//-----------------------------------------------------------------------------------------------------------------------------------------------------------
//Create as a static method so this can be called using
// just the class name (no object instance is required).
// It simplifies other code because it will always return
// the single instance of this class, either newly created
// or from the session
public static MGLSessionSecurityInterface Instance()
{
MGLSessionSecurityInterface seshSingleton = null;
try {
if (System.Web.HttpContext.Current != null && System.Web.HttpContext.Current.Session != null)
{
if (null == System.Web.HttpContext.Current.Session[SESSION_SINGLETON])
{
//No current session object exists, use private constructor to
// create an instance, place it into the session
seshSingleton = new MGLSessionSecurityInterface();
System.Web.HttpContext.Current.Session[SESSION_SINGLETON] = seshSingleton;
}
else
{
//Retrieve the already instance that was already created
seshSingleton = (MGLSessionSecurityInterface)System.Web.HttpContext.Current.Session[SESSION_SINGLETON];
}
}
} catch (Exception ex) {
Logger.LogError(7, "MGLSessionSecurityInterface crashed when access was attempted: " + ex.ToString());
}
return(seshSingleton);
}
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
// public bool Login( User user, string password) {
public string LoginError()
{
return(MGLSessionSecurityInterface.Instance().SecurityError);
//string loginError = "Invalid username or password.";
//if (userName != null) {
// User user = GetUser(userName);
// // check the number of logins has not been exceeded
// if (user != null && user.IsLockedOut == true) {
// loginError = "The maximum number of incorrect login attempts has been exceeded - Contact the website administrator to unlock your account.";
// }
// dbInfo.Disconnect();
//}
//return loginError;
}
//--------------------------------------------------------------------------------------------------------------------------------------------------------------
public string GetError()
{
return(MGLSessionSecurityInterface.Instance().SecurityError);
}
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
// public bool Login( User user, string password) {
public bool Login(SecureString userName, SecureString password)
{
bool loggedIn = false;
string loginError = "Username or password not recognised.";
UserOperations userOps = null;
try {
if (userName != null)
{
userOps = new UserOperations(lcf);
MGUser user = userOps.GetUser(userName);
// check the number of logins has not been exceeded
if (user != null)
{
if (user.IsLockedOut == true)
{
loginError = "Too many incorrect attempts. Please contact the web team."; // to unlock your account.";
}
else
{
// 30-Nov-2015 - Strip the password out of the user information as this is applied to the session
user.Password = null;
// Check the password
if (MGLApplicationSecurityInterface.Instance().AppLoginConfig.EnableAutomatedLogin == false && password != null)
{
// check the user name and the encrypted password in the database
bool userLoginDetailsCorrect = userOps.UserLoginDetailsCorrect(user.Username, password);
// if incorrect, increment the incorrect logins
// if correct, increment the total logins
userOps.LogLogin(user.ID, userLoginDetailsCorrect);
// reextract the user as the LastIP and login date will have changed - better to keep this consistent, if its used for validation in the future ...
user = userOps.GetUser(user.ID);
if (userLoginDetailsCorrect)
{
loggedIn = true;
// Set the current user object in the session
loginError = null;
MGLSessionSecurityInterface.Instance().CurrentUser = user;
}
}
else
{
loggedIn = true;
// Set the current user object in the session
loginError = null;
MGLSessionSecurityInterface.Instance().CurrentUser = user;
}
}
if (loggedIn)
{
SecureContentWrapper.LiveDbContextInstance = new SecureContentWrapper(AppSecurityContext.MainDbLcf);
// SecureContentWrapper.StagingDbContextInstance = new SecureContentWrapper(AppSecurityContext.StagingDbLcf);
}
}
}
} catch (Exception ex) {
Logger.LogError(7, "Problem logging in at " + ex);
} finally {
if (userOps != null)
{
userOps.Finish();
}
}
MGLSessionSecurityInterface.Instance().SecurityError = loginError;
return(loggedIn);
}
