public PasswordConfigDTO GetData(string pwc_Id)
{
log.MethodStart();
PasswordConfigDTO objModel = new PasswordConfigDTO();
using (var trans = _db.Database.BeginTransaction())
{
try
{
var objReturn1 = _db.TCPasswordConfigs.FirstOrDefault(x => x.pwc_id == 1);
objModel = _mapper.Map <PasswordConfigDTO>(objReturn1);
trans.Commit();
}
catch (Exception ex)
{
// TODO: Handle failure
trans.Rollback();
}
finally
{
trans.Dispose();
}
}
log.MethodFinish();
return(objModel);
}
public async Task <PasswordConfigDTO> GetDataAsync()
{
PasswordConfigDTO menu = new PasswordConfigDTO();
menu = await _apiHelper.GetDataByIdAsync <PasswordConfigDTO>("passwordconfig_api/Get_Data", "1");
return(menu);
}
public PasswordConfigDTO Post_SaveData([FromBody] PasswordConfigDTO model)
{
var objReturn1 = _service.SaveData(model);
var objReturn = _service.GetData("1");
return(objReturn);
}
public ActionResult SavePasswordConfiguration(int acid, PasswordConfigModel objPassConfigModel)
{
if (objPassConfigModel.MinLength < 4)
{
ModelState.AddModelError("MinLength", Common.Common.getResource("pc_msg_50572"));
}
if (objPassConfigModel.MinLength > objPassConfigModel.MaxLength)
{
ModelState.AddModelError("MaxLength", Common.Common.getResource("pc_msg_50573"));
}
if (objPassConfigModel.LoginAttempts == 0)
{
ModelState.AddModelError("LoginAttempts", Common.Common.getResource("pc_msg_50574"));
}
if (objPassConfigModel.MinAlphabets == 0 && objPassConfigModel.MinNumbers == 0 && objPassConfigModel.MinSplChar == 0 && objPassConfigModel.MinUppercaseChar == 0)
{
ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50575"));
}
int sum = objPassConfigModel.MinAlphabets + objPassConfigModel.MinNumbers + objPassConfigModel.MinSplChar + objPassConfigModel.MinUppercaseChar;
if (sum > objPassConfigModel.MaxLength)
{
ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50575"));
}
if (objPassConfigModel.ExpiryReminder > objPassConfigModel.PassValidity)
{
ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50596"));
}
if (objPassConfigModel.PassValidity == 0)
{
ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50626"));
}
if (objPassConfigModel.MaxLength == 0)
{
objPassConfigModel.MaxLength = 20;
}
if (objPassConfigModel.PassValidity == 0)
{
objPassConfigModel.PassValidity = 45;
}
if (ModelState.IsValid)
{
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
PasswordConfigSL objPassConfigSL = new PasswordConfigSL();
PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
objPassConfigModel.LastUpdatedBy = objLoginUserDetails.LoggedInUserID.ToString();
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigModel, objPassConfigDTO);
objPassConfigSL.SavePasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString, objPassConfigDTO);
string AlertMessage = Common.Common.getResource("pc_msg_50571");
return(View("Index", objPassConfigModel).Success(HttpUtility.UrlEncode(AlertMessage)));
}
return(View("Index", objPassConfigModel));;
}
public ActionResult Index(int acid)
{
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
PasswordConfigSL objPassConfigSL = new PasswordConfigSL();
PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString);
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel);
ViewBag.Acid = acid;
return(View(objPassConfigModel));
}
public PasswordConfigModel GetPasswordConfigDetails()
{
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
PasswordConfigSL objPassConfigSL = new PasswordConfigSL();
PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString);
PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel);
return(objPassConfigModel);
}
public async Task <PasswordConfigDTO> SaveDataAsync(PasswordConfigDTO model)
{
//MenuDTO menu = new MenuDTO()
//{
// mnu_id = "2",
// mnu_name = "TEST_name",
// mnu_area = "TEST_area",
// mnu_controller = "TEST_controller"
//};
var menua = await _apiHelper.PostDataAsync <PasswordConfigDTO>("passwordconfig_api/Post_SaveData", model);
return(menua);
}
