void Update(string statusMessage)
{
// temp stop timer
_heartbeatTimer.Change(System.Threading.Timeout.Infinite, System.Threading.Timeout.Infinite);
DbTableDmlMgr dmlUpdateMgr = _daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.AppSessions);
dmlUpdateMgr.SetWhereCondition((j) => j.Column(Constants.AppCode)
== j.Parameter(dmlUpdateMgr.MainTable.SchemaName
, dmlUpdateMgr.MainTable.TableName
, Constants.AppCode
, _daMgr.BuildParamName(Constants.AppCode)) &&
j.Column(Constants.MultipleSessionCode)
== j.Parameter(dmlUpdateMgr.MainTable.SchemaName
, dmlUpdateMgr.MainTable.TableName
, Constants.MultipleSessionCode
, _daMgr.BuildParamName(Constants.MultipleSessionCode)));
dmlUpdateMgr.AddColumn(Constants.StatusMessage, _daMgr.BuildParamName(Constants.StatusMessage));
dmlUpdateMgr.AddColumn(Constants.StatusDateTime, Core.EnumDateTimeLocale.UTC);
DbCommand dbCmdUpdate = _daMgr.BuildUpdateDbCommand(dmlUpdateMgr);
dbCmdUpdate.Parameters[_daMgr.BuildParamName(Constants.AppCode)].Value = _appCode;
dbCmdUpdate.Parameters[_daMgr.BuildParamName(Constants.MultipleSessionCode)].Value = _appSessionCode;
dbCmdUpdate.Parameters[_daMgr.BuildParamName(Constants.StatusMessage)].Value = statusMessage;
DbCommandMgr dbCmdMgr = new DbCommandMgr(_daMgr);
dbCmdMgr.AddDbCommand(dbCmdUpdate);
// refresh signon control
List <string> tableNames = new List <string>();
DbTableDmlMgr dmlSelectMgr = _daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.SignonControl);
DbCommand dbCmdSelect = _daMgr.BuildSelectDbCommand(dmlSelectMgr, null);
dbCmdMgr.AddDbCommand(dbCmdSelect);
tableNames.Add(Constants.SignonControl);
// refresh app sessions
dmlSelectMgr = _daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.AppSessions);
dbCmdSelect = _daMgr.BuildSelectDbCommand(dmlSelectMgr, null);
dbCmdMgr.AddDbCommand(dbCmdSelect);
tableNames.Add(Constants.AppSessions);
DataSet controldata = dbCmdMgr.ExecuteDataSet(tableNames);
_signonControl.Refresh(controldata.Tables[Constants.SignonControl]);
_appSessions = controldata.Tables[Constants.AppSessions];
// temp start timer
_heartbeatTimer.Change(_signonControl.SignonControlData.StatusSeconds * 1000
, _signonControl.SignonControlData.StatusSeconds * 1000);
}
static DbCommand BuildCmdGetUpdateUserSession(DataAccessMgr daMgr)
{
DbTableDmlMgr dmlUpdateMgr = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserSessions);
dmlUpdateMgr.AddColumn(Constants.SessionDateTime, EnumDateTimeLocale.UTC);
dmlUpdateMgr.SetWhereCondition(j => j.Column(Constants.SessionCode) ==
j.Parameter(Constants.UserSessions, Constants.SessionCode
, daMgr.BuildParamName(Constants.SessionCode)));
return(daMgr.BuildUpdateDbCommand(dmlUpdateMgr));
}
/// <summary>
/// Adds a record to the session database table
/// </summary>
/// <param name="daMgr">DataAccessMgr object</param>
/// <param name="userId">Unique user identifier</param>
/// <param name="userCode">Unique numeric user identifier</param>
/// <param name="userEnv">MetaData about the user's environment</param>
/// <returns>A unique session code</returns>
static Int64 AddSession(DataAccessMgr daMgr, string userId, Int32 userCode, UserEnvironmentStructure userEnv)
{
Int64 sessionCode = daMgr.GetNextSequenceNumber(Constants.SessionCode);
DbTableDmlMgr dmlInsert = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserSessions);
dmlInsert.AddColumn(Constants.SessionCode, daMgr.BuildParamName(Constants.SessionCode));
dmlInsert.AddColumn(Constants.UserCode, daMgr.BuildParamName(Constants.UserCode));
dmlInsert.AddColumn(Constants.UserId, daMgr.BuildParamName(Constants.UserId));
dmlInsert.AddColumn(Constants.AppCode, daMgr.BuildParamName(Constants.AppCode));
dmlInsert.AddColumn(Constants.AppId, daMgr.BuildParamName(Constants.AppId));
dmlInsert.AddColumn(Constants.AppMachine, daMgr.BuildParamName(Constants.AppMachine));
dmlInsert.AddColumn(Constants.AppVersion, daMgr.BuildParamName(Constants.AppVersion));
dmlInsert.AddColumn(Constants.RemoteAddress, daMgr.BuildParamName(Constants.RemoteAddress));
DbCommand cmdInsert = daMgr.BuildInsertDbCommand(dmlInsert);
