protected void Page_Load(object sender, EventArgs e)
{
// Keep redirect
if (Request.Url.LocalPath != "/PasswordExpired.aspx")
{
{
if (Session["UserEmail"] != null)
{
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
var current_user = client.GetOneUser(Session["UserEmail"].ToString());
if (current_user.PasswordAge < DateTime.Now)
{
if (Request.Url.LocalPath != "/ChangePassword.aspx")
{
Response.Redirect("PasswordExpired.aspx");
}
}
else
{
//Response.Write(current_user.PasswordAge + "Foo");
}
}
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["UserEmail"] == null)
{
Response.Redirect("~/Login.aspx");
}
else
{
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
var current_user = client.GetOneUser(Session["UserEmail"].ToString());
var fn = current_user.FirstName;
var ln = current_user.LastName;
lbl_userPageTitle.Text = $"Welcome {fn} {ln}";
}
}
protected void btn_login_Click(object sender, EventArgs e)
{
// First Layer, check if attempts more than 3 for current session
// Second Layer, check if the account is locked
// Get our DB service
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
if (ValidateCaptcha_v3())
{
// If Login Attempt < 3
if (Convert.ToInt32(Session["LoginAttempts"]) < 3)
{
string email = HttpUtility.HtmlEncode(tb_email.Text.ToString().Trim());
string pwd = HttpUtility.HtmlEncode(tb_password.Text.ToString().Trim());
SHA512Managed hashing = new SHA512Managed();
string dbHash = client.getDBHash(email);
string dbSalt = client.getDBSalt(email);
try
{
if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
{
string pwdWithSalt = pwd + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
string userHash = Convert.ToBase64String(hashWithSalt);
if (userHash.Equals(dbHash))
{
if (client.GetOneUser(email).AccountLockExpiry < DateTime.Now)
{
client.RemoveAccountLockOut(email);
Session["UserEmail"] = email;
// Create a new GUID and save into the session
string guidToken = Guid.NewGuid().ToString();
Session["AuthCookie"] = guidToken;
// now create a new cookie with this guid value
Response.Cookies.Add(new HttpCookie("AuthCookie", guidToken));
Response.Redirect("UserPage.aspx", false);
}
else
{
lbl_loginErrMsg.Text = $"Your account has been temporarily locked due to multiple failed attempts,\n It will be available after {client.GetOneUser(email).AccountLockExpiry}";
lbl_loginErrMsg.ForeColor = System.Drawing.Color.Red;
}
}
else
{
// When password is wrong, but we still provide a generic error message
lbl_loginErrMsg.Text = "Invalid Email or Password";
lbl_loginErrMsg.ForeColor = System.Drawing.Color.Red;
Session["LoginAttempts"] = Convert.ToInt32(Session["LoginAttempts"]) + 1;
}
}
else
{
// When email is wrong
lbl_loginErrMsg.Text = "Invalid Email or Password";
lbl_loginErrMsg.ForeColor = System.Drawing.Color.Red;
Session["LoginAttempts"] = Convert.ToInt32(Session["LoginAttempts"]) + 1;
//Response.Write(Session["LoginAttempts"].ToString());
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally { }
}
// When there is no more login attempts available
else
{
lbl_loginErrMsg.Text = "You are temporarily locked from accessing the login system due to multiple failed attempts, try again later.";
var search_user = client.GetOneUser(tb_email.Text.Trim());
if (search_user != null)
{
client.SetAccountLockOut(search_user.Email);
//Response.Write($"SET LOG OUT FOR {search_user.FirstName} {search_user.LastName} {search_user.AccountLocked} {search_user.AccountLockExpiry}");
}
}
}
else
{
lbl_captchaScore.Text = "You did not pass the captcha validation";
}
}
protected void btn_submitChangePwd_Click(object sender, EventArgs e)
{
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
var current_user = client.GetOneUser(Session["UserEmail"].ToString());
var new_password = HttpUtility.HtmlEncode(tb_changePwd.Text.Trim());
var pwdStrength = checkPassword(new_password);
if (pwdStrength != 5)
{
checkPasswordFeedback(new_password);
}
else
{
salt = current_user.PasswordSalt;
SHA512Managed hashing = new SHA512Managed();
string new_pwdWithSalt = new_password + salt;
byte[] newhashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(new_pwdWithSalt));
var new_finalHash = Convert.ToBase64String(newhashWithSalt);
// If new password match old password
if (new_finalHash == current_user.PasswordHash)
{
lbl_resultMsg.Text = "Error, input same as your current password";
lbl_resultMsg.ForeColor = Color.Red;
return;
}
if (current_user.PasswordChangeCoolDown > DateTime.Now)
{
lbl_resultMsg.Text = "Error, you are not allowed to change passwords repeatedly in a short span of time";
lbl_resultMsg.ForeColor = Color.Red;
return;
}
else
{
// Test whether the salt value are the same
/* lbl_resultMsg.Text = $"{new_finalHash} | {current_user.PasswordHash}";
* lbl_resultMsg.ForeColor = Color.Red;*/
if (new_finalHash == current_user.PasswordHash_1 || new_finalHash == current_user.PasswordHash_2)
{
lbl_resultMsg.Text = "Error, you are not allowed to reuse recent passwords";
lbl_resultMsg.ForeColor = Color.Red;
}
else
{
client.ChangePassword(current_user.Email, new_finalHash, current_user.PasswordHash, current_user.PasswordHash_1, current_user.PasswordHash_2);
lbl_resultMsg.Text = "Password changed successfully";
lbl_resultMsg.ForeColor = Color.Green;
}
}
}
}