public PasswordConfigDTO SaveData(PasswordConfigDTO model)
{
log.MethodStart();
var currentDateTime = DateTime.Now;
var currentUser = "";
PasswordConfigDTO objReturn = new PasswordConfigDTO();
using (var trans = _db.Database.BeginTransaction())
{
try
{
var objModel = new TCPasswordConfig();
objModel = _db.TCPasswordConfigs.FirstOrDefault();
objModel.pwc_user_min_char = model.pwc_user_min_char;
objModel.pwc_user_max_char = model.pwc_user_max_char;
objModel.pwc_min_char = model.pwc_min_char;
objModel.pwc_max_char = model.pwc_max_char;
objModel.pwc_lowwer_letter = model.pwc_lowwer_letter;
objModel.pwc_upper_letter = model.pwc_upper_letter;
objModel.pwc_number = model.pwc_number;
objModel.pwc_special_char = model.pwc_special_char;
objModel.pwc_max_invalid = model.pwc_max_invalid;
objModel.pwc_force_reset = model.pwc_force_reset;
objModel.pwc_session_timeout = model.pwc_session_timeout;
objModel.pwc_default_password = model.pwc_default_password;
objModel.pwc_updateuser = model.pwc_updateuser;
objModel.pwc_updatedate = currentDateTime;
currentUser = objModel.pwc_updateuser;
//_db.TCMenus.Update(objModel);
#region Save Log Process ...
_db.LogProcesss.Add(new LogProcess()
{
log_usr_id = currentUser,
log_mnu_id = _MenuCode,
log_mnu_name = "PasswordConfig",
log_tran_id = "",
log_action = "Update",
log_desc = "Update PasswordConfig",
log_createuser = currentUser,
log_createdate = currentDateTime
});
#endregion
_db.SaveChanges();
trans.Commit();
}
catch (Exception ex)
{
// TODO: Handle failure
trans.Rollback();
}
finally
{
trans.Dispose();
}
}
log.MethodFinish();
return(objReturn);
}
public ActionResult SetPassword(PasswordManagementModel objPwdMgmtModel)
{
bool bErrorOccurred = false;
string i_ErrorMessage = "";
string NewPassword = null;
InsiderTradingDAL.CompanyDTO objSelectedCompany = new CompanyDTO();
UserInfoDTO objUserInfoDTO = new UserInfoDTO();
LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
try
{
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
if (objPwdMgmtModel.CompanyID == null || objPwdMgmtModel.CompanyID == "")
{
i_ErrorMessage = "Company is required field.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
{
i_ErrorMessage = "Please enter new password and confirm password.";
bErrorOccurred = true;
}
else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
{
i_ErrorMessage = "New password and Confirm password are not matching.";
bErrorOccurred = true;
}
if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
{
Dictionary <string, string> objCompaniesDictionary = null;
objCompaniesDictionary = new Dictionary <string, string>();
using (CompaniesSL objCompanySL = new CompaniesSL())
{
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
{
objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower());
}
}
if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower()))
{
objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary
where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower()
select entry.Key).FirstOrDefault();
}
else
{
objLoginUserDetails.ErrorMessage = "Invalid Company Name";
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
}
}
//hashed password to check password history
InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
string saltValue = string.Empty;
if (objPwdMgmtModel.NewPassword != null)
{
//NewPassword = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
string sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
NewPassword = sPasswordHashWithSalt.Split('~')[0].ToString();
saltValue = sPasswordHashWithSalt.Split('~')[1].ToString();
}
using (CompaniesSL objCompanySL = new CompaniesSL())
{
objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID);
}
//Check if the new password follows Password policy
if (!bErrorOccurred)
{
Common.Common objCommon = new Common.Common();
PasswordManagementDTO objPasswordManagementUserFromHashCodeDTO = new PasswordManagementDTO();
using (UserInfoSL objUserInfoSL = new UserInfoSL())