cmdInsert.Parameters[daMgr.BuildParamName(Constants.SessionCode)].Value = sessionCode;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.UserId)].Value = userId;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.UserCode)].Value = userCode;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.AppId)].Value = userEnv.AppId;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.AppCode)].Value = userEnv.AppCode;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.AppVersion)].Value = userEnv.AppVersion;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.RemoteAddress)].Value = userEnv.RemoteAddress;
cmdInsert.Parameters[daMgr.BuildParamName(Constants.AppMachine)].Value = Environment.MachineName;
DbTableDmlMgr dmlUpdate = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserMaster);
dmlUpdate.AddColumn(Constants.FailedSignonAttempts
, daMgr.BuildParamName(Constants.FailedSignonAttempts));
dmlUpdate.AddColumn(Constants.LastSignonDateTime
, EnumDateTimeLocale.Default);
dmlUpdate.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlUpdate.MainTable.SchemaName
, dmlUpdate.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdUpdate = daMgr.BuildUpdateDbCommand(dmlUpdate);
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.UserId)].Value
= userId;
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.FailedSignonAttempts)].Value
= 0;
DbCommandMgr cmdMgr = new DbCommandMgr(daMgr);
cmdMgr.AddDbCommand(cmdInsert);
cmdMgr.AddDbCommand(cmdUpdate);
cmdMgr.ExecuteNonQuery();
return(sessionCode);
}
/// <summary>
/// Changes the given user's password to the new password and resets any account restrictions
/// depending on given parameter.
/// <para>The method assumes the caller has verified the spelling of the new password.</para>
/// <para>The method also assumes the caller has verified the existing password if applicable.</para>
/// </summary>
/// <param name="daMgr">DataAccessMgr object</param>
/// <param name="userId">Unique user identifier</param>
/// <param name="newPassword">The new password (unhashed) plain text</param>
/// <param name="resetSignonRestrictions">Indicates whether the accounts restrictions will be reset</param>
public static void ChangePassword(DataAccessMgr daMgr
, string userId
, string newPassword
, bool resetSignonRestrictions)
{
string salt = Cryptography.HashOperation.CreateRandomSalt(Cryptography.HashAlgorithmTypeEnum.SHA512HashAlgorithm);
string hash = Cryptography.HashOperation.ComputeHash(Cryptography.HashAlgorithmTypeEnum.SHA512HashAlgorithm
, newPassword
, salt);
DbTableDmlMgr dmlUpdate = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserMaster);
dmlUpdate.AddColumn(Constants.UserPassword
, daMgr.BuildParamName(Constants.UserPassword));
dmlUpdate.AddColumn(Constants.PasswordSalt
, daMgr.BuildParamName(Constants.PasswordSalt));
dmlUpdate.AddColumn(Constants.FailedSignonAttempts
, daMgr.BuildParamName(Constants.FailedSignonAttempts));
dmlUpdate.AddColumn(Constants.ForcePasswordChange
, daMgr.BuildParamName(Constants.ForcePasswordChange));
if (resetSignonRestrictions)
{
dmlUpdate.AddColumn(Constants.SignonRestricted
, daMgr.BuildParamName(Constants.SignonRestricted));
}
dmlUpdate.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlUpdate.MainTable.SchemaName
, dmlUpdate.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdUpdate = daMgr.BuildUpdateDbCommand(dmlUpdate);
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.UserId)].Value
= userId;
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.UserPassword)].Value
= hash;
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.PasswordSalt)].Value
= salt;
if (resetSignonRestrictions)
{
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.SignonRestricted)].Value
= 0;
}
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.FailedSignonAttempts)].Value
= 0;
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.ForcePasswordChange)].Value
= 0;
daMgr.ExecuteNonQuery(cmdUpdate, null, null);
}
public ActionResult EditProfile(EditProfileModel editProfile)
{
if (ModelState.IsValid)
{
if (!string.IsNullOrEmpty(editProfile.ChangedFields))
{
