private void BindAuditTaril()
{
List <UserInfo> auditTrailInfo = new AuthoProvider().GetAuditTrailDetails();
gvAuditReport.DataSource = auditTrailInfo;
gvAuditReport.DataBind();
}
private void BindLoginHistory()
{
List <UserInfo> auditTrailInfo = new AuthoProvider().GetLoginHistory();
gvLoginHistory.DataSource = auditTrailInfo;
gvLoginHistory.DataBind();
}
protected void Page_Load(object sender, EventArgs e)
{
// If someone changes in his url than just sign out.
if (Request.UrlReferrer != null && string.IsNullOrEmpty(Request.UrlReferrer.Segments[Request.UrlReferrer.Segments.Length - 1]))
{
RemovedLoggedUser();
AuthoProvider.LogOut();
}
//Condition Added by indu during audit process, since above condition not working.
if (!Request.FilePath.Contains("Home"))
{
string strPreviousPage = "";
if (Request.UrlReferrer != null)
{
strPreviousPage = Request.UrlReferrer.Segments[Request.UrlReferrer.Segments.Length - 1];
}
if (strPreviousPage == "")
{
RemovedLoggedUser();
AuthoProvider.LogOut();
}
}
else
{
if (Request.UrlReferrer == null)
{
RemovedLoggedUser();
AuthoProvider.LogOut();
}
}
}
protected void Page_InIt(object sender, EventArgs e)
{
if (!AuthoProvider.LoggedInRoles.Contains(Role.ADMIN))
{
// Redirect to Login page
AuthoProvider.LogOut();
}
}
protected void btnCancel_Click(object sender, EventArgs e)
{
UserInfo uinfo = new UserInfo();
Application["LoggedInUsers"] = null;
//Dictionary<string, DateTime> LoggedInUsers = Application["LoggedInUsers"] as Dictionary<string, DateTime>;
//foreach (var item in LoggedInUsers.Where(kvp => kvp.Value == DateTime.Now.AddMilliseconds(-1000000)).ToList())
//{
// LoggedInUsers.Remove(item.Key);
//}
AuthoProvider.LogOut();
Response.Redirect("Login.aspx", false);
}
protected void Page_InIt(object sender, EventArgs e)
{
//if (Session.IsNewSession)
//{
// Session["ForceSession"] = DateTime.Now;
//}
//Page.ViewStateUserKey = Session.SessionID;
//if (Page.EnableViewState)
//{
// if (!string.IsNullOrEmpty(Request.Params["__VIEWSTATE"]) && !string.IsNullOrEmpty(Request.Form["__VIewSTATE"]))
// {
// throw new Exception("ViewState Existed but not in form");
// }
//}
#region CSRF
//First, check for the existence of the Anti-XSS cookie
// var requestCookie = Request.Cookies[AntiXsrfToken.AntiXsrfTokenKey];
var requestCookie = (string)Session["xsrf"];;
Guid requestCookieGuidValue;
if (requestCookie != null && Guid.TryParse(requestCookie, out requestCookieGuidValue))
{
//Set the global token variable so the cookie value can be
//validated against the value in the view state form field in
//the Page.PreLoad method.
_antiXsrfTokenValue = requestCookie;
//Set the view state user key, which will be validated by the
//framework during each request
Page.ViewStateUserKey = _antiXsrfTokenValue;
}
else
{
GenerateCSRFCookie();
}
Page.PreLoad += master_Page_PreLoad;
#endregion
Utility.SetNoCache();
if (!AuthoProvider.IsLoggedIn)
{
RemovedLoggedUser();
AuthoProvider.LogOut();
}
}
protected void Page_Load(object sender, EventArgs e)
{
AuthoProvider.LogOut();
Session.Abandon();
string userLoggedIn = Session["UserLoggedIn"] == null ? Application["currentUser"] == null ? string.Empty : (string)Application["currentUser"] : (string)Session["UserLoggedIn"];
if (userLoggedIn.Length > 0)
{
System.Collections.Generic.List <string> d = Application["UsersLoggedIn"]
as System.Collections.Generic.List <string>;
if (d != null)
{
lock (d)
{
d.Remove(userLoggedIn);
}
}
}
}
public void InsertAuditTrailDetail(string actionType, string moduleName)
{
AuthoProvider authoProvider = new AuthoProvider();
UserInfo userInfo = new UserInfo();
if (HttpContext.Current.Session["LoginDateTime"] == null)
{
userInfo.LoginDateTime = DateTime.Now;
}
else
{
userInfo.LoginDateTime = Convert.ToDateTime(HttpContext.Current.Session["LoginDateTime"]);
}
if (actionType == "Logout")
{
userInfo.LogOutDateTime = DateTime.Now;
}