{
objPasswordManagementUserFromHashCodeDTO = objUserInfoSL.GetUserFromHashCode(objSelectedCompany.CompanyConnectionString, objPwdMgmtModel.HashValue);
objUserInfoDTO = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPasswordManagementUserFromHashCodeDTO.UserInfoID);
}
bool isPasswordValid = objCommon.ValidatePassword(objSelectedCompany.CompanyConnectionString, objUserInfoDTO.LoginID, objPwdMgmtModel.NewPassword, NewPassword, objUserInfoDTO.UserInfoId, out i_ErrorMessage);
if (!isPasswordValid)
{
bErrorOccurred = true;
}
}
if (bErrorOccurred)
{
//ModelState.AddModelError("Error", i_ErrorMessage);
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
objLoginUserDetails.ErrorMessage = i_ErrorMessage;
objLoginUserDetails.CompanyName = objPwdMgmtModel.CompanyID;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
PasswordConfigSL objPassConfigSL = new PasswordConfigSL();
PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel);
TempData["PasswordConfigModel"] = objPassConfigModel;
return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
//return View("SetPassword", objPwdMgmtModel);
}
PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
if (objSelectedCompany == null)
{
objLoginUserDetails.ErrorMessage = "Entered company is incorrect, please enter correct company and try again.";
}
else
{
objPwdMgmtModel.NewPassword = NewPassword;
objPwdMgmtModel.ConfirmNewPassword = NewPassword;
objPwdMgmtModel.SaltValue = saltValue;
InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
using (UserInfoSL objUserInfoSL = new UserInfoSL())
{
objPwdMgmtDTO.UserInfoID = objUserInfoDTO.UserInfoId;
objUserInfoSL.ChangePassword(objSelectedCompany.CompanyConnectionString, ref objPwdMgmtDTO);
}
//InsiderTradingDAL.UserInfoDTO objUserInfo = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO.UserInfoID);
objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11271", objSelectedCompany.sCompanyDatabaseName);
}
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("Login", "Account"));
//return RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) });
}
catch (Exception exp)
{
string sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objSelectedCompany.sCompanyDatabaseName);
if (objLoginUserDetails == null)
{
objLoginUserDetails = new LoginUserDetails();
}
objLoginUserDetails.ErrorMessage = sErrMessage;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
return(RedirectToAction("Login", "Account"));
//ModelState.AddModelError("Error", sErrMessage);
//return View("SetPassword", objPwdMgmtModel);
}
finally
{
objLoginUserDetails = null;
}
}
public ActionResult Login()
{
LoginUserDetails objLoginUserDetails = null;
CompaniesSL objCompaniesSL = null;
List <InsiderTradingDAL.CompanyDTO> lstCompanies = null;
Dictionary <string, string> objCompaniesDictionary = null;
PasswordConfigDTO objPasswordConfig = null;
int loginCount = 0;
Session["TwoFactor"] = 0;
Session["IsOTPAuthPage"] = null;
try
{
//Clear browser cache
//Response.Cache.SetNoStore();
//Response.Cache.SetCacheability(HttpCacheability.NoCache);
//Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
//For company specific url.. auto fill company name
string ClientName = "";
string currentURL = HttpContext.Request.Url.AbsoluteUri;
int index = currentURL.IndexOf("//");
string RemoveProtocol = "";
RemoveProtocol = currentURL.Substring(index + 2);
ClientName = RemoveProtocol.Split('.')[0].ToLower();
if (ClientName == "axisbank")
{
ClientName = "axis bank";
}
Random random = new Random();
int num = random.Next();
Session["randomNumber"] = num;
if (ConfigurationManager.AppSettings["ActivateWaterMark"].ToString() == "true")
{
string DomainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName;
if (DomainName == ConfigurationManager.AppSettings["DomainName"])
{
ViewData["WaterMarkCompanyName"] = ConfigurationManager.AppSettings["WaterMarkTextForCompanyName"];
ViewData["WaterMarkLoginId"] = ConfigurationManager.AppSettings["WaterMarkTextForLoginId"];
