private void BindAuditTaril() { List <UserInfo> auditTrailInfo = new AuthoProvider().GetAuditTrailDetails(); gvAuditReport.DataSource = auditTrailInfo; gvAuditReport.DataBind(); }
private void BindLoginHistory() { List <UserInfo> auditTrailInfo = new AuthoProvider().GetLoginHistory(); gvLoginHistory.DataSource = auditTrailInfo; gvLoginHistory.DataBind(); }
protected void Page_Load(object sender, EventArgs e) { // If someone changes in his url than just sign out. if (Request.UrlReferrer != null && string.IsNullOrEmpty(Request.UrlReferrer.Segments[Request.UrlReferrer.Segments.Length - 1])) { RemovedLoggedUser(); AuthoProvider.LogOut(); } //Condition Added by indu during audit process, since above condition not working. if (!Request.FilePath.Contains("Home")) { string strPreviousPage = ""; if (Request.UrlReferrer != null) { strPreviousPage = Request.UrlReferrer.Segments[Request.UrlReferrer.Segments.Length - 1]; } if (strPreviousPage == "") { RemovedLoggedUser(); AuthoProvider.LogOut(); } } else { if (Request.UrlReferrer == null) { RemovedLoggedUser(); AuthoProvider.LogOut(); } } }
protected void Page_InIt(object sender, EventArgs e) { if (!AuthoProvider.LoggedInRoles.Contains(Role.ADMIN)) { // Redirect to Login page AuthoProvider.LogOut(); } }
protected void btnCancel_Click(object sender, EventArgs e) { UserInfo uinfo = new UserInfo(); Application["LoggedInUsers"] = null; //Dictionary<string, DateTime> LoggedInUsers = Application["LoggedInUsers"] as Dictionary<string, DateTime>; //foreach (var item in LoggedInUsers.Where(kvp => kvp.Value == DateTime.Now.AddMilliseconds(-1000000)).ToList()) //{ // LoggedInUsers.Remove(item.Key); //} AuthoProvider.LogOut(); Response.Redirect("Login.aspx", false); }
protected void Page_InIt(object sender, EventArgs e) { //if (Session.IsNewSession) //{ // Session["ForceSession"] = DateTime.Now; //} //Page.ViewStateUserKey = Session.SessionID; //if (Page.EnableViewState) //{ // if (!string.IsNullOrEmpty(Request.Params["__VIEWSTATE"]) && !string.IsNullOrEmpty(Request.Form["__VIewSTATE"])) // { // throw new Exception("ViewState Existed but not in form"); // } //} #region CSRF //First, check for the existence of the Anti-XSS cookie // var requestCookie = Request.Cookies[AntiXsrfToken.AntiXsrfTokenKey]; var requestCookie = (string)Session["xsrf"];; Guid requestCookieGuidValue; if (requestCookie != null && Guid.TryParse(requestCookie, out requestCookieGuidValue)) { //Set the global token variable so the cookie value can be //validated against the value in the view state form field in //the Page.PreLoad method. _antiXsrfTokenValue = requestCookie; //Set the view state user key, which will be validated by the //framework during each request Page.ViewStateUserKey = _antiXsrfTokenValue; } else { GenerateCSRFCookie(); } Page.PreLoad += master_Page_PreLoad; #endregion Utility.SetNoCache(); if (!AuthoProvider.IsLoggedIn) { RemovedLoggedUser(); AuthoProvider.LogOut(); } }
protected void Page_Load(object sender, EventArgs e) { AuthoProvider.LogOut(); Session.Abandon(); string userLoggedIn = Session["UserLoggedIn"] == null ? Application["currentUser"] == null ? string.Empty : (string)Application["currentUser"] : (string)Session["UserLoggedIn"]; if (userLoggedIn.Length > 0) { System.Collections.Generic.List <string> d = Application["UsersLoggedIn"] as System.Collections.Generic.List <string>; if (d != null) { lock (d) { d.Remove(userLoggedIn); } } } }
public void InsertAuditTrailDetail(string actionType, string moduleName) { AuthoProvider authoProvider = new AuthoProvider(); UserInfo userInfo = new UserInfo(); if (HttpContext.Current.Session["LoginDateTime"] == null) { userInfo.LoginDateTime = DateTime.Now; } else { userInfo.LoginDateTime = Convert.ToDateTime(HttpContext.Current.Session["LoginDateTime"]); } if (actionType == "Logout") { userInfo.LogOutDateTime = DateTime.Now; } userInfo.UserName = AuthoProvider.User; userInfo.ModuleName = moduleName; authoProvider.InsertLoginTimeInfo(actionType, true, userInfo); }
