private bool ValidateUserInternal(BTTUser user, string password) { if (user != null) { BTTUserActivity uact = GetActivityForUser(user); if (uact.FailedLogins > _MaxInvalidPasswordAttempts || uact.IsLockedOut) { return(false); } string passwordValidate = TransformPassword(password, ref user.PasswordSalt); if (string.Compare(passwordValidate, user.Password) == 0) { return(true); } else { uact.FailedLogins += 1; SaveUserActivity(uact); } } return(false); }
public override MembershipUser GetUser(string username, bool userIsOnline) { try { BTTUser user = GetUser(username); if (user != null) { if (userIsOnline) { BTTUserActivity uact = GetActivityForUser(user); SaveUserActivity(uact); } return(CreateMembershipFromInternalUser(user)); } else { return(null); } } catch { throw; } }
// GET: Admin/BTTusers/DeleteProf/5 public ActionResult Delete(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } BTTUser user = db.BTTUsers.Find(id); if (user == null) { return(HttpNotFound()); } ApplicationDbContext context = new ApplicationDbContext(); var UserManager = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(context)); var accountEmail = UserManager.GetEmail(user.ASPNetIdentityID); ViewBag.First = user.FirstName; ViewBag.Last = user.LastName; ViewBag.Email = accountEmail; return(View(user)); }
public ActionResult DeleteConfirmed(int id) { if (ModelState.IsValid) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } //initialize a user manager var UserManager = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(context)); BTTUser user = db.BTTUsers.Find(id); //get Account BeyondTheTutor (DATA) var aspAccount = UserManager.FindById(user.ASPNetIdentityID); //get Account AspAccountIdentity (DATA) //information about 3rd party/external logins, for example users who login into our site via Google, Facebook, Twitter etc var logins = aspAccount.Logins; var accountRoles = UserManager.GetRoles(aspAccount.Id); //get roles //viewbag printouts for Target Account var accountEmail = aspAccount.Email.ToString(); // get email of account being deleted var firstName = user.FirstName; // first and var lastName = user.LastName; // last name var accountRole = UserManager.GetRoles(aspAccount.Id).FirstOrDefault().ToString(); //eof viewbag printouts db.BTTUsers.Remove(user); //remove BeyondTheTutor Account's (DATA) db.SaveChanges(); using (var transaction = context.Database.BeginTransaction()) { foreach (var login in logins.ToList()) { UserManager.RemoveLogin(login.UserId, new UserLoginInfo(login.LoginProvider, login.ProviderKey)); } if (accountRoles.Count() > 0) { foreach (var item in accountRoles.ToList()) { // item should be the name of the role var result = UserManager.RemoveFromRole(aspAccount.Id, item); } } UserManager.Delete(aspAccount); transaction.Commit(); } TempData["f"] = "You have successfully removed a " + accountRole + ": " + firstName + " " + lastName + ", " + accountEmail + ""; return(RedirectToAction("Index")); } else { ViewBag.f = "Something went wrong. Please make sure your action was valid."; return(View()); } }
private static void SaveUser(BTTUser user) { user.ModifiedDate = DateTime.UtcNow; user.ModifiedBy = new Guid(ConfigurationManager.AppSettings["adminGuid"]); ActiveRecordMediator <BTTUser> .Save(user); }
// See: https://code.msdn.microsoft.com/ASPNET-MVC-5-Security-And-44cbdb97 // In this method we will create default User roles and Admin user for login private void CreateRolesandUsers() { // The context that Identity created ApplicationDbContext context = new ApplicationDbContext(); //the main database BeyondTheTutorContext db = new BeyondTheTutorContext(); var roleManager = new RoleManager <IdentityRole>(new RoleStore <IdentityRole>(context)); var UserManager = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(context)); /*roleManager.Delete(roleManager.FindByName(ROLES[0])); * roleManager.Delete(roleManager.FindByName(ROLES[1])); * roleManager.Delete(roleManager.FindByName(ROLES[2])); * roleManager.Delete(roleManager.FindByName(ROLES[3]));*/ // Create admin role and seed with the admin user/ // Assumes neither already exists if (!roleManager.RoleExists(ROLES[0])) { // Create role var role = new IdentityRole(ROLES[0]); // role name is "Admin" IdentityResult res = roleManager.Create(role); // Create user with this role string userPWD = "admin2020"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminPassword"]; string userEmail = "*****@*****.**"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminEmail"]; var user = new ApplicationUser { UserName = userEmail, EmailConfirmed = true, Email = userEmail }; // Username and email must be the same unless you want to make changes to the login code, which assumes they are the same // It will appear to work but once you clear your cache (to delete the cookie) or use another browser it won't work res = UserManager.Create(user, userPWD); if (res.Succeeded) { var special_user = new BTTUser { FirstName = "Tracy", LastName = "Boyson", ASPNetIdentityID = user.Id }; var sub_user = new Admin { ID = special_user.ID }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Admins.Add(sub_user); db.SaveChangesAsync(); } if (res.Succeeded) { var result1 = UserManager.AddToRole(user.Id, ROLES[0]); } } // Do we need another role? i.e. "User" // Create admin role and seed with the admin user/ // Assumes neither already exists if (!roleManager.RoleExists(ROLES[1])) { // Create role var role = new IdentityRole(ROLES[1]); // role name is "Professor" IdentityResult res = roleManager.Create(role); // Create user with this role string userPWD = "professor2020"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminPassword"]; string userEmail = "*****@*****.