ViewData["WaterMarkPassword"] = "******";
}
}
//set session validation value
Common.Common.SetSessionAndCookiesValidationValue(ConstEnum.SessionAndCookiesKeyBeforeLogin);
//create new cookies for login page
string cookies_value = Common.Common.GetSessionValue(ConstEnum.SessionValue.CookiesValidationKey).ToString();
//Response.Cookies.Add(new HttpCookie(ConstEnum.CookiesValue.ValidationCookies, cookies_value) { Path = Request.ApplicationPath /*, Expires = DateTime.Now.AddDays(1)*/ });
objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
//set session key to null
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, null);
using (objCompaniesSL = new CompaniesSL())
{
lstCompanies = objCompaniesSL.getAllCompanies(Common.Common.getSystemConnectionString());
objCompaniesDictionary = new Dictionary <string, string>();
//List<SelectListItem> lstCompaniesListBox = new List<SelectListItem>(); //commented unused variable
objCompaniesDictionary.Add("", "Select Company");
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in lstCompanies)
{
objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
}
if (objCompaniesDictionary.ContainsValue(ClientName.ToLower()))
{
ViewBag.URLCompanyName = ClientName;
}
else
{
ViewBag.URLCompanyName = "IgnoreCompanyName";
}
}
ViewBag.JavascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
ViewBag.CompaniesDropDown = objCompaniesDictionary;
if (objLoginUserDetails != null)
{
ViewBag.LoginError = objLoginUserDetails.ErrorMessage;
ViewBag.SuccessMessage = objLoginUserDetails.SuccessMessage;
}
else
{
ViewBag.LoginError = "";
}
}
catch (Exception exp)
{
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
}
finally
{
objLoginUserDetails = null;
lstCompanies = null;
}
return(View());
}
public async Task <ActionResult> Login(UserDetailsModel model)
{
LoginUserDetails objLoginUserDetails = null;
InsiderTradingEncryption.DataSecurity objPwdHash = null;
CompanyDTO objSelectedCompany = null;
DataSecurity objDataSecurity = new DataSecurity();
PasswordConfigDTO objPasswordConfig = null;
int loginCount = 0;
Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod());
bool IsEmailOTPActive = false;
try
{
Session["UserCaptchaText"] = (model.sCaptchaText == null) ? string.Empty : model.sCaptchaText;
TempData["ShowDupTransPopUp"] = 1;
objLoginUserDetails = new LoginUserDetails();
string formUsername = string.Empty;
string formPassword = string.Empty;
string formEncryptedUsername = string.Empty;
string formEncryptedPassword = string.Empty;
string sPasswordHash = string.Empty;
string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key;
string EncryptedRandomNo = string.Empty;
if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt))
{
objPwdHash = new InsiderTradingEncryption.DataSecurity();
formEncryptedUsername = model.sUserName;
formEncryptedPassword = model.sPassword;
formEncryptedUsername = DecryptStringAES(formEncryptedUsername, javascriptEncryptionKey, javascriptEncryptionKey);
formEncryptedPassword = DecryptStringAES(formEncryptedPassword, javascriptEncryptionKey, javascriptEncryptionKey);
EncryptedRandomNo = formEncryptedUsername.Split('~')[1].ToString();
if (EncryptedRandomNo != Convert.ToString(Session["randomNumber"]))
{
throw new System.Web.HttpException(401, "Unauthorized access");
}
formUsername = formEncryptedUsername.Split('~')[0].ToString();
formPassword = formEncryptedPassword.Split('~')[0].ToString();
}
else
{
Session["IsSSOActivated"] = "1";
formUsername = model.sUserName;
sPasswordHash = string.IsNullOrEmpty(model.sPassword) ? "" : model.sPassword;
}
using (CompaniesSL objCompanySL = new CompaniesSL())
{
if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
{
Dictionary <string, string> objCompaniesDictionary = null;
objCompaniesDictionary = new Dictionary <string, string>();
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
{
objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
}