DataAccessMgr daMgr = Global.GetDataAccessMgr(this.HttpContext);
DbTableDmlMgr dmlUpdate = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, DataManagement.Constants.Table_UserMaster);
foreach (string column in dmlUpdate.MainTable.Columns.Keys)
{
if (editProfile.ChangedFields.Contains(column))
{
dmlUpdate.AddColumn(column);
}
}
dmlUpdate.AddColumn(SessionManagement.Constants.LastModifiedUserCode);
dmlUpdate.AddColumn(SessionManagement.Constants.LastModifiedDateTime
, Core.EnumDateTimeLocale.Default);
dmlUpdate.SetWhereCondition(j => j.Column(DataManagement.Constants.UserId)
== j.Parameter(dmlUpdate.MainTable.SchemaName
, dmlUpdate.MainTable.TableName
, DataManagement.Constants.UserId
, daMgr.BuildParamName(DataManagement.Constants.UserId)));
DbCommand cmdUpdate = daMgr.BuildUpdateDbCommand(dmlUpdate);
UserSession userSessionMgr = (UserSession)Session[SessionManagement.Constants.UserSessionMgr];
cmdUpdate.Parameters[daMgr.BuildParamName(DataManagement.Constants.UserId)].Value = userSessionMgr.UserId;
cmdUpdate.Parameters[daMgr.BuildParamName(SessionManagement.Constants.LastModifiedUserCode)].Value = userSessionMgr.UserCode;
foreach (DbParameter param in cmdUpdate.Parameters)
{
if (param.Value == DBNull.Value)
{
param.Value = GetValueFromModelState(ModelState, param.ParameterName.Substring(1));
}
}
daMgr.ExecuteNonQuery(cmdUpdate, null, null);
}
else
{
ViewBag.NoDataChanged = true;
}
}
return(View(editProfile));
}
/// <summary>
/// Increases the signon failure account for the given user identifier and returns the latest count
/// </summary>
/// <param name="daMgr">DataAccessMgr object</param>
/// <param name="userId">Unique user identifier</param>
/// <returns>The icremented count of failed attempts</returns>
static Int16 IncreaseFailedAttemptCount(DataAccessMgr daMgr, string userId)
{
DbTableDmlMgr dmlUpdate = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserMaster);
DbFunctionStructure addOne = new DbFunctionStructure();
addOne.FunctionBody = string.Format("{0} + 1", Constants.FailedSignonAttempts);
dmlUpdate.AddColumn(Constants.FailedSignonAttempts
, addOne);
dmlUpdate.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlUpdate.MainTable.SchemaName
, dmlUpdate.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdUpdate = daMgr.BuildUpdateDbCommand(dmlUpdate);
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.UserId)].Value
= userId;
DbTableDmlMgr dmlSelectMgr = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserMaster
, Constants.FailedSignonAttempts);
dmlSelectMgr.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlSelectMgr.MainTable.SchemaName
, dmlSelectMgr.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdSelectUserMaster = daMgr.BuildSelectDbCommand(dmlSelectMgr, null);
cmdSelectUserMaster.Parameters[daMgr.BuildParamName(Constants.UserId)].Value = userId;
DbCommandMgr cmdMgr = new DbCommandMgr(daMgr);
cmdMgr.AddDbCommand(cmdUpdate);
cmdMgr.AddDbCommand(cmdSelectUserMaster);
DataTable userMaster = cmdMgr.ExecuteDataTable();
return(Convert.ToInt16(userMaster.Rows[0][Constants.FailedSignonAttempts]));
}
/// <summary>
/// Sets or resets an account restriction for the given user identifier
/// </summary>
/// <param name="daMgr">DataAccessMgr object</param>
/// <param name="userId">Unique user identifier</param>
/// <param name="removeRestriction">Indicates whether to set or reset the restriction</param>
static void Restriction(DataAccessMgr daMgr, string userId, bool removeRestriction)
{
DbTableDmlMgr dmlUpdate = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserMaster);
dmlUpdate.AddColumn(Constants.SignonRestricted
, daMgr.BuildParamName(Constants.SignonRestricted));
dmlUpdate.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlUpdate.MainTable.SchemaName
, dmlUpdate.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdUpdate = daMgr.BuildUpdateDbCommand(dmlUpdate);
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.UserId)].Value
= userId;
cmdUpdate.Parameters[daMgr.BuildParamName(Constants.SignonRestricted)].Value
= removeRestriction ? 0 : 1;
daMgr.ExecuteNonQuery(cmdUpdate, null, null);
}