userInfo.UserName = AuthoProvider.User;
userInfo.ModuleName = moduleName;
authoProvider.InsertLoginTimeInfo(actionType, true, userInfo);
}
private bool IsLoggedInOtherBrowserOrSystem(UserInfo uinfo, bool IsFromAlreadyLoggedIn)
{
Dictionary <string, DateTime> LoggedInUsers = Application["LoggedInUsers"] as Dictionary <string, DateTime>;
if (LoggedInUsers != null)
{
if (LoggedInUsers.Keys.Contains(uinfo.UserName))
{
//if (LoggedInUsers[uinfo.UserName] < DateTime.Now.AddMinutes(-2))
if (LoggedInUsers[uinfo.UserName] < DateTime.Now.AddMilliseconds(-2))
{
LoggedInUsers.Remove(uinfo.UserName);
LoggedInUsers.Add(uinfo.UserName, DateTime.Now);
}
else
{
if (!IsFromAlreadyLoggedIn)
{
//clearText();
AuthoProvider.LogOut();
lblMessageDisplay.Text = "Same user logged in on other browser or system.";
LoggedInUsers.Remove(uinfo.UserName);
return(true);
}
}
}
else
{
LoggedInUsers.Add(uinfo.UserName, DateTime.Now);
}
Application["LoggedInUsers"] = LoggedInUsers;
}
else
{
LoggedInUsers = new Dictionary <string, DateTime>();
LoggedInUsers.Add(uinfo.UserName, DateTime.Now);
Application["LoggedInUsers"] = LoggedInUsers;
}
return(false);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
if (txtNewPassword.Text.Trim().Equals(txtConfirmPassword.Text.Trim()))
{
UserInfo uInfo = AuthoProvider.GetLoggedInUser();
if (uInfo != null)
{
// Updating the password which user has entered, but in encrypted format. (Zahir)
//AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, MD5HASH.GetMD5HashCode(txtNewPassword.Text.Trim()), "C");
AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, txtNewPassword.Text.Trim(), "C");
lblMessageDisplay.Text = "Password Created Successfully, Please login using your new Password...!";
lblMessageDisplay.ForeColor = System.Drawing.Color.Green;
uInfo.isFirstLogin = false;
Application["ValidApplicationUser"] = Request.Url.AbsolutePath;
HttpContext.Current.Session["user"] = uInfo;
UserBAL.Instance.InsertAuditTrailDetail("Password Created Successfully", "Create Password");
RemovedLoggedUser();
AuthoProvider.LogOut();
Response.Redirect("Login.aspx", false);
}
}
else
{
txtNewPassword.Text = "";
txtConfirmPassword.Text = "";
lblMessageDisplay.Text = "New Password and Confirm Password should be same...!";
lblMessageDisplay.ForeColor = System.Drawing.Color.Red;
}
}
catch (Exception ex)
{
LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
Response.RedirectPermanent("~/ErrorPage.aspx", false);
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
lblMessageDisplay.Text = "";
string captchaString = Session["CaptchaImageText"].ToString();
if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtEmail.Text))
{
lblMessageDisplay.Text = "Please enter either Username or Email at a time.";
//Please enter Valid Username or Email Address...!";
return;
}
if (!string.IsNullOrEmpty(txtEmail.Text))
{
//lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!";
txtEmail.Attributes.Add("email", "1");
// return;
}
DataSet ds = new DataSet();
if (txtUserName.Text.Trim() == "" && txtEmail.Text.Trim() == "")
{
lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!";
}
else if (!captchaString.Equals(txtCaptcha.Text))
{
txtCaptcha.Text = "";
lblMessageDisplay.Text = "Code entered does not match, please try again !";
return;
}
else if (txtUserName.Text.Trim() != "")
{
// If user has entered username while making a request of new password. (Zahir)
ds = AuthoProvider.IsUserExists(txtUserName.Text);
}
else
{
// If user has entered Email while making a request of new password. (Zahir)
ds = AuthoProvider.IsUserExists(txtEmail.Text.Trim());
}
if (ds.IsValid())
{
DataRow dr = ds.Tables[0].Rows[0];
CommonClass cRandom = new CommonClass();
string pwd = cRandom.RandomPassword(8); // Generating the new random password. (Zahir)
bool ifSuccess = cRandom.SendMail(pwd, Convert.ToString(dr["Email"])); // Sending new password to user on its registered email address. (Zahir)