if (objCompaniesDictionary.ContainsValue(model.sCompanyName.ToLower()))
{
model.sCompanyName = (from entry in objCompaniesDictionary
where entry.Value.ToLower() == model.sCompanyName.ToLower()
select entry.Key).FirstOrDefault();
}
else
{
objLoginUserDetails.ErrorMessage = "Invalid company name";
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile("Invalid company name");
Session["IsSSOActivated"] = null;
return(RedirectToAction("Login", "Account"));
}
}
objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), model.sCompanyName);
if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt))
{
string saltValue = string.Empty;
string calledFrom = "Login";
using (UserInfoSL ObjUserInfoSL = new UserInfoSL())
{
List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objSelectedCompany.CompanyConnectionString, formUsername, calledFrom);
foreach (var UserDetails in lstUserDetails)
{
saltValue = UserDetails.SaltValue;
}
}
using (TwoFactorAuthSL objIsOTPEnable = new TwoFactorAuthSL())
{
IsEmailOTPActive = objIsOTPEnable.CheckIsOTPActived(objSelectedCompany.CompanyConnectionString, formUsername);
}
string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue;
if (saltValue != null && saltValue != "")
{
sPasswordHash = objPwdHash.CreateHashToVerify(formPassword, usrSaltValue);
}
else
{
sPasswordHash = objPwdHash.CreateHash(formPassword, usrSaltValue);
}
}
objLoginUserDetails.UserName = formUsername;
objLoginUserDetails.Password = sPasswordHash;
objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString;
objLoginUserDetails.CompanyName = model.sCompanyName;
objLoginUserDetails.IsUserLogin = false; //this flag indicate that user is not yet login sucessfully
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
using (var objPassConfigSL = new PasswordConfigSL())
{
objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
loginCount = (Session["UserLgnCount"] == null) ? 0 : Convert.ToInt32(Session["UserLgnCount"].ToString());
TempData["ShowCaptcha"] = false;
if (loginCount >= (objPasswordConfig.LoginAttempts - 1))
{
TempData["ShowCaptcha"] = true;
Session["DisplayCaptcha"] = true;
}
if ((loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText == "") || loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText != Session["CaptchaValue"].ToString())
{
TempData["ShowCaptcha"] = true;
TempData["ErrorMessage"] = "Please provide valid text";
}
}
}
}
catch (Exception exp)
{
//If User is trying to login with a loginID which is being logged-in into the system. Then show the message and don't allow to login.
string sErrMessage = exp.Message;
objLoginUserDetails.ErrorMessage = sErrMessage;
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
Session["IsSSOActivated"] = null;
ClearAllSessions();
return(RedirectToAction("Login", "Account"));
}
finally
{
objLoginUserDetails = null;
objPwdHash = null;
objSelectedCompany = null;
}
if (IsEmailOTPActive)
{
Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
Session["TwoFactor"] = 1;
Session["IsOTPAuthPage"] = "TwoFactorAuthentication";
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
else
{
Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
Session["loginStatus"] = 1;
return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" }));
}
}
public void LoginUser(ActionExecutingContext filterContext)
{
DeleteCaptcha(filterContext);
LoginUserDetails objLoginUserDetails = null;
objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
AuthenticationDTO objAuthenticationDTO = new AuthenticationDTO();
objAuthenticationDTO.LoginID = objLoginUserDetails.UserName;
objAuthenticationDTO.Password = objLoginUserDetails.Password;
UserInfoDTO objUserAfterValidationObject = null;
UserInfoDTO objUserAunthentication = null;
PasswordConfigDTO objPasswordConfig = null;
List <string> lstAuthorizationActionLinks = null;
List <int> lstAuthorisedActionId = null;
List <ActivityResourceMappingDTO> lstActivityResourceMappingDTO = null;
