Esempio n. 1
0
        public ActionResult SetPassword(PasswordManagementModel objPwdMgmtModel)
        {
            bool   bErrorOccurred = false;
            string i_ErrorMessage = "";
            string NewPassword    = null;

            InsiderTradingDAL.CompanyDTO objSelectedCompany = new CompanyDTO();
            UserInfoDTO      objUserInfoDTO      = new UserInfoDTO();
            LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);

            try
            {
                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }

                if (objPwdMgmtModel.CompanyID == null || objPwdMgmtModel.CompanyID == "")
                {
                    i_ErrorMessage = "Company is required field.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
                {
                    i_ErrorMessage = "Please enter new password and confirm password.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
                {
                    i_ErrorMessage = "New password and Confirm password are not matching.";
                    bErrorOccurred = true;
                }

                if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
                {
                    Dictionary <string, string> objCompaniesDictionary = null;

                    objCompaniesDictionary = new Dictionary <string, string>();

                    using (CompaniesSL objCompanySL = new CompaniesSL())
                    {
                        foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
                        {
                            objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower());
                        }
                    }

                    if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower()))
                    {
                        objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary
                                                     where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower()
                                                     select entry.Key).FirstOrDefault();
                    }
                    else
                    {
                        objLoginUserDetails.ErrorMessage = "Invalid Company Name";
                        Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                        return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
                    }
                }

                //hashed password to check password history
                InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();

                string saltValue = string.Empty;
                if (objPwdMgmtModel.NewPassword != null)
                {
                    //NewPassword = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
                    string sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
                    NewPassword = sPasswordHashWithSalt.Split('~')[0].ToString();
                    saltValue   = sPasswordHashWithSalt.Split('~')[1].ToString();
                }
                using (CompaniesSL objCompanySL = new CompaniesSL())
                {
                    objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID);
                }
                //Check if the new password follows Password policy
                if (!bErrorOccurred)
                {
                    Common.Common         objCommon = new Common.Common();
                    PasswordManagementDTO objPasswordManagementUserFromHashCodeDTO = new PasswordManagementDTO();

                    using (UserInfoSL objUserInfoSL = new UserInfoSL())
                    {
                        objPasswordManagementUserFromHashCodeDTO = objUserInfoSL.GetUserFromHashCode(objSelectedCompany.CompanyConnectionString, objPwdMgmtModel.HashValue);
                        objUserInfoDTO = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPasswordManagementUserFromHashCodeDTO.UserInfoID);
                    }
                    bool isPasswordValid = objCommon.ValidatePassword(objSelectedCompany.CompanyConnectionString, objUserInfoDTO.LoginID, objPwdMgmtModel.NewPassword, NewPassword, objUserInfoDTO.UserInfoId, out i_ErrorMessage);
                    if (!isPasswordValid)
                    {
                        bErrorOccurred = true;
                    }
                }
                if (bErrorOccurred)
                {
                    //ModelState.AddModelError("Error", i_ErrorMessage);
                    if (objLoginUserDetails == null)
                    {
                        objLoginUserDetails = new LoginUserDetails();
                    }
                    objLoginUserDetails.ErrorMessage = i_ErrorMessage;
                    objLoginUserDetails.CompanyName  = objPwdMgmtModel.CompanyID;
                    Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);

                    PasswordConfigSL  objPassConfigSL  = new PasswordConfigSL();
                    PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
                    objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
                    PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
                    InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel);
                    TempData["PasswordConfigModel"] = objPassConfigModel;
                    return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
                    //return View("SetPassword", objPwdMgmtModel);
                }

                PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();

