public ActionResult Login(LoginViewModel viewModel)
{
GRINUser grinUser = null;
ResultContainer resultContainer = new ResultContainer();
try
{
resultContainer = _securityService.Login(viewModel.UserName, viewModel.Password, out grinUser);
if (resultContainer.ResultCode == LoginResult.SUCCESS.ToString())
{
log.Info("USER LOGGED IN: " + grinUser.UserName);
Session["AUTHENTICATED_USER"] = grinUser;
}
else
{
throw new AuthenticationException(resultContainer.ResultCode);
}
}
catch (AuthenticationException aex)
{
log.Error(aex.Message);
viewModel.Status = resultContainer.ResultCode;
viewModel.ErrorMessage = resultContainer.ResultDescription;
return(View("~/Views/Admin/Login.cshtml", viewModel));
}
catch (Exception ex)
{
log.Error(ex.Message + ", " + ex.StackTrace);
return(RedirectToAction("Login", "Admin", new { loginStatus = LoginStatusEnum.ERROR }));
}
return(RedirectToAction("Index", "Admin", new { loginStatus = LoginResult.SUCCESS.ToString(), Area = "" }));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
GRINUser authenticatedUser = filterContext.HttpContext.Session["AUTHENTICATED_USER"] as GRINUser;
if (authenticatedUser == null)
{
filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { controller = "Admin", action = "Login" }));
}
base.OnActionExecuting(filterContext);
}
public GRINUser Find(string userName)
{
GRINUser grinUser = new GRINUser();
var users = _dataContext.usp_User_Search(userName).ToList();
if (users.Count() > 0)
{
var user = users.First();
grinUser = new GRINUser();
grinUser.ID = user.sys_user_id;
grinUser.UserName = user.user_name;
grinUser.Password = user.password;
}
return(grinUser);
}
public ResultContainer Login(string userName, string password, out GRINUser user)
{
string hashedPassword = String.Empty;
ResultContainer resultContainer = new ResultContainer();
bool passwordIsValid = false;
UserRepository _repository = new UserRepository();
user = new GRINUser();
try
{
user = _repository.Find(userName);
if (user.ID == 0)
{
resultContainer.ResultCode = LoginResult.USER_NOT_FOUND.ToString();
resultContainer.ResultDescription = String.Format("The user {0} does not exist.", userName);
return(resultContainer);
}
hashedPassword = Crypto.HashText(password);
passwordIsValid = (validateHashedPassword(password, user.Password) || validateHashedPassword(hashedPassword, user.Password));
if (passwordIsValid)
{
resultContainer.ResultCode = LoginResult.SUCCESS.ToString();
}
else
{
resultContainer.ResultCode = LoginResult.INVALID_PASSWORD.ToString();
resultContainer.ResultDescription = "Your password is invalid.";
return(resultContainer);
}
}
catch (Exception aex)
{
resultContainer.ResultCode = aex.Message;
resultContainer.ResultDescription = aex.StackTrace;
}
return(resultContainer);
}