Dictionary <string, List <ActivityResourceMappingDTO> > dicActivityResourceMappingDTO = null;
int loginCount = 0;
bool lockFlag = false;
bool flag = false;
objAuthenticationDTO.Password = null;
objLoginUserDetails.Password = null;
objLoginUserDetails.IsAccountValidated = true;
objLoginUserDetails.ErrorMessage = "";
UserInfoSL objUserInfoSL = new UserInfoSL();
//Load the action permissions in the session object for to be used when checking authorization
objUserAunthentication = objUserInfoSL.GetUserAuthencticationDetails(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName);
filterContext.HttpContext.Session["GUIDSessionID"] = HttpContext.Current.Request.Cookies.Get("v_au").Value + objUserAunthentication.UserInfoId;
objLoginUserDetails.LoggedInUserID = objUserAunthentication.UserInfoId;
objLoginUserDetails.EmailID = objUserAunthentication.EmailId;
objLoginUserDetails.FirstName = objUserAunthentication.FirstName;
objLoginUserDetails.LastName = objUserAunthentication.LastName;
objUserInfoSL.GetLoginUserApplicableActions(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.LoggedInUserID.ToString(),
out lstAuthorizationActionLinks, out lstAuthorisedActionId);
objLoginUserDetails.AuthorizedActions = lstAuthorizationActionLinks;
lstAuthorisedActionId.Add(0);
objLoginUserDetails.AuthorisedActionId = lstAuthorisedActionId;
objLoginUserDetails.CompanyLogoURL = objUserAunthentication.CompanyLogoURL;
objLoginUserDetails.UserTypeCodeId = Convert.ToInt32(objUserAunthentication.UserTypeCodeId);
objLoginUserDetails.LastLoginTime = objUserAunthentication.LastLoginTime;
objLoginUserDetails.DateOfBecomingInsider = objUserAunthentication.DateOfBecomingInsider;
using (var objActivitySL = new ActivitySL())
{
lstActivityResourceMappingDTO = objActivitySL.GetActivityResourceMappingDetails(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.LoggedInUserID);
}
dicActivityResourceMappingDTO = new Dictionary <string, List <ActivityResourceMappingDTO> >();
foreach (var objActivityResourceDTO in lstActivityResourceMappingDTO)
{
if (!dicActivityResourceMappingDTO.ContainsKey(objActivityResourceDTO.ColumnName))
{
dicActivityResourceMappingDTO.Add(objActivityResourceDTO.ColumnName, new List <ActivityResourceMappingDTO>());
}
dicActivityResourceMappingDTO[objActivityResourceDTO.ColumnName].Add(objActivityResourceDTO);
}
objLoginUserDetails.ActivityResourceMapping = dicActivityResourceMappingDTO;
objLoginUserDetails.DocumentDetails = new Dictionary <string, DocumentDetailsDTO>();
//set login user details into session
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile("Update session with login user details ", System.Reflection.MethodBase.GetCurrentMethod());
//This will update the login time for the user. So this should be done after setting the Lastlogin time in the session object.
objUserInfoSL.UpdateUserLastLoginTime(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName);
// user is login sucessfully, set validation value set in session and cookies to indicate user is login
Common.Common.SetSessionAndCookiesValidationValue(objLoginUserDetails.UserName);//set session validation keys
Common.Common.WriteLogToFile("Set login user name into session and cookies values", System.Reflection.MethodBase.GetCurrentMethod());
//get new cookies value after login
//string cookies_value = Common.Common.GetSessionValue(ConstEnum.SessionValue.CookiesValidationKey).ToString();
//set cookies
//filterContext.HttpContext.Response.Cookies[ConstEnum.CookiesValue.ValidationCookies].Value = cookies_value;
//filterContext.HttpContext.Response.Cookies[ConstEnum.CookiesValue.ValidationCookies].Path = HttpContext.Current.Request.ApplicationPath;
using (SessionManagement sessionManagement = new SessionManagement())
{
sessionManagement.CheckCookiesSessions(objLoginUserDetails, true, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, string.Empty);
sessionManagement.BindCookiesSessions(objLoginUserDetails, true, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, string.Empty);