                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }
                if (objSelectedCompany == null)
                {
                    objLoginUserDetails.ErrorMessage = "Entered company is incorrect, please enter correct company and try again.";
                }
                else
                {
                    objPwdMgmtModel.NewPassword        = NewPassword;
                    objPwdMgmtModel.ConfirmNewPassword = NewPassword;
                    objPwdMgmtModel.SaltValue          = saltValue;
                    InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
                    using (UserInfoSL objUserInfoSL = new UserInfoSL())
                    {
                        objPwdMgmtDTO.UserInfoID = objUserInfoDTO.UserInfoId;
                        objUserInfoSL.ChangePassword(objSelectedCompany.CompanyConnectionString, ref objPwdMgmtDTO);
                    }
                    //InsiderTradingDAL.UserInfoDTO objUserInfo = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO.UserInfoID);
                    objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11271", objSelectedCompany.sCompanyDatabaseName);
                }


                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                return(RedirectToAction("Login", "Account"));
                //return RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) });
            }
            catch (Exception exp)
            {
                string sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objSelectedCompany.sCompanyDatabaseName);
                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }
                objLoginUserDetails.ErrorMessage = sErrMessage;
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                return(RedirectToAction("Login", "Account"));
                //ModelState.AddModelError("Error", sErrMessage);
                //return View("SetPassword", objPwdMgmtModel);
            }
            finally
            {
                objLoginUserDetails = null;
            }
        }
Esempio n. 2
0
        public ActionResult ForgetPassword(PasswordManagementModel objPwdMgmtModel)
        {
            ModelState.Remove("KEY");
            ModelState.Add("KEY", new ModelState());
            ModelState.Clear();
            Session["UserCaptchaTextForgotPwd"] = (objPwdMgmtModel.sCaptchaText == null) ? string.Empty : objPwdMgmtModel.sCaptchaText;
            LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);

            try
            {
                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }

                PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();
                UserInfoSL            objUserInfoSL = new UserInfoSL();
                CompaniesSL           objCompanySL  = new CompaniesSL();

                if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
                {
                    Dictionary <string, string> objCompaniesDictionary = null;

                    objCompaniesDictionary = new Dictionary <string, string>();

                    foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
                    {
                        objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower());
                    }

                    if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower()))
                    {
                        objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary
                                                     where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower()
                                                     select entry.Key).FirstOrDefault();
                    }
                }

                InsiderTradingDAL.CompanyDTO objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID);


                string SaltValue = Common.ConstEnum.User_Password_Encryption_Key;

                InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
                string sHashCode = objPwdHash.CreateHash(objPwdMgmtModel.LoginID.ToString() + objPwdMgmtModel.CompanyID.ToString(), SaltValue);
                objPwdMgmtModel.HashValue = sHashCode;
                var CallBackUrl = Url.Action("SetPassword", "Account", new { @code = sHashCode });

                string sLoginID = string.Empty;
                string sEmailID = string.Empty;
                string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;

                sLoginID = DecryptStringAES(objPwdMgmtModel.LoginID, javascriptEncryptionKey, javascriptEncryptionKey);
                sEmailID = DecryptStringAES(objPwdMgmtModel.EmailID, javascriptEncryptionKey, javascriptEncryptionKey);

                if (!string.IsNullOrEmpty(sEmailID))
                {
                    string emailRegex = @"^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$";
                    Regex  re         = new Regex(emailRegex);
                    if (!re.IsMatch(sEmailID))
                    {
                        ModelState.AddModelError("EmailID", "Please provide valid Email ID");
                    }
                }

                objPwdMgmtModel.LoginID = sLoginID;
                objPwdMgmtModel.EmailID = sEmailID;

                InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
                objPwdMgmtDTO = objUserInfoSL.ForgetPassword(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO);
                if (objPwdMgmtDTO.EmailID != null)
                {
                    if (objPwdMgmtModel.sCaptchaText != Session["CaptchaValueForgotPwd"].ToString())
                    {
                        TempData["ShowCaptchaForgotPwd"]  = true;
                        TempData["ErrorMessageForgotPwd"] = "Please provide valid Text";
                        @ViewBag.ErrorMessage             = "Please provide valid Text";
                        objLoginUserDetails.ErrorMessage  = "Please provide valid Text";
                        return(RedirectToAction("ForgetPassword", "Account"));
                    }
                    Common.Common.SendMail(CallBackUrl, objPwdMgmtDTO, objSelectedCompany.sCompanyDatabaseName);
                }
                objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11270", objSelectedCompany.sCompanyDatabaseName);
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                return(RedirectToAction("Login", "Account"));//.Success(Common.Common.getResourceForGivenCompany("usr_msg_11270", objSelectedCompany.sCompanyDatabaseName));
            }
            catch (Exception exp)
            {
                string sErrMessage = exp.Message;
                if (exp.InnerException != null && exp.InnerException.Data != null && exp.InnerException.Data.Count > 0)
                {
                    sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objPwdMgmtModel.CompanyID);
                }
                @ViewBag.ErrorMessage   = sErrMessage;
                objPwdMgmtModel.LoginID = null;
                objPwdMgmtModel.EmailID = null;
                Dictionary <string, string> objCompaiesDictionary = new Dictionary <string, string>();
                objCompaiesDictionary.Add("", "Select Company");
                CompaniesSL objCompanySL = new CompaniesSL();
                List <InsiderTradingDAL.CompanyDTO> lstCompanies = new List <InsiderTradingDAL.CompanyDTO>();
                lstCompanies = objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString());
                foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in lstCompanies)
                {
                    objCompaiesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
                }
                ViewBag.CompaniesDropDown        = objCompaiesDictionary;
                objLoginUserDetails.ErrorMessage = sErrMessage;
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                return(RedirectToAction("ForgetPassword", "Account"));
            }
        }
Esempio n. 3
0
        public ActionResult ChangePassword(int formId, int acid, PasswordManagementModel objPwdMgmtModel)
        {
            bool                          bErrorOccurred               = false;
            string                        i_ErrorMessage               = "";
            LoginUserDetails              objLoginUserDetails          = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
            PasswordManagementDTO         objPwdMgmtDTO                = new PasswordManagementDTO();
            PasswordConfigModel           objPassConfigModel           = new PasswordConfigModel();
            UserInfoSL                    objUserInfoSL                = new UserInfoSL();
            UserPolicyDocumentEventLogDTO objChangePasswordEventLogDTO = null;
            PasswordExpiryReminderDTO     objPassExpiryReminderDTO     = null;


            InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
            try
            {
                DataSecurity objDataSecurity         = new DataSecurity();
                string       sOldPassword            = string.Empty;
                string       sNewPassword            = string.Empty;
                string       sConfirmNewPassword     = string.Empty;
                string       sPasswordHash           = string.Empty;
                string       sPasswordHashWithSalt   = string.Empty;
                string       sSaltValue              = string.Empty;
                string       javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
                string       userPasswordHashSalt    = Common.ConstEnum.User_Password_Encryption_Key;

                if (objPwdMgmtModel.OldPassword == null || objPwdMgmtModel.OldPassword == "" || objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" ||
                    objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
                {
                    i_ErrorMessage = "All fields are required fields.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
                {
                    i_ErrorMessage = "Please enter new password and confirm new password.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
                {
                    i_ErrorMessage = "New password and Confirm password are not matching.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.OldPassword == objPwdMgmtModel.NewPassword)
                {
                    i_ErrorMessage = "New password should not be same as old password.";
                    bErrorOccurred = true;
                }

                else if (!string.IsNullOrEmpty(objPwdMgmtModel.OldPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.NewPassword) &&
                         !string.IsNullOrEmpty(objPwdMgmtModel.ConfirmNewPassword))
                {
                    sOldPassword          = DecryptStringAES(objPwdMgmtModel.OldPassword, javascriptEncryptionKey, javascriptEncryptionKey);
                    sNewPassword          = DecryptStringAES(objPwdMgmtModel.NewPassword, javascriptEncryptionKey, javascriptEncryptionKey);
                    sConfirmNewPassword   = DecryptStringAES(objPwdMgmtModel.ConfirmNewPassword, javascriptEncryptionKey, javascriptEncryptionKey);
                    sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(sNewPassword);
                    sPasswordHash         = sPasswordHashWithSalt.Split('~')[0].ToString();
                    sSaltValue            = sPasswordHashWithSalt.Split('~')[1].ToString();
                }