**"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminEmail"]; var user = new ApplicationUser { UserName = userEmail, Email = userEmail, EmailConfirmed = true }; // Username and email must be the same unless you want to make changes to the login code, which assumes they are the same // It will appear to work but once you clear your cache (to delete the cookie) or use another browser it won't work res = UserManager.Create(user, userPWD); if (res.Succeeded) { var special_user = new BTTUser { FirstName = "Becka", LastName = "Morgan", ASPNetIdentityID = user.Id }; var sub_user = new Professor { ID = special_user.ID, AdminApproved = true }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Professors.Add(sub_user); db.SaveChangesAsync(); } if (res.Succeeded) { var result1 = UserManager.AddToRole(user.Id, ROLES[1]); } } // Create admin role and seed with the admin user/ // Assumes neither already exists if (!roleManager.RoleExists(ROLES[2])) { // Create role var role = new IdentityRole(ROLES[2]); // role name is "Student" IdentityResult res = roleManager.Create(role); // Create user with this role string userPWD = "student2020"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminPassword"]; string userEmail = "*****@*****.**"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminEmail"]; var user = new ApplicationUser { UserName = userEmail, Email = userEmail, EmailConfirmed = true }; // Username and email must be the same unless you want to make changes to the login code, which assumes they are the same // It will appear to work but once you clear your cache (to delete the cookie) or use another browser it won't work res = UserManager.Create(user, userPWD); if (res.Succeeded) { var special_user = new BTTUser { FirstName = "Brandon", LastName = "Linton", ASPNetIdentityID = user.Id }; var sub_user = new Student { ID = special_user.ID, ClassStanding = "Junior", GraduatingYear = 2022 }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Students.Add(sub_user); db.SaveChangesAsync(); } if (res.Succeeded) { var result1 = UserManager.AddToRole(user.Id, ROLES[2]); } } // Create admin role and seed with the admin user/ // Assumes neither already exists if (!roleManager.RoleExists(ROLES[3])) { // Create role var role = new IdentityRole(ROLES[3]); // role name is "Tutor" IdentityResult res = roleManager.Create(role); // Create user with this role string userPWD = "tutor2020"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminPassword"]; string userEmail = "*****@*****.**"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminEmail"]; var user = new ApplicationUser { UserName = userEmail, Email = userEmail, EmailConfirmed = true }; // Username and email must be the same unless you want to make changes to the login code, which assumes they are the same // It will appear to work but once you clear your cache (to delete the cookie) or use another browser it won't work res = UserManager.Create(user, userPWD); if (res.Succeeded) { var special_user = new BTTUser { FirstName = "Victoria", LastName = "Rhine", ASPNetIdentityID = user.Id }; var sub_user = new Tutor { ID = special_user.ID, VNumber = "V00000000", ClassOf = 2020, AdminApproved = true }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Tutors.Add(sub_user); db.SaveChangesAsync(); } if (res.Succeeded) { var result1 = UserManager.AddToRole(user.Id, ROLES[3]); } //tutor number two userPWD = "tutor2020"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminPassword"]; userEmail = "*****@*****.**"; // System.Web.Configuration.WebConfigurationManager.AppSettings["AdminEmail"]; var tutor = new ApplicationUser { UserName = userEmail, Email = userEmail, EmailConfirmed = true }; res = UserManager.Create(tutor, userPWD); if (res.Succeeded) { var special_user = new BTTUser { FirstName = "Shay", LastName = "Green", ASPNetIdentityID = tutor.Id }; var sub_user = new Tutor { ID = special_user.ID, VNumber = "V11111111", ClassOf = 2021, AdminApproved = true }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Tutors.Add(sub_user); db.SaveChangesAsync(); } if (res.Succeeded) { var result1 = UserManager.AddToRole(tutor.Id, ROLES[3]); } } /*{ * * IdentityResult res; * * // Create user with this role * string userPWD = "student2020";// System.Web.Configuration.WebConfigurationManager.AppSettings["AdminPassword"]; * string userEmail = "*****@*****.**";// System.Web.Configuration.WebConfigurationManager.AppSettings["AdminEmail"]; * var user = new ApplicationUser * { * UserName = userEmail, * Email = userEmail, * EmailConfirmed = true * }; * // Username and email must be the same unless you want to make changes to the login code, which assumes they are the same * // It will appear to work but once you clear your cache (to delete the cookie) or use another browser it won't work * * res = UserManager.Create(user, userPWD); * * if (res.Succeeded) * { * var special_user = new BTTUser * { * FirstName = "Maksim", * LastName = "Stoyanov", * ASPNetIdentityID = user.Id * }; * * var sub_user = new Student * { * ID = special_user.ID, * ClassStanding = "Senior", * GraduatingYear = 2020 * }; * * sub_user.BTTUser = special_user; * db.BTTUsers.Add(special_user); * db.Students.Add(sub_user); * db.SaveChangesAsync(); * } * * UserManager.AddToRole(user.Id, ROLES[2]); * }*/ /* * // creating Creating Professor role * if (!roleManager.RoleExists(ROLES[1])) // Professor Role * { * var role = new IdentityRole(); * role.Name = ROLES[1]; * roleManager.Create(role); * }*/ }