private bool IsLoggedInOtherBrowserOrSystem(UserInfo uinfo, bool IsFromAlreadyLoggedIn) { Dictionary <string, DateTime> LoggedInUsers = Application["LoggedInUsers"] as Dictionary <string, DateTime>; if (LoggedInUsers != null) { if (LoggedInUsers.Keys.Contains(uinfo.UserName)) { //if (LoggedInUsers[uinfo.UserName] < DateTime.Now.AddMinutes(-2)) if (LoggedInUsers[uinfo.UserName] < DateTime.Now.AddMilliseconds(-2)) { LoggedInUsers.Remove(uinfo.UserName); LoggedInUsers.Add(uinfo.UserName, DateTime.Now); } else { if (!IsFromAlreadyLoggedIn) { //clearText(); AuthoProvider.LogOut(); lblMessageDisplay.Text = "Same user logged in on other browser or system."; LoggedInUsers.Remove(uinfo.UserName); return(true); } } } else { LoggedInUsers.Add(uinfo.UserName, DateTime.Now); } Application["LoggedInUsers"] = LoggedInUsers; } else { LoggedInUsers = new Dictionary <string, DateTime>(); LoggedInUsers.Add(uinfo.UserName, DateTime.Now); Application["LoggedInUsers"] = LoggedInUsers; } return(false); }
protected void btnSubmit_Click(object sender, EventArgs e) { try { if (txtNewPassword.Text.Trim().Equals(txtConfirmPassword.Text.Trim())) { UserInfo uInfo = AuthoProvider.GetLoggedInUser(); if (uInfo != null) { // Updating the password which user has entered, but in encrypted format. (Zahir) //AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, MD5HASH.GetMD5HashCode(txtNewPassword.Text.Trim()), "C"); AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, txtNewPassword.Text.Trim(), "C"); lblMessageDisplay.Text = "Password Created Successfully, Please login using your new Password...!"; lblMessageDisplay.ForeColor = System.Drawing.Color.Green; uInfo.isFirstLogin = false; Application["ValidApplicationUser"] = Request.Url.AbsolutePath; HttpContext.Current.Session["user"] = uInfo; UserBAL.Instance.InsertAuditTrailDetail("Password Created Successfully", "Create Password"); RemovedLoggedUser(); AuthoProvider.LogOut(); Response.Redirect("Login.aspx", false); } } else { txtNewPassword.Text = ""; txtConfirmPassword.Text = ""; lblMessageDisplay.Text = "New Password and Confirm Password should be same...!"; lblMessageDisplay.ForeColor = System.Drawing.Color.Red; } } catch (Exception ex) { LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType()); Response.RedirectPermanent("~/ErrorPage.aspx", false); } }
protected void btnSubmit_Click(object sender, EventArgs e) { try { lblMessageDisplay.Text = ""; string captchaString = Session["CaptchaImageText"].ToString(); if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtEmail.Text)) { lblMessageDisplay.Text = "Please enter either Username or Email at a time."; //Please enter Valid Username or Email Address...!"; return; } if (!string.IsNullOrEmpty(txtEmail.Text)) { //lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!"; txtEmail.Attributes.Add("email", "1"); // return; } DataSet ds = new DataSet(); if (txtUserName.Text.Trim() == "" && txtEmail.Text.Trim() == "") { lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!"; } else if (!captchaString.Equals(txtCaptcha.Text)) { txtCaptcha.Text = ""; lblMessageDisplay.Text = "Code entered does not match, please try again !"; return; } else if (txtUserName.Text.Trim() != "") { // If user has entered username while making a request of new password. (Zahir) ds = AuthoProvider.IsUserExists(txtUserName.Text); } else { // If user has entered Email while making a request of new password. (Zahir) ds = AuthoProvider.IsUserExists(txtEmail.Text.Trim()); } if (ds.IsValid()) { DataRow dr = ds.Tables[0].Rows[0]; CommonClass cRandom = new CommonClass(); string pwd = cRandom.RandomPassword(8); // Generating the new random password. (Zahir) bool ifSuccess = cRandom.SendMail(pwd, Convert.ToString(dr["Email"])); // Sending new password to user on its registered email address. (Zahir) if (ifSuccess) { // after email is sent successfull the new generated password is encrypted and stored in the database. (Zahir) pwd = MD5HASH.GetMD5HashCode(pwd); AuthoProvider.UpdateTemporaryPassword(Convert.ToString(dr["UserName"]), pwd, "F"); lblMessageDisplay.Text = "Your new Temporary Password is being sent to your Email, Please Check your Email...!"; Session["CaptchaImageText"] = null; UserBAL.Instance.InsertAuditTrailDetail("Temporary Password has sent to registered Email", "Forgot Password"); } else { lblMessageDisplay.Text = "Error Occured while sending Email...!"; } } else { lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!"; } } catch (Exception ex) { LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType()); Response.RedirectPermanent("~/ErrorPage.aspx", false); } }