                //Check if the new password follows Password policy
                if (!bErrorOccurred)
                {
                    Common.Common objCommon       = new Common.Common();
                    bool          isPasswordValid = objCommon.ValidatePassword(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName, sNewPassword, sPasswordHash, objLoginUserDetails.LoggedInUserID, out i_ErrorMessage);
                    if (!isPasswordValid)
                    {
                        bErrorOccurred = true;
                    }
                }
                if (bErrorOccurred)
                {
                    ViewBag.LoginError = i_ErrorMessage;
                    return(View("ChangePassword"));
                }

                objPwdMgmtModel.UserInfoID = objLoginUserDetails.LoggedInUserID;

                string saltValue  = string.Empty;
                string calledFrom = "ChangPwd";

                using (UserInfoSL ObjUserInfoSL = new UserInfoSL())
                {
                    List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objLoginUserDetails.CompanyDBConnectionString, Convert.ToString(objLoginUserDetails.LoggedInUserID), calledFrom);
                    foreach (var UserDetails in lstUserDetails)
                    {
                        saltValue = UserDetails.SaltValue;
                    }
                }

                string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue;

                if (saltValue != null && saltValue != "")
                {
                    objPwdMgmtModel.OldPassword = objPwdHash.CreateHashToVerify(sOldPassword, usrSaltValue);
                }
                else
                {
                    objPwdMgmtModel.OldPassword = objPwdHash.CreateHash(sOldPassword, usrSaltValue);
                }


                objPwdMgmtModel.NewPassword        = sPasswordHash;
                objPwdMgmtModel.ConfirmNewPassword = sPasswordHash;
                objPwdMgmtModel.SaltValue          = sSaltValue;
                InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
                objUserInfoSL.ChangePassword(objLoginUserDetails.CompanyDBConnectionString, ref objPwdMgmtDTO);
                objLoginUserDetails.PasswordChangeMessage = Common.Common.getResource("usr_msg_11271");
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);

                Common.Common.SetSessionValue("IsChangePassword", false);
            }
            catch (Exception exp)
            {
                string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString());
                ViewBag.LoginError = sErrMessage;
                objPassConfigModel = GetPasswordConfigDetails();
                return(View("ChangePassword"));
            }
            finally
            {
                objLoginUserDetails = null;
                objPwdMgmtDTO       = null;
                objUserInfoSL       = null;
                objPwdHash          = null;
            }
            return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) }));
        }
Esempio n. 4
0
        public async Task <ActionResult> Login(UserDetailsModel model)
        {
            LoginUserDetails objLoginUserDetails = null;

            InsiderTradingEncryption.DataSecurity objPwdHash = null;

            CompanyDTO        objSelectedCompany = null;
            DataSecurity      objDataSecurity    = new DataSecurity();
            PasswordConfigDTO objPasswordConfig  = null;
            int loginCount = 0;

            Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod());
            bool IsEmailOTPActive = false;

            try
            {
                Session["UserCaptchaText"]    = (model.sCaptchaText == null) ? string.Empty : model.sCaptchaText;
                TempData["ShowDupTransPopUp"] = 1;
                objLoginUserDetails           = new LoginUserDetails();
                string formUsername          = string.Empty;
                string formPassword          = string.Empty;
                string formEncryptedUsername = string.Empty;
                string formEncryptedPassword = string.Empty;

                string sPasswordHash           = string.Empty;
                string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
                string userPasswordHashSalt    = Common.ConstEnum.User_Password_Encryption_Key;
                string EncryptedRandomNo       = string.Empty;

                if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt))
                {
                    objPwdHash = new InsiderTradingEncryption.DataSecurity();

                    formEncryptedUsername = model.sUserName;
                    formEncryptedPassword = model.sPassword;

                    formEncryptedUsername = DecryptStringAES(formEncryptedUsername, javascriptEncryptionKey, javascriptEncryptionKey);
                    formEncryptedPassword = DecryptStringAES(formEncryptedPassword, javascriptEncryptionKey, javascriptEncryptionKey);

