public ActionResult Login(Store.Data.User user)
{
using (MyDataEntities db = new MyDataEntities())
{
//Check to see that the UserName matches a User and that the Password matches that User
if (manager.AuthenticateUser(user.UserName, user.Password))
{
//AUTHORIZATION USING COOKIES
//--------------------------------------------------------------
int timeout = 100;
var ticket = new FormsAuthenticationTicket(1, user.UserID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(20),
false, user.UserName.ToString(), FormsAuthentication.FormsCookiePath);
string encrypt = FormsAuthentication.Encrypt(ticket);
FormsAuthentication.SetAuthCookie(user.UserName, false);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypt);
cookie.Expires = DateTime.Now.AddMinutes(timeout);
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
//--------------------------------------------------------------
//Makes sure that the UserNames match and create a variable to hold the user in question
var usr = db.Users.Where(U => U.UserName == user.UserName).FirstOrDefault();
Session["UserID"] = usr.UserID.ToString();
Session["UserName"] = usr.UserName.ToString();
if (usr.IsAdmin == true)
{
Session["IsAdmin"] = 1;
}
else
{
Session["IsAdmin"] = 0;
}
//Create a list of the user's ShoppingCartProducts in order to find the total quantity of items
int temp = Convert.ToInt32(Session["UserID"].ToString());
var productList = db.ShoppingCartProducts.Where(a => a.ShoppingCartID == temp);
int quan = 0;
foreach (var item in productList)
{
quan += item.Quantity;
}
//Set the Session variable Quantity to the found value.
Session["Quantity"] = quan;
//Redirect the now logged in user back to the Homepage
return(Redirect("~/Home/Index"));
}
else
{
ModelState.AddModelError("", "Username or Password is incorrect");
}
}
return(View());
}
//TEST: SQLSECURITYMANAGER_AUTHENTICATEUSER_TEST
//Test the functionality of the SqlSecurityManager AuthenticateUser method using test data.
public void SqlSecurityManager_AuthenticateUser_Test()
{
SqlSecurityManager manager = new SqlSecurityManager();
//ARRANGE
//These parameters refer to the test user that we created in SqlSecurityManager_RegisterUser
string username = "******";
string password = "******";
bool result;
//ACT
result = manager.AuthenticateUser(username, password);
//ASSERT
Assert.IsNotNull(result);
Assert.IsTrue(result);
}
//TEST: SQLSECURITYMANAGER_AUTHENTICATEUSER_FAILURETEST
//Test the functionality of the SqlSecurityManager AuthenticateUser method when using unintended test data.
//Uses a wrong password to show that if the username and/or password are wrong then AuthenticateUser() will return false
public void SqlSecurityManager_AuthenticateUser_FAILURETest()
{
SqlSecurityManager manager = new SqlSecurityManager();
//ARRANGE
//Login parameters
string username = "******";
//Wrong Password
string password = "******";
bool result;
//ACT
result = manager.AuthenticateUser(username, password);
//ASSERT
Assert.IsNotNull(result);
Assert.IsFalse(result);
}