public async Task <ActionResult> Login(UserDetailsModel model) { LoginUserDetails objLoginUserDetails = null; InsiderTradingEncryption.DataSecurity objPwdHash = null; CompanyDTO objSelectedCompany = null; DataSecurity objDataSecurity = new DataSecurity(); PasswordConfigDTO objPasswordConfig = null; int loginCount = 0; Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod()); bool IsEmailOTPActive = false; try { Session["UserCaptchaText"] = (model.sCaptchaText == null) ? string.Empty : model.sCaptchaText; TempData["ShowDupTransPopUp"] = 1; objLoginUserDetails = new LoginUserDetails(); string formUsername = string.Empty; string formPassword = string.Empty; string formEncryptedUsername = string.Empty; string formEncryptedPassword = string.Empty; string sPasswordHash = string.Empty; string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key; string EncryptedRandomNo = string.Empty; if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt)) { objPwdHash = new InsiderTradingEncryption.DataSecurity(); formEncryptedUsername = model.sUserName; formEncryptedPassword = model.sPassword; formEncryptedUsername = DecryptStringAES(formEncryptedUsername, javascriptEncryptionKey, javascriptEncryptionKey); formEncryptedPassword = DecryptStringAES(formEncryptedPassword, javascriptEncryptionKey, javascriptEncryptionKey); EncryptedRandomNo = formEncryptedUsername.Split('~')[1].ToString(); if (EncryptedRandomNo != Convert.ToString(Session["randomNumber"])) { throw new System.Web.HttpException(401, "Unauthorized access"); } formUsername = formEncryptedUsername.Split('~')[0].ToString(); formPassword = formEncryptedPassword.Split('~')[0].ToString(); } else { Session["IsSSOActivated"] = "1"; formUsername = model.sUserName; sPasswordHash = string.IsNullOrEmpty(model.sPassword) ? "" : model.sPassword; } using (CompaniesSL objCompanySL = new CompaniesSL()) { if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox") { Dictionary <string, string> objCompaniesDictionary = null; objCompaniesDictionary = new Dictionary <string, string>(); foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString())) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName); } if (objCompaniesDictionary.ContainsValue(model.sCompanyName.ToLower())) { model.sCompanyName = (from entry in objCompaniesDictionary where entry.Value.ToLower() == model.sCompanyName.ToLower() select entry.Key).FirstOrDefault(); } else { objLoginUserDetails.ErrorMessage = "Invalid company name"; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Invalid company name"); Session["IsSSOActivated"] = null; return(RedirectToAction("Login", "Account")); } } objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), model.sCompanyName); if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt)) { string saltValue = string.Empty; string calledFrom = "Login"; using (UserInfoSL ObjUserInfoSL = new UserInfoSL()) { List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objSelectedCompany.CompanyConnectionString, formUsername, calledFrom); foreach (var UserDetails in lstUserDetails) { saltValue = UserDetails.SaltValue; } } using (TwoFactorAuthSL objIsOTPEnable = new TwoFactorAuthSL()) { IsEmailOTPActive = objIsOTPEnable.CheckIsOTPActived(objSelectedCompany.CompanyConnectionString, formUsername); } string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue; if (saltValue != null && saltValue != "") { sPasswordHash = objPwdHash.CreateHashToVerify(formPassword, usrSaltValue); } else { sPasswordHash = objPwdHash.CreateHash(formPassword, usrSaltValue); } } objLoginUserDetails.UserName = formUsername; objLoginUserDetails.Password = sPasswordHash; objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString; objLoginUserDetails.CompanyName = model.sCompanyName; objLoginUserDetails.IsUserLogin = false; //this flag indicate that user is not yet login sucessfully Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); using (var objPassConfigSL = new PasswordConfigSL()) { objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString); loginCount = (Session["UserLgnCount"] == null) ? 0 : Convert.ToInt32(Session["UserLgnCount"].ToString()); TempData["ShowCaptcha"] = false; if (loginCount >= (objPasswordConfig.LoginAttempts - 1)) { TempData["ShowCaptcha"] = true; Session["DisplayCaptcha"] = true; } if ((loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText == "") || loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText != Session["CaptchaValue"].ToString()) { TempData["ShowCaptcha"] = true; TempData["ErrorMessage"] = "Please provide valid text"; } } } } catch (Exception exp) { //If User is trying to login with a loginID which is being logged-in into the system. Then show the message and don't allow to login. string sErrMessage = exp.Message; objLoginUserDetails.ErrorMessage = sErrMessage; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); Session["IsSSOActivated"] = null; ClearAllSessions(); return(RedirectToAction("Login", "Account")); } finally { objLoginUserDetails = null; objPwdHash = null; objSelectedCompany = null; } if (IsEmailOTPActive) { Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); Session["TwoFactor"] = 1; Session["IsOTPAuthPage"] = "TwoFactorAuthentication"; return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } else { Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); Session["loginStatus"] = 1; return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" })); } }