protected void btnLogin_Click(object sender, EventArgs e) { Application["LoggedInUsers"] = null; try { if (!IsLogedIn(txtUserName.Text.Trim())) { return; } MD5HASH.Encryptdata(txtPassword.Text); if (Session["CaptchaImageText"] != null) { string captchaString = Session["CaptchaImageText"].ToString(); string hiddenPassword = hdnPassword.Value; string mixedPassword = AESEncrytDecry.DecryptStringAES(hiddenPassword); string[] mixedValue = mixedPassword.Split('#'); string codeNumber = mixedValue[1]; hdnPassword.Value = mixedValue[0]; if (!captchaString.Equals(codeNumber)) { RemovedLoggedUser(); txtCaptcha.Text = ""; lblMessageDisplay.Text = "Code entered does not match, please try again !"; return; } else { DataSet ds = AuthoProvider.IsUserLocked(txtUserName.Text); // We are checking whether User is Locked from login or Not. (Zahir) if (ds.IsValid()) // If any unsuccessfull login entry is found then dataset will contain rows for that particular user. (Zahir) { DataRow dr = ds.Tables[0].Rows[0]; int idLocked = Convert.ToInt16(dr[DataBaseFields.IsLocked]); double totalSeconds = 0; double seconds = 900; if (idLocked > 0) // If IdLocked is 1 then User is not allowed to Login. (Zahir) { totalSeconds = (DateTime.Now - Convert.ToDateTime(dr[DataBaseFields.lock_time])).TotalSeconds; if (totalSeconds <= seconds) { RemovedLoggedUser(); lblMessageDisplay.Text = "Your Id is being Locked, Please try after " + Math.Round((seconds - totalSeconds) / 60) + " Mins...!"; return; } else { // If the lock Time is passed then the entries is deleted for that particular user. (Zahir) int n = AuthoProvider.DeleteLoginErrorInfo(txtUserName.Text); checkAuthentication(); // call the function for redirecting user after checking username and password. (Zahir) } } else { checkAuthentication(); } } else { checkAuthentication(); } } } else { lblMessageDisplay.Text = "Session has been expired Please refresh page"; RemovedLoggedUser(); } } catch (Exception ex) { RemovedLoggedUser(); LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType()); Response.RedirectPermanent("~/ErrorPage.aspx", false); } }
protected void checkAuthentication() { AuthoProvider Autho_prov = new AuthoProvider(); UserInfo uinfo = new UserInfo(); try { string InvalidMessage = "Invalid User name and password! Please Try Again"; //Check whether user is active or not.(Indu) DataSet dsActive = AuthoProvider.IsUserInactive(txtUserName.Text); if (dsActive.Tables[0].Rows.Count >= 0) { //uinfo = Autho_prov.AuthenticateUser(txtUserName.Text, MD5HASH.GetMD5HashCode(txtPassword.Text.Trim()), false); uinfo = Autho_prov.AuthenticateUser(txtUserName.Text, hdnPassword.Value, false); } else { RemovedLoggedUser(); lblMessageDisplay.Text = "Your account is not active! Please contact to NTCA for activation."; return; } if (uinfo == null) { txtCaptcha.Text = ""; txtPassword.Text = ""; txtUserName.Text = ""; lblMessageDisplay.Text = InvalidMessage; } /* Here we are checking whether User is loggin in with temporary password and actual password. * If isFirstLogin is true then user is using temporary password. * So we are redirecting user to change password page. (Zahir) */ if (uinfo != null) { if (!IsValidCredential(uinfo)) { return; } else { Application["currentUser"] = (string)Session["UserLoggedIn"]; if (uinfo.Roles.Contains(Role.ADMIN) && uinfo.isFirstLogin == false) { UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module"); Session["LoginDateTime"] = DateTime.Now; Response.Redirect("~/Admin/Home.aspx", false); } else