}
Common.Common.WriteLogToFile("Set cookies to response to send back to browser ", System.Reflection.MethodBase.GetCurrentMethod());
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//filterContext.HttpContext.Session["GUIDSessionID"] = HttpContext.Current.Request.Cookies.Get("v_au").Value;
if (filterContext.HttpContext.Session["loginStatus"] != null)
{
loginStatusFlag = filterContext.HttpContext.Session["loginStatus"].ToString();
}
if (filterContext.HttpContext.Session["TwoFactor"] != null)
{
callForTwoFactor = filterContext.HttpContext.Session["TwoFactor"].ToString();
}
if (loginStatusFlag == "1")
{
if (filterContext.HttpContext.Session["CaptchaValue"] != null)
{
ActualText = filterContext.HttpContext.Session["CaptchaValue"].ToString();
}
else
{
ActualText = string.Empty;
}
if (filterContext.HttpContext.Session["SerCaptchaPath"] != null)
{
CaptchaDirServerPath = filterContext.HttpContext.Session["SerCaptchaPath"].ToString();
}
else
{
CaptchaDirServerPath = string.Empty;
}
}
bool bReturn = false;
LoginUserDetails objLoginUserDetails = null;
AuthenticationDTO objAuthenticationDTO = null;
UserInfoDTO objUserAfterValidationObject = null;
UserInfoDTO objUserAunthentication = null;
PasswordConfigDTO objPasswordConfig = null;
List <string> lstAuthorizationActionLinks = null;
List <int> lstAuthorisedActionId = null;
List <ActivityResourceMappingDTO> lstActivityResourceMappingDTO = null;
Dictionary <string, List <ActivityResourceMappingDTO> > dicActivityResourceMappingDTO = null;
int loginCount = 0;
bool lockFlag = false;
bool flag = false;
Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod());
try
{
objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
if (objLoginUserDetails != null)
{
//If IsAccountValidated is true in session abject then again it is not checked and only activity aauthorization
//is checked.
if (!objLoginUserDetails.IsAccountValidated)
{
objAuthenticationDTO = new AuthenticationDTO();
objAuthenticationDTO.LoginID = objLoginUserDetails.UserName;
objAuthenticationDTO.Password = objLoginUserDetails.Password;
//string sEncryptedPassword = "";
//Common.Common.encryptData(objAuthenticationDTO.Password, out sEncryptedPassword);
//objAuthenticationDTO.Password = sEncryptedPassword;
objUserAfterValidationObject = new UserInfoDTO();
using (var objUserInfoSL = new UserInfoSL())
{
if (objLoginUserDetails.CompanyDBConnectionString != null)
{
bReturn = objUserInfoSL.ValidateUser(objLoginUserDetails.CompanyDBConnectionString, objAuthenticationDTO, ref objUserAfterValidationObject);
Common.Common.WriteLogToFile("Validated User ", System.Reflection.MethodBase.GetCurrentMethod());
}
if (bReturn)
{
lstAuthorizationActionLinks = new List <string>();
lstAuthorisedActionId = new List <int>();
if (objUserAfterValidationObject.StatusCodeId == ConstEnum.UserStatus.Inactive)
{
string sErrMessage = Common.Common.getResourceForGivenCompany("usr_msg_11274", objLoginUserDetails.CompanyName);
if (sErrMessage == null || sErrMessage == "")
{
sErrMessage = "Your account has been inactivated. Please contact the Administrator.";
}
objLoginUserDetails = new LoginUserDetails();
objLoginUserDetails.AuthorisedActionId = lstAuthorisedActionId;
objLoginUserDetails.AuthorizedActions = lstAuthorizationActionLinks;
objLoginUserDetails.ErrorMessage = sErrMessage;
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
else
{
if (callForTwoFactor != "1")
{
string UsrCaptchaText = filterContext.HttpContext.Session["UserCaptchaText"].ToString();
if (ActualText == string.Empty || ActualText == UsrCaptchaText)
{
LoginUser(filterContext);
}
else
{
DeleteCaptcha(filterContext);
CaptchaValidation(filterContext);
}
}
}
}
}
}
if (objLoginUserDetails.IsAccountValidated && !checkActionAuthorization(filterContext, objLoginUserDetails))
{
//If the request is from the Renderaction call and there is unauthorised access then dont redirect the request.