public async Task <ActionResult> Register(RegistrationTypes model) { bool isStudent, isTutor, isProfessor, _error; isStudent = isTutor = isProfessor = _error = false; string _email, _password, _firstname, _lastname, _confmessage, _class_standing, _vnumber; _email = _password = _firstname = _lastname = _class_standing = _vnumber = null; short _classof = 0000; var response = Request["g-recaptcha-response"]; //secret that was generated in key value pair string secret = System.Web.Configuration.WebConfigurationManager.AppSettings["ReCapSecretKey"]; var client = new WebClient(); var reply = client.DownloadString( string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secret, response)); var captchaResponse = JsonConvert.DeserializeObject <CaptchaResponse>(reply); //when response is false check for the error message if (captchaResponse.Success.Equals(false)) { if (captchaResponse.ErrorCodes.Count <= 0) { return(View()); } var error = captchaResponse.ErrorCodes[0].ToLower(); switch (error) { case ("missing-input-secret"): ViewBag.Message = "The secret parameter is missing."; break; case ("invalid-input-secret"): ViewBag.Message = "The secret parameter is invalid or malformed."; break; case ("missing-input-response"): ViewBag.Message = "The response parameter is missing."; break; case ("invalid-input-response"): ViewBag.Message = "The response parameter is invalid or malformed."; break; default: ViewBag.Message = "Error occured. Please try again"; break; } _error = true; } else { ViewBag.Message = "Valid"; } if (ModelState.IsValid && !_error) { if (model.studentVM != null) { isStudent = true; _firstname = model.studentVM.FirstName; _lastname = model.studentVM.LastName; _password = model.studentVM.Password; _class_standing = model.studentVM.ClassStanding; _classof = model.studentVM.GraduatingYear; _email = model.studentVM.Email; } if (model.tutorVM != null) { isTutor = true; _firstname = model.tutorVM.FirstName; _lastname = model.tutorVM.LastName; _password = model.tutorVM.Password; _vnumber = model.tutorVM.VNumber; _classof = model.tutorVM.ClassOf; _email = model.tutorVM.Email; } if (model.professorVM != null) { isProfessor = true; _firstname = model.professorVM.FirstName; _lastname = model.professorVM.LastName; _password = model.professorVM.Password; _email = model.professorVM.Email; } if (isTutor || isProfessor) { _confmessage = "Confirm your account email and wait for admin approval"; ViewBag.Message = "Once you've confirmed that " + _email + " is your email address and recieved admin approval, you'll be able to use your account."; } else { ViewBag.Message = "Once you've confirmed that " + _email + " is your email address, you can continue to your account."; _confmessage = "Confirm your account email"; } //var user = new ApplicationUser { UserName = model.FirstName + " " + model.LastName, Email = model.Email }; var user = new ApplicationUser { UserName = _email, Email = _email }; var result = await UserManager.CreateAsync(user, _password); if (result.Succeeded) { await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false); string callbackUrl = await SendEmailConfirmationTokenAsync(user.Id, _confmessage, _firstname); TempData["Message"] = ViewBag.Message; // Won't be shown to the user if we redirect to home ViewBag.Message = "Check your email and confirm your account; you must be confirmed " + "if you ever need to recover your password."; // TODO: Handle errors, do this upon refactoring into repository pattern // Succeeded in creating a new Identity account, so let's create a new var special_user = new BTTUser { FirstName = _firstname, LastName = _lastname, ASPNetIdentityID = user.Id }; BeyondTheTutorContext db = new BeyondTheTutorContext(); if (model.studentVM != null) { var sub_user = new Student { ClassStanding = _class_standing, GraduatingYear = _classof }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Students.Add(sub_user); UserManager.AddToRole(user.Id, "Student"); } if (model.tutorVM != null) { var sub_user = new Tutor { VNumber = _vnumber, ClassOf = _classof, }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Tutors.Add(sub_user); UserManager.AddToRole(user.Id, "Tutor"); } if (model.professorVM != null) { var sub_user = new Professor { }; sub_user.BTTUser = special_user; db.BTTUsers.Add(special_user); db.Professors.Add(sub_user); UserManager.AddToRole(user.Id, "Professor"); } await db.SaveChangesAsync(); AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); return(RedirectToAction("Index", "Home")); } AddErrors(result); } // If we got this far, something failed, redisplay form if (model.professorVM != null) { ViewBag.validationError = "professor"; } else if (model.tutorVM != null) { ViewBag.validationError = "tutor"; } else if (model.studentVM != null) { ViewBag.validationError = "student"; } ViewBag.ReCapKey = System.Web.Configuration.WebConfigurationManager.AppSettings["ReCapKey"]; return(View(model)); }