public ActionResult ChangePassword(int formId, int acid, PasswordManagementModel objPwdMgmtModel) { bool bErrorOccurred = false; string i_ErrorMessage = ""; LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO(); PasswordConfigModel objPassConfigModel = new PasswordConfigModel(); UserInfoSL objUserInfoSL = new UserInfoSL(); UserPolicyDocumentEventLogDTO objChangePasswordEventLogDTO = null; PasswordExpiryReminderDTO objPassExpiryReminderDTO = null; InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity(); try { DataSecurity objDataSecurity = new DataSecurity(); string sOldPassword = string.Empty; string sNewPassword = string.Empty; string sConfirmNewPassword = string.Empty; string sPasswordHash = string.Empty; string sPasswordHashWithSalt = string.Empty; string sSaltValue = string.Empty; string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key; if (objPwdMgmtModel.OldPassword == null || objPwdMgmtModel.OldPassword == "" || objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "") { i_ErrorMessage = "All fields are required fields."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "") { i_ErrorMessage = "Please enter new password and confirm new password."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword) { i_ErrorMessage = "New password and Confirm password are not matching."; bErrorOccurred = true; } else if (objPwdMgmtModel.OldPassword == objPwdMgmtModel.NewPassword) { i_ErrorMessage = "New password should not be same as old password."; bErrorOccurred = true; } else if (!string.IsNullOrEmpty(objPwdMgmtModel.OldPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.NewPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.ConfirmNewPassword)) { sOldPassword = DecryptStringAES(objPwdMgmtModel.OldPassword, javascriptEncryptionKey, javascriptEncryptionKey); sNewPassword = DecryptStringAES(objPwdMgmtModel.NewPassword, javascriptEncryptionKey, javascriptEncryptionKey); sConfirmNewPassword = DecryptStringAES(objPwdMgmtModel.ConfirmNewPassword, javascriptEncryptionKey, javascriptEncryptionKey); sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(sNewPassword); sPasswordHash = sPasswordHashWithSalt.Split('~')[0].ToString(); sSaltValue = sPasswordHashWithSalt.Split('~')[1].ToString(); } //Check if the new password follows Password policy if (!bErrorOccurred) { Common.Common objCommon = new Common.Common(); bool isPasswordValid = objCommon.ValidatePassword(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName, sNewPassword, sPasswordHash, objLoginUserDetails.LoggedInUserID, out i_ErrorMessage); if (!isPasswordValid) { bErrorOccurred = true; } } if (bErrorOccurred) { ViewBag.LoginError = i_ErrorMessage; return(View("ChangePassword")); } objPwdMgmtModel.UserInfoID = objLoginUserDetails.LoggedInUserID; string saltValue = string.Empty; string calledFrom = "ChangPwd"; using (UserInfoSL ObjUserInfoSL = new UserInfoSL()) { List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objLoginUserDetails.CompanyDBConnectionString, Convert.ToString(objLoginUserDetails.LoggedInUserID), calledFrom); foreach (var UserDetails in lstUserDetails) { saltValue = UserDetails.SaltValue; } } string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue; if (saltValue != null && saltValue != "") { objPwdMgmtModel.OldPassword = objPwdHash.CreateHashToVerify(sOldPassword, usrSaltValue); } else { objPwdMgmtModel.OldPassword = objPwdHash.CreateHash(sOldPassword, usrSaltValue); } objPwdMgmtModel.NewPassword = sPasswordHash; objPwdMgmtModel.ConfirmNewPassword = sPasswordHash; objPwdMgmtModel.SaltValue = sSaltValue; InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO); objUserInfoSL.ChangePassword(objLoginUserDetails.CompanyDBConnectionString, ref objPwdMgmtDTO); objLoginUserDetails.PasswordChangeMessage = Common.Common.getResource("usr_msg_11271"); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.SetSessionValue("IsChangePassword", false); } catch (Exception exp) { string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString()); ViewBag.LoginError = sErrMessage; objPassConfigModel = GetPasswordConfigDetails(); return(View("ChangePassword")); } finally { objLoginUserDetails = null; objPwdMgmtDTO = null; objUserInfoSL = null; objPwdHash = null; } return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) })); }