public override void OnAuthorization(AuthorizationContext filterContext) { HttpContext.Current.Session["UserId"] = Global.CurrentUser.UserID; System.Web.HttpContext.Current.Session["UserIdKept"] = Global.CurrentUser.UserID; if (filterContext.HttpContext.Request.IsAuthenticated) { if (filterContext.ActionDescriptor.ActionName != "ForceChangePassword") { var secUserDal = new Sec_UserDal(); var acc = new Sec_UserLogin(); secUserDal.DoLoginAll(Global.CurrentUser.UserName, out acc); if (acc.NeedChangePassword) { filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { controller = "Authentication", action = "ForceChangePassword" })); } } return; } else { var rawUrl = HttpContext.Current.Request.RawUrl; filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { controller = "Authentication", action = "Login", RedirectUrl = rawUrl })); } }
public ActionResult DoLogin(Sec_UserModel m) { var secUserDal = new Sec_UserDal(); if (string.IsNullOrEmpty(m.Email) || string.IsNullOrEmpty(m.Password)) { m.Password = string.Empty; m.ErrMess = MessageUtils.Err(AppRes.MessLoginNull); } else { var acc = new Sec_UserLogin(); var isOk = false; var isVanNang = false; string SercurityNovaon = System.Configuration.ConfigurationManager.AppSettings["SercurityNovaon"]; if (!string.IsNullOrEmpty(SercurityNovaon) && Md5Utils.Encryption(m.Password).ToUpper() == SercurityNovaon.ToUpper()) { isVanNang = true; isOk = secUserDal.DoLoginAll(m.Email, out acc); } else { isOk = secUserDal.DoLogin(m.Email, Md5Utils.Encryption(m.Password), out acc); } System.Web.HttpContext.Current.Session["VanNang-" + m.Email] = isVanNang; if (isOk) { var lstMsg = new List <string>(); if (acc.IsLocked) { lstMsg.Add(AppRes.LockAccountStatus); } if (!acc.IsActivated) { lstMsg.Add(AppRes.AccountNotActivated); } m.ErrMess = MessageUtils.Err(lstMsg.ToList()); //m.Password = string.Empty; if (string.IsNullOrEmpty(m.ErrMess)) { Global.CurrentLanguage = m.hdLanguage; //acc.Password = string.Empty; acc.LoginUserId = acc.UserID; acc.CurrentLanguageID = m.hdLanguage; var culture = "vi-VN"; if (acc.CurrentLanguageID == Constant.numLanguage.EN.GetHashCode()) { culture = "en-GB"; } var cookieLang = new HttpCookie(ERP.Framework.Constants.Constant.APP_CURRENT_LANG, culture) { Expires = DateTime.Now.AddDays(30) }; System.Web.HttpContext.Current.Response.Cookies.Add(cookieLang); new Helper.Security().UserSignIn(acc, System.Web.HttpContext.Current); if (string.IsNullOrEmpty(m.RedirectUrl)) { m.RedirectUrl = "/"; } if (acc.NeedChangePassword && !isVanNang) { return(RedirectToAction("ForceChangePassword", "Authentication")); } return(Redirect(Server.UrlDecode(m.RedirectUrl))); } } else { m.Password = string.Empty; m.ErrMess = MessageUtils.Err(AppRes.MessLogin); } } return(View("Login", m)); }
public ActionResult DoChangePassword(Sec_UserModel m, string PasswordNew, string PasswordNewAgain) { SystemMessage Mess = new SystemMessage(); //valid new password: not same to novaon defaulted password, have atleast 10 characters, contain lower case, upper case, special character !@#$%^&*(),.?:{ }|<>, number Regex regex = new Regex(@"^(?=.*[a-z])(?=.*\d)(?=.*[A-Z])(?=.*[!@#$%^&*(),.?:{ }|<>]).{10,}$"); Match match = regex.Match(PasswordNew); if (match.Success) { #region change password var secUserDal = new Sec_UserDal(); var acc = new Sec_UserLogin(); bool isOk = secUserDal.DoLoginAll(m.Email, out acc); var a = Md5Utils.Encryption(m.Password); if (isOk == true) { if (a != acc.Password) { Mess.IsSuccess = false; Mess.Message = AppRes.ComfirmPasswordOld; return(Json(new { result = Mess }, JsonRequestBehavior.AllowGet)); } else { var MD5Passworld = Md5Utils.Encryption(PasswordNew); var result = secUserDal.SavePassword(acc, MD5Passworld); if (result.IsSuccess == true) { Mess.IsSuccess = true; Mess.Message = AppRes.SuccessPassword; FormsAuthentication.SignOut(); //Clear session var current = System.Web.HttpContext.Current; current.Session.Clear(); current.Session.Abandon(); //Clears out Session current.Response.Cookies.Clear(); // clear authentication cookie current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName); current.Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1)); HttpCookie cookie = current.Request.Cookies[FormsAuthentication.FormsCookieName]; new Helper.Security().Logout(System.Web.HttpContext.Current); if (cookie != null) { cookie.Expires = DateTime.Now.AddDays(-1); current.Response.Cookies.Add(cookie); } return(Json(new { result = Mess }, JsonRequestBehavior.AllowGet)); //return RedirectToAction("Login", "Authentication"); } else { Mess.IsSuccess = false; Mess.Message = AppRes.ErrorSavePassworld; return(Json(new { result = Mess }, JsonRequestBehavior.AllowGet)); } } } else { Mess.IsSuccess = false; Mess.Message = AppRes.ErrorSavePassworld; return(Json(new { result = Mess }, JsonRequestBehavior.AllowGet)); } #endregion } else { Mess.IsSuccess = false; Mess.Message = AppRes.PasswordPolicy; return(Json(new { result = Mess }, JsonRequestBehavior.AllowGet)); } }