if (filterContext.HttpContext.PreviousHandler != null && filterContext.HttpContext.PreviousHandler is MvcHandler)
{
}
else
{
// filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, { "action", "Unauthorised" } });
}
}
}
else
{
Common.Common.WriteLogToFile("User is not login ", System.Reflection.MethodBase.GetCurrentMethod());
objLoginUserDetails = new LoginUserDetails();
objLoginUserDetails.ErrorMessage = "";
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
}
catch (Exception exp)
{
using (var objPassConfigSL = new PasswordConfigSL())
{
if (objLoginUserDetails.CompanyDBConnectionString != null)
{
objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString);
int count = (Convert.ToInt16(Common.Common.GetSessionValue("LoginCount")) == 0) ? loginCount : Convert.ToInt16(Common.Common.GetSessionValue("LoginCount"));
if (count < objPasswordConfig.LoginAttempts)
{
count++;
Common.Common.SetSessionValue("LoginCount", count);
filterContext.HttpContext.Session["UserLgnCount"] = count;
if (count >= objPasswordConfig.LoginAttempts)
{
DeleteCaptcha(filterContext);
CaptchaValidation(filterContext);
}
}
else
{
DeleteCaptcha(filterContext);
CaptchaValidation(filterContext);
}
}
}
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
// string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString());
// objLoginUserDetails.ErrorMessage = sErrMessage;
string sErrMessage = "";
if (exp.InnerException != null)
{
sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objLoginUserDetails.CompanyName);
}
else
{
sErrMessage = exp.Message;
}
if (sErrMessage == null || sErrMessage == "")
{
sErrMessage = "Invalid details entered, please try again with correct details.";
}
if (Convert.ToBoolean(Common.Common.GetSessionValue("flag")) == true)
{
sErrMessage = "Your account has been locked. Please contact the Administrator.";
}
objLoginUserDetails = new LoginUserDetails();
objLoginUserDetails.ErrorMessage = sErrMessage;
objLoginUserDetails.IsAccountValidated = false;
if (exp.Message != Common.Common.getResource("com_lbl_14027"))
{
using (SessionManagement sessionManagement = new SessionManagement())
{
//sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT");
sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT");
}
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
else if (exp.Message.ToString().Equals(Common.Common.getResource("com_lbl_14027")) &&
HttpContext.Current.Request.Cookies["v_au2"] != null &&
HttpContext.Current.Request.Cookies["v_au2"].Value != "")
{
using (SessionManagement sessionManagement = new SessionManagement())
{
string decrypteddata = null;
Common.Common.dencryptData(HttpContext.Current.Request.Cookies["v_au2"].Value, out decrypteddata);
string strCookieName = (false ? string.Empty : decrypteddata + '~' + DateTime.Now.DayOfWeek.ToString().ToUpper());
UserInfoSL objUserInfoSL = new UserInfoSL();
InsiderTradingDAL.SessionDetailsDTO objSessionDetailsDTO = null;
LoginUserDetails loginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
objSessionDetailsDTO = objUserInfoSL.GetCookieStatus(loginUserDetails.CompanyDBConnectionString, loginUserDetails.LoggedInUserID, Convert.ToString(strCookieName), false, false);
if (objSessionDetailsDTO != null)
{
//sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "");
sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "");
objLoginUserDetails.ErrorMessage = string.Empty;
objLoginUserDetails.IsAccountValidated = true;
}
else
{
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
}
}
}
finally
{
filterContext.HttpContext.Session["loginStatus"] = 0;
objLoginUserDetails = null;
objAuthenticationDTO = null;
objUserAfterValidationObject = null;
lstAuthorizationActionLinks = null;
lstAuthorisedActionId = null;
lstActivityResourceMappingDTO = null;
dicActivityResourceMappingDTO = null;
objUserAunthentication = null;
}
Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
base.OnActionExecuting(filterContext);
}