                    EncryptedRandomNo = formEncryptedUsername.Split('~')[1].ToString();

                    if (EncryptedRandomNo != Convert.ToString(Session["randomNumber"]))
                    {
                        throw new System.Web.HttpException(401, "Unauthorized access");
                    }

                    formUsername = formEncryptedUsername.Split('~')[0].ToString();
                    formPassword = formEncryptedPassword.Split('~')[0].ToString();
                }
                else
                {
                    Session["IsSSOActivated"] = "1";
                    formUsername  = model.sUserName;
                    sPasswordHash = string.IsNullOrEmpty(model.sPassword) ? "" : model.sPassword;
                }

                using (CompaniesSL objCompanySL = new CompaniesSL())
                {
                    if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
                    {
                        Dictionary <string, string> objCompaniesDictionary = null;

                        objCompaniesDictionary = new Dictionary <string, string>();

                        foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
                        {
                            objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
                        }

                        if (objCompaniesDictionary.ContainsValue(model.sCompanyName.ToLower()))
                        {
                            model.sCompanyName = (from entry in objCompaniesDictionary
                                                  where entry.Value.ToLower() == model.sCompanyName.ToLower()
                                                  select entry.Key).FirstOrDefault();
                        }
                        else
                        {
                            objLoginUserDetails.ErrorMessage       = "Invalid company name";
                            objLoginUserDetails.IsAccountValidated = false;
                            Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                            Common.Common.WriteLogToFile("Invalid company name");
                            Session["IsSSOActivated"] = null;
                            return(RedirectToAction("Login", "Account"));
                        }
                    }

                    objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), model.sCompanyName);

                    if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt))
                    {
                        string saltValue  = string.Empty;
                        string calledFrom = "Login";

                        using (UserInfoSL ObjUserInfoSL = new UserInfoSL())
                        {
                            List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objSelectedCompany.CompanyConnectionString, formUsername, calledFrom);
                            foreach (var UserDetails in lstUserDetails)
                            {
                                saltValue = UserDetails.SaltValue;
                            }
                        }
                        using (TwoFactorAuthSL objIsOTPEnable = new TwoFactorAuthSL())
                        {
                            IsEmailOTPActive = objIsOTPEnable.CheckIsOTPActived(objSelectedCompany.CompanyConnectionString, formUsername);
                        }

                        string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue;

                        if (saltValue != null && saltValue != "")
                        {
                            sPasswordHash = objPwdHash.CreateHashToVerify(formPassword, usrSaltValue);
                        }
                        else
                        {
                            sPasswordHash = objPwdHash.CreateHash(formPassword, usrSaltValue);
                        }
                    }
                    objLoginUserDetails.UserName = formUsername;
                    objLoginUserDetails.Password = sPasswordHash;
                    objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString;
                    objLoginUserDetails.CompanyName = model.sCompanyName;