if (ifSuccess)
{
// after email is sent successfull the new generated password is encrypted and stored in the database. (Zahir)
pwd = MD5HASH.GetMD5HashCode(pwd);
AuthoProvider.UpdateTemporaryPassword(Convert.ToString(dr["UserName"]), pwd, "F");
lblMessageDisplay.Text = "Your new Temporary Password is being sent to your Email, Please Check your Email...!";
Session["CaptchaImageText"] = null;
UserBAL.Instance.InsertAuditTrailDetail("Temporary Password has sent to registered Email", "Forgot Password");
}
else
{
lblMessageDisplay.Text = "Error Occured while sending Email...!";
}
}
else
{
lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!";
}
}
catch (Exception ex)
{
LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
Response.RedirectPermanent("~/ErrorPage.aspx", false);
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
Application["LoggedInUsers"] = null;
try
{
if (!IsLogedIn(txtUserName.Text.Trim()))
{
return;
}
MD5HASH.Encryptdata(txtPassword.Text);
if (Session["CaptchaImageText"] != null)
{
string captchaString = Session["CaptchaImageText"].ToString();
string hiddenPassword = hdnPassword.Value;
string mixedPassword = AESEncrytDecry.DecryptStringAES(hiddenPassword);
string[] mixedValue = mixedPassword.Split('#');
string codeNumber = mixedValue[1];
hdnPassword.Value = mixedValue[0];
if (!captchaString.Equals(codeNumber))
{
RemovedLoggedUser();
txtCaptcha.Text = "";
lblMessageDisplay.Text = "Code entered does not match, please try again !";
return;
}
else
{
DataSet ds = AuthoProvider.IsUserLocked(txtUserName.Text); // We are checking whether User is Locked from login or Not. (Zahir)
if (ds.IsValid()) // If any unsuccessfull login entry is found then dataset will contain rows for that particular user. (Zahir)
{
DataRow dr = ds.Tables[0].Rows[0];
int idLocked = Convert.ToInt16(dr[DataBaseFields.IsLocked]);
double totalSeconds = 0;
double seconds = 900;
if (idLocked > 0) // If IdLocked is 1 then User is not allowed to Login. (Zahir)
{
totalSeconds = (DateTime.Now - Convert.ToDateTime(dr[DataBaseFields.lock_time])).TotalSeconds;
if (totalSeconds <= seconds)
{
RemovedLoggedUser();
lblMessageDisplay.Text = "Your Id is being Locked, Please try after " + Math.Round((seconds - totalSeconds) / 60) + " Mins...!";
return;
}
else
{
// If the lock Time is passed then the entries is deleted for that particular user. (Zahir)
int n = AuthoProvider.DeleteLoginErrorInfo(txtUserName.Text);
checkAuthentication(); // call the function for redirecting user after checking username and password. (Zahir)
}
}
else
{
checkAuthentication();
}
}
else
{
checkAuthentication();
}
}
}
else
{
lblMessageDisplay.Text = "Session has been expired Please refresh page";
RemovedLoggedUser();
}
}
catch (Exception ex)
{
RemovedLoggedUser();
LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
Response.RedirectPermanent("~/ErrorPage.aspx", false);
}
}
protected void checkAuthentication()
{
AuthoProvider Autho_prov = new AuthoProvider();
UserInfo uinfo = new UserInfo();
try
{
string InvalidMessage = "Invalid User name and password! Please Try Again";
//Check whether user is active or not.(Indu)
DataSet dsActive = AuthoProvider.IsUserInactive(txtUserName.Text);
if (dsActive.Tables[0].Rows.Count >= 0)
{
//uinfo = Autho_prov.AuthenticateUser(txtUserName.Text, MD5HASH.GetMD5HashCode(txtPassword.Text.Trim()), false);
uinfo = Autho_prov.AuthenticateUser(txtUserName.Text, hdnPassword.Value, false);
}
else
{
RemovedLoggedUser();
lblMessageDisplay.Text = "Your account is not active! Please contact to NTCA for activation.";
return;
}
if (uinfo == null)
{
txtCaptcha.Text = "";
txtPassword.Text = "";
txtUserName.Text = "";
lblMessageDisplay.Text = InvalidMessage;
}
/* Here we are checking whether User is loggin in with temporary password and actual password.
* If isFirstLogin is true then user is using temporary password.
