//----------------------------------------------------------------------------------------------------------------------------------------------------------- //Create as a static method so this can be called using // just the class name (no object instance is required). // It simplifies other code because it will always return // the single instance of this class, either newly created // or from the session public static MGLSessionSecurityInterface Instance() { MGLSessionSecurityInterface seshSingleton = null; try { if (System.Web.HttpContext.Current != null && System.Web.HttpContext.Current.Session != null) { if (null == System.Web.HttpContext.Current.Session[SESSION_SINGLETON]) { //No current session object exists, use private constructor to // create an instance, place it into the session seshSingleton = new MGLSessionSecurityInterface(); System.Web.HttpContext.Current.Session[SESSION_SINGLETON] = seshSingleton; } else { //Retrieve the already instance that was already created seshSingleton = (MGLSessionSecurityInterface)System.Web.HttpContext.Current.Session[SESSION_SINGLETON]; } } } catch (Exception ex) { Logger.LogError(7, "MGLSessionSecurityInterface crashed when access was attempted: " + ex.ToString()); } return(seshSingleton); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- // public bool Login( User user, string password) { public string LoginError() { return(MGLSessionSecurityInterface.Instance().SecurityError); //string loginError = "Invalid username or password."; //if (userName != null) { // User user = GetUser(userName); // // check the number of logins has not been exceeded // if (user != null && user.IsLockedOut == true) { // loginError = "The maximum number of incorrect login attempts has been exceeded - Contact the website administrator to unlock your account."; // } // dbInfo.Disconnect(); //} //return loginError; }
//-------------------------------------------------------------------------------------------------------------------------------------------------------------- public string GetError() { return(MGLSessionSecurityInterface.Instance().SecurityError); }
//--------------------------------------------------------------------------------------------------------------------------------------------------------------- // public bool Login( User user, string password) { public bool Login(SecureString userName, SecureString password) { bool loggedIn = false; string loginError = "Username or password not recognised."; UserOperations userOps = null; try { if (userName != null) { userOps = new UserOperations(lcf); MGUser user = userOps.GetUser(userName); // check the number of logins has not been exceeded if (user != null) { if (user.IsLockedOut == true) { loginError = "Too many incorrect attempts. Please contact the web team."; // to unlock your account."; } else { // 30-Nov-2015 - Strip the password out of the user information as this is applied to the session user.Password = null; // Check the password if (MGLApplicationSecurityInterface.Instance().AppLoginConfig.EnableAutomatedLogin == false && password != null) { // check the user name and the encrypted password in the database bool userLoginDetailsCorrect = userOps.UserLoginDetailsCorrect(user.Username, password); // if incorrect, increment the incorrect logins // if correct, increment the total logins userOps.LogLogin(user.ID, userLoginDetailsCorrect); // reextract the user as the LastIP and login date will have changed - better to keep this consistent, if its used for validation in the future ... user = userOps.GetUser(user.ID); if (userLoginDetailsCorrect) { loggedIn = true; // Set the current user object in the session loginError = null; MGLSessionSecurityInterface.Instance().CurrentUser = user; } } else { loggedIn = true; // Set the current user object in the session loginError = null; MGLSessionSecurityInterface.Instance().CurrentUser = user; } } if (loggedIn) { SecureContentWrapper.LiveDbContextInstance = new SecureContentWrapper(AppSecurityContext.MainDbLcf); // SecureContentWrapper.StagingDbContextInstance = new SecureContentWrapper(AppSecurityContext.StagingDbLcf); } } } } catch (Exception ex) { Logger.LogError(7, "Problem logging in at " + ex); } finally { if (userOps != null) { userOps.Finish(); } } MGLSessionSecurityInterface.Instance().SecurityError = loginError; return(loggedIn); }