                    objLoginUserDetails.IsUserLogin = false; //this flag indicate that user is not yet login sucessfully
                    Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                    using (var objPassConfigSL = new PasswordConfigSL())
                    {
                        objPasswordConfig       = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
                        loginCount              = (Session["UserLgnCount"] == null) ? 0 : Convert.ToInt32(Session["UserLgnCount"].ToString());
                        TempData["ShowCaptcha"] = false;
                        if (loginCount >= (objPasswordConfig.LoginAttempts - 1))
                        {
                            TempData["ShowCaptcha"]   = true;
                            Session["DisplayCaptcha"] = true;
                        }
                        if ((loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText == "") || loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText != Session["CaptchaValue"].ToString())
                        {
                            TempData["ShowCaptcha"]  = true;
                            TempData["ErrorMessage"] = "Please provide valid text";
                        }
                    }
                }
            }
            catch (Exception exp)
            {
                //If User is trying to login with a loginID which is being logged-in into the system. Then show the message and don't allow to login.
                string sErrMessage = exp.Message;
                objLoginUserDetails.ErrorMessage       = sErrMessage;
                objLoginUserDetails.IsAccountValidated = false;
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
                Session["IsSSOActivated"] = null;
                ClearAllSessions();
                return(RedirectToAction("Login", "Account"));
            }
            finally
            {
                objLoginUserDetails = null;
                objPwdHash          = null;
                objSelectedCompany  = null;
            }
            if (IsEmailOTPActive)
            {
                Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
                Session["TwoFactor"]     = 1;
                Session["IsOTPAuthPage"] = "TwoFactorAuthentication";
                return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
            }
            else
            {
                Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
                Session["loginStatus"] = 1;
                return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" }));
            }
        }
Esempio n. 5
0
        public ActionResult Index(UserDetailsModel model)
        {
            UserPrincipal userPrincipal      = null;
            CompanyDTO    objSelectedCompany = null;

            InsiderTradingEncryption.DataSecurity objPwdHash = null;
            string dominName   = string.Empty;
            string adPath      = string.Empty;
            string strError    = string.Empty;
            string s_debugInfo = string.Empty;
            Dictionary <string, object> DictDetails = new Dictionary <string, object>();

            try
            {
                if (!ModelState.IsValid)
                {
                    string formUsername            = model.sUserName;
                    string formPassword            = model.sPassword;
                    string sPasswordHash           = string.Empty;
                    string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
                    string userPasswordHashSalt    = Common.ConstEnum.User_Password_Encryption_Key;

                    foreach (string key in ConfigurationManager.AppSettings.Keys)
                    {
                        dominName = key.Contains("DirectoryDomain") ? ConfigurationManager.AppSettings[key] : dominName;

                        adPath = key.Contains("DirectoryPath") ? ConfigurationManager.AppSettings[key] : adPath;

                        if (!String.IsNullOrEmpty(dominName) && !String.IsNullOrEmpty(adPath))
                        {
                            if (compilationSection.Debug)
                            {
                                Common.Common.WriteLogToFile("DominName & adPath read successfully ", null);
                            }

                            using (AuthenticateUserModel AuthenticateUserModel = new AuthenticateUserModel())
                            {
                                formUsername = DecryptStringAES(formUsername, javascriptEncryptionKey, javascriptEncryptionKey);
                                formPassword = DecryptStringAES(formPassword, javascriptEncryptionKey, javascriptEncryptionKey);

                                objPwdHash = new InsiderTradingEncryption.DataSecurity();

                                sPasswordHash = objPwdHash.CreateHash(formPassword, userPasswordHashSalt);

                                if (compilationSection.Debug)
                                {
                                    Common.Common.WriteLogToFile("Created Hash successfully ", null);
                                }

                                AuthenticateUserModel.AuthenticateUser(dominName, formUsername, formPassword, adPath, out strError, out DictDetails);
                                {
                                    if (DictDetails.Count != 0)
                                    {
                                        return(this.RedirectAndPost(ConfigurationManager.AppSettings["VigilanteURL"].ToString(), DictDetails));
                                    }
                                    else
                                    {
                                        return(View("AuthenticationFailed"));
                                    }
                                }
                            }
                        }
                    }

                    if (!string.IsNullOrEmpty(strError))
                    {
                        //lblError.Text = "Invalid user name or Password!";
                        if (compilationSection.Debug)
                        {
                            Common.Common.WriteLogToFile("Invalid user name or Password!", null);
                        }
                        return(View("AuthenticationFailed"));
                    }
                }
            }
            catch (Exception ex)
            {
                if (compilationSection.Debug)
                {
                    Common.Common.WriteLogToFile("Exception occured in Index method", ex);
                }
                return(View("AuthenticationFailed"));
            }
            finally
            {
            }
            return(null);
        }