* So we are redirecting user to change password page. (Zahir) */
if (uinfo != null)
{
if (!IsValidCredential(uinfo))
{
return;
}
else
{
Application["currentUser"] = (string)Session["UserLoggedIn"];
if (uinfo.Roles.Contains(Role.ADMIN) && uinfo.isFirstLogin == false)
{
UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module");
Session["LoginDateTime"] = DateTime.Now;
Response.Redirect("~/Admin/Home.aspx", false);
}
else if (uinfo.Roles.Contains(Role.NTCA) && uinfo.isFirstLogin == false)
{
UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module");
Session["LoginDateTime"] = DateTime.Now;
Response.Redirect("~/NTCA-RO/Home.aspx", false);
}
else if (uinfo.Roles.Contains(Role.REGIONALOFFICER) && uinfo.isFirstLogin == false)
{
UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module");
Session["LoginDateTime"] = DateTime.Now;
Response.Redirect("~/NTCA-RO/Home.aspx", false);
}
else if (uinfo.Roles.Contains(Role.CWLW) && uinfo.isFirstLogin == false)
{
UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module");
Session["LoginDateTime"] = DateTime.Now;
Response.Redirect("~/CWW-Secretary/Home.aspx", false);
}
else if (uinfo.Roles.Contains(Role.SECRETARY) && uinfo.isFirstLogin == false)
{
UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module");
Session["LoginDateTime"] = DateTime.Now;
Response.Redirect("~/CWW-Secretary/Home.aspx", false);
}
else if (uinfo.Roles.Contains(Role.FIELDDIRECTOR) && uinfo.isFirstLogin == false)
{
UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module");
Session["LoginDateTime"] = DateTime.Now;
Response.Redirect("FieldDirector/FieldDirectorHome.aspx", false);
}
else
{
Response.Redirect("CreatePassword.aspx", false);
}
}
//}
}
else
{
RemovedLoggedUser();
lblMessageDisplay.Text = "Invalid User name and password! Please Try Again";
return;
}
}
catch (Exception ex)
{
RemovedLoggedUser();
Autho_prov.InsertLoginTimeInfo("Login", false, uinfo);
LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
Response.RedirectPermanent("~/ErrorPage.aspx", false);
}
}
/// <summary>
/// Change old password
/// Author: Indu
/// </summary>
private bool ChangeOldPassword()
{
try
{
if (!IsCpmplexPassword())
{
return(false);
}
//Get the old password from the database.
DataSet dsOldPassword = UserBAL.Instance.GetOldPassword(lblUserName.Text);
string strOldPassword = Convert.ToString(dsOldPassword.Tables[0].Rows[0].ItemArray[0]);
//Commented by Indu because it is server side MD5 encriptioppn
//Checking the old password with entered old password.
//string strOldPasswordHashed = MD5HASH.GetMD5HashCode(txtOldPassword.Text.Trim());
//Added by Indu because it is alrardy encrypted at client side in MD5 encriptioppn format.
string strOldPasswordHashed = txtOldPassword.Text.Trim();
if (strOldPassword.Equals(strOldPasswordHashed))
{
if (txtNewPassword.Text.Trim().Equals(txtConfirmPassword.Text.Trim()))
{
UserInfo uInfo = AuthoProvider.GetLoggedInUser();
if (uInfo != null)
{
// Updating the password which user has entered, but in encrypted format.
//Commented by Indu because it is server side MD5 encriptioppn
//AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, MD5HASH.GetMD5HashCode(txtNewPassword.Text.Trim()), "C");
//Added by Indu because it is alrardy encrypted at client side in MD5 encriptioppn format.
string clientMD5newPassword = txtNewPassword.Text.Trim();
AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, clientMD5newPassword, "C");
string strSuccess = "Password Changed Successfully, Please use your changed Password in next time login...!";
uInfo.isFirstLogin = false;
HttpContext.Current.Session["user"] = uInfo;
vmSuccess.Message = strSuccess;
FlashMessage.ErrorMessage(vmError.Message);
return(true);
}
}
else
{
txtNewPassword.Text = "";
txtConfirmPassword.Text = "";
string strError = "New Password and Confirm Password should be same...!";
vmError.Message = strError;
FlashMessage.ErrorMessage(vmError.Message);
return(false);
}
return(false);
}
else
{
string strError = "Old password does not match. Please enter the correct old Password.";
vmError.Message = strError;
FlashMessage.ErrorMessage(vmError.Message);
return(false);
}
}
catch (Exception ex)
{
LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
Response.RedirectPermanent("~/ErrorPage.aspx", false);
return(false);
//string strError = ex.Message;
//vmError.Message = strError;
//FlashMessage.ErrorMessage(vmError.Message);
//return;
}
}