception exp)
            {
                using (var objPassConfigSL = new PasswordConfigSL())
                {
                    if (objLoginUserDetails.CompanyDBConnectionString != null)
                    {
                        objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString);
                        int count = (Convert.ToInt16(Common.Common.GetSessionValue("LoginCount")) == 0) ? loginCount : Convert.ToInt16(Common.Common.GetSessionValue("LoginCount"));
                        if (count < objPasswordConfig.LoginAttempts)
                        {
                            count++;
                            Common.Common.SetSessionValue("LoginCount", count);

                            filterContext.HttpContext.Session["UserLgnCount"] = count;

                            if (count >= objPasswordConfig.LoginAttempts)
                            {
                                DeleteCaptcha(filterContext);
                                CaptchaValidation(filterContext);
                            }
                        }
                        else
                        {
                            DeleteCaptcha(filterContext);
                            CaptchaValidation(filterContext);
                        }
                    }
                }
                Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);

                // string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString());
                //  objLoginUserDetails.ErrorMessage = sErrMessage;
                string sErrMessage = "";
                if (exp.InnerException != null)
                {
                    sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objLoginUserDetails.CompanyName);
                }
                else
                {
                    sErrMessage = exp.Message;
                }


                if (sErrMessage == null || sErrMessage == "")
                {
                    sErrMessage = "Invalid details entered, please try again with correct details.";
                }
                if (Convert.ToBoolean(Common.Common.GetSessionValue("flag")) == true)
                {
                    sErrMessage = "Your account has been locked. Please contact the Administrator.";
                }

                objLoginUserDetails = new LoginUserDetails();

                objLoginUserDetails.ErrorMessage       = sErrMessage;
                objLoginUserDetails.IsAccountValidated = false;

                if (exp.Message != Common.Common.getResource("com_lbl_14027"))
                {
                    using (SessionManagement sessionManagement = new SessionManagement())
                    {
                        //sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT");
                        sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT");
                    }
                    Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);

                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                        { "controller", "Account" }, { "action", "Login" }
                    });
                }
                else if (exp.Message.ToString().Equals(Common.Common.getResource("com_lbl_14027")) &&
                         HttpContext.Current.Request.Cookies["v_au2"] != null &&
                         HttpContext.Current.Request.Cookies["v_au2"].Value != "")
                {
                    using (SessionManagement sessionManagement = new SessionManagement())
                    {
                        string decrypteddata = null;
                        Common.Common.dencryptData(HttpContext.Current.Request.Cookies["v_au2"].Value, out decrypteddata);
                        string     strCookieName = (false ? string.Empty : decrypteddata + '~' + DateTime.Now.DayOfWeek.ToString().ToUpper());
                        UserInfoSL objUserInfoSL = new UserInfoSL();
                        InsiderTradingDAL.SessionDetailsDTO objSessionDetailsDTO = null;
                        LoginUserDetails loginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
                        objSessionDetailsDTO = objUserInfoSL.GetCookieStatus(loginUserDetails.CompanyDBConnectionString, loginUserDetails.LoggedInUserID, Convert.ToString(strCookieName), false, false);
                        if (objSessionDetailsDTO != null)
                        {
                            //sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "");
                            sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "");
                            objLoginUserDetails.ErrorMessage       = string.Empty;
                            objLoginUserDetails.IsAccountValidated = true;
                        }
                        else
                        {
                            Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                                { "controller", "Account" }, { "action", "Login" }
                            });
                        }
                    }
                }
            }
            finally
            {
                filterContext.HttpContext.Session["loginStatus"] = 0;
                objLoginUserDetails          = null;
                objAuthenticationDTO         = null;
                objUserAfterValidationObject = null;

                lstAuthorizationActionLinks   = null;
                lstAuthorisedActionId         = null;
                lstActivityResourceMappingDTO = null;
                dicActivityResourceMappingDTO = null;

                objUserAunthentication = null;
            }

            Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());

            base.OnActionExecuting(filterContext);
        }