if (uinfo.Roles.Contains(Role.NTCA) && uinfo.isFirstLogin == false) { UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module"); Session["LoginDateTime"] = DateTime.Now; Response.Redirect("~/NTCA-RO/Home.aspx", false); } else if (uinfo.Roles.Contains(Role.REGIONALOFFICER) && uinfo.isFirstLogin == false) { UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module"); Session["LoginDateTime"] = DateTime.Now; Response.Redirect("~/NTCA-RO/Home.aspx", false); } else if (uinfo.Roles.Contains(Role.CWLW) && uinfo.isFirstLogin == false) { UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module"); Session["LoginDateTime"] = DateTime.Now; Response.Redirect("~/CWW-Secretary/Home.aspx", false); } else if (uinfo.Roles.Contains(Role.SECRETARY) && uinfo.isFirstLogin == false) { UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module"); Session["LoginDateTime"] = DateTime.Now; Response.Redirect("~/CWW-Secretary/Home.aspx", false); } else if (uinfo.Roles.Contains(Role.FIELDDIRECTOR) && uinfo.isFirstLogin == false) { UserBAL.Instance.InsertAuditTrailDetail("Login", "Login Module"); Session["LoginDateTime"] = DateTime.Now; Response.Redirect("FieldDirector/FieldDirectorHome.aspx", false); } else { Response.Redirect("CreatePassword.aspx", false); } } //} } else { RemovedLoggedUser(); lblMessageDisplay.Text = "Invalid User name and password! Please Try Again"; return; } } catch (Exception ex) { RemovedLoggedUser(); Autho_prov.InsertLoginTimeInfo("Login", false, uinfo); LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType()); Response.RedirectPermanent("~/ErrorPage.aspx", false); } }
/// <summary> /// Change old password /// Author: Indu /// </summary> private bool ChangeOldPassword() { try { if (!IsCpmplexPassword()) { return(false); } //Get the old password from the database. DataSet dsOldPassword = UserBAL.Instance.GetOldPassword(lblUserName.Text); string strOldPassword = Convert.ToString(dsOldPassword.Tables[0].Rows[0].ItemArray[0]); //Commented by Indu because it is server side MD5 encriptioppn //Checking the old password with entered old password. //string strOldPasswordHashed = MD5HASH.GetMD5HashCode(txtOldPassword.Text.Trim()); //Added by Indu because it is alrardy encrypted at client side in MD5 encriptioppn format. string strOldPasswordHashed = txtOldPassword.Text.Trim(); if (strOldPassword.Equals(strOldPasswordHashed)) { if (txtNewPassword.Text.Trim().Equals(txtConfirmPassword.Text.Trim())) { UserInfo uInfo = AuthoProvider.GetLoggedInUser(); if (uInfo != null) { // Updating the password which user has entered, but in encrypted format. //Commented by Indu because it is server side MD5 encriptioppn //AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, MD5HASH.GetMD5HashCode(txtNewPassword.Text.Trim()), "C"); //Added by Indu because it is alrardy encrypted at client side in MD5 encriptioppn format. string clientMD5newPassword = txtNewPassword.Text.Trim(); AuthoProvider.UpdateTemporaryPassword(uInfo.UserName, clientMD5newPassword, "C"); string strSuccess = "Password Changed Successfully, Please use your changed Password in next time login...!"; uInfo.isFirstLogin = false; HttpContext.Current.Session["user"] = uInfo; vmSuccess.Message = strSuccess; FlashMessage.ErrorMessage(vmError.Message); return(true); } } else { txtNewPassword.Text = ""; txtConfirmPassword.Text = ""; string strError = "New Password and Confirm Password should be same...!"; vmError.Message = strError; FlashMessage.ErrorMessage(vmError.Message); return(false); } return(false); } else { string strError = "Old password does not match. Please enter the correct old Password."; vmError.Message = strError; FlashMessage.ErrorMessage(vmError.Message); return(false); } } catch (Exception ex) { LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType()); Response.RedirectPermanent("~/ErrorPage.aspx", false); return(false); //string strError = ex.Message; //vmError.Message = strError; //FlashMessage.ErrorMessage(vmError.Message); //return; } }