public ActionResult Login(User usrLogin)
{
_logMessages.Append("Initiating Login in AccountController.Login .");
bool success = false;
string tableauTicket = string.Empty;
string serviceId = string.Empty;
string defaultDomain = "";
ClaimsIdentity userClaims = null;
bool enableTableau = false;
if (ModelState.IsValid)
{
try
{
enableTableau = ConfigurationManager.AppSettings["enableTableau"].Equals(bool.TrueString, StringComparison.OrdinalIgnoreCase);
defaultDomain = ConfigurationManager.AppSettings["DefaultDomain"].ToString();
if (usrLogin.IsInternalUser)
{
_logMessages.Append("Performing logon as internal user LDAP Authentication. Username " + usrLogin.UserName + ".");
LDAPUser ldapUser = _restClient.IsLDAPAuthenticated(usrLogin.UserName, usrLogin.Password);
if (ldapUser == null)
{
success = false;
ModelState.AddModelError(string.Empty, "An error occurred please try again.");
}
else
{
switch (ldapUser.LDAPAccessStatus)
{
case LDAPAccessStatus.UserLogonSuccessful:
_logMessages.Append("Ldap Authentication successfull.");
userClaims = new ClaimsIdentity(
new[]
{
new Claim(ClaimTypes.Name, usrLogin.UserName),
new Claim(ClaimTypes.GivenName, ldapUser.FirstName),
new Claim(ClaimTypes.Surname, ldapUser.LastName),
new Claim(AHP.Core.ClaimTypes.DisplayName, ldapUser.DisplayName),
new Claim(AHP.Core.ClaimTypes.IsInternalUser, usrLogin.IsInternalUser.ToString())
},
Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
success = true;
_logMessages.AppendFormat("Retrieving tableau account name for internal user {0}.", usrLogin.UserName);
//Authenticate with Tableau for trusted ticket
GenericAjaxResponse <string> getAccnameResponse = _restClient.GetTableauAccountname(usrLogin.UserName);
_logMessages.AppendFormat("Tableau account name mapped to user {0} is '{1}'.", usrLogin.UserName, getAccnameResponse.Data);
if (getAccnameResponse.Success && !string.IsNullOrEmpty(getAccnameResponse.Data))
{
GenericAjaxResponse <string> tabSigninResponse = _tableauClient.SignIn(getAccnameResponse.Data);
if (tabSigninResponse.Success)
{
tableauTicket = tabSigninResponse.Data;
}
}
//add tableau ticket to claims
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.TableauAuthTicket, tableauTicket));
//Authenticate with BO again to get the Token for Reports
_logMessages.Append("Requesting BO Server for user information and token.");
//get session information along wit user information
GenericAjaxResponse <AHP.Core.Model.BOUserSessionInfo> sessionInfo = _restClient.LogonToWebIntelligence(usrLogin.UserName);
if (sessionInfo.Success)
{
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.MustChangeSecurityQuestion, bool.FalseString));
//AD Users are always a User. They can't be admin
userClaims.AddClaim(new Claim(ClaimTypes.Role, "User"));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.LogonToken, sessionInfo.Data.DefaultToken));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.BOSessionId, sessionInfo.Data.SessionId));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.BOSerializedSession, sessionInfo.Data.SerializedSession));
//Internal users can't change pwd
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.MustChangePassword, bool.FalseString));
//for internal users last login date is now
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.LastLogonDate, DateTime.Now.ToShortDateString()));
//internal users don't have pwd expiry
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.PasswordExpired, bool.FalseString));
success = true;
}
else
{
ModelState.AddModelError(string.Empty, sessionInfo.Errors[0]);
success = false;
}
break;
case LDAPAccessStatus.UserLogonUnsuccessful:
success = false;
ModelState.AddModelError(string.Empty, "The username and password combination you entered is incorrect. Please use the same username and password as your AHM computer and try again.");
_logMessages.Append("Internal user authentication failed for user " + usrLogin.UserName + ".");
break;
case LDAPAccessStatus.UserAccountLocked:
success = false;
ModelState.AddModelError(string.Empty, "Your user account is locked. Please contact AHM IT for further assistance");
_logMessages.Append("Internal user account has been locked for user " + usrLogin.UserName + ".");
break;
default:
success = false;
ModelState.AddModelError(string.Empty, "Unknown error has occurred. Please try again.");
_logMessages.AppendFormat("User :{0}, got response from AD which is either not success and nor Account locked.", usrLogin.UserName);
break;
}
}
}
else
{
_logMessages.Append("Performing Logon as External user. Authenticating with BO System. Username " + usrLogin.UserName + ".");
GenericAjaxResponse <AHP.Core.DTO.ExternalUserInfo> apiResponse = _restClient.Login(usrLogin.UserName, usrLogin.Password);
if (apiResponse == null)
{
ModelState.AddModelError(string.Empty, "An error occurred. Please try again");
success = false;
}
else
{
if (!apiResponse.Success)
{
success = false;
if (apiResponse.Errors.Count >= 1)
{
string errMessage = apiResponse.Errors[0];
if (!string.IsNullOrEmpty(errMessage))
{
errMessage = errMessage.Replace("<<click here>>", "<a href='" + Url.Action("ResetPassword", "AccountRecovery") + "' title='reset password'>click here</a>");
}
ModelState.AddModelError(string.Empty, errMessage);
}
else
{
ModelState.AddModelError(string.Empty, "An error occurred. Please try again");
}
}
else
{
if (apiResponse.Data == null)
{
success = false;
ModelState.AddModelError(string.Empty, "An error occurred. Please try again");
}
else
{
_logMessages.AppendFormat("Retrieving tableau account name for external user {0}.", usrLogin.UserName);
//get session information along wit user information
GenericAjaxResponse <AHP.Core.Model.BOUserSessionInfo> sessionInfo = _restClient.LogonToWebIntelligence(apiResponse.Data.Username);
//get security question for the user, if nothing exists then ask user to setup his security questions
GenericAjaxResponse <List <AHP.Core.DTO.UserSecurityOption> > usrQuestions = _restClient.GetSecurityQuestionsForUser(apiResponse.Data.Username);
if (sessionInfo.Success)
{
userClaims = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, usrLogin.UserName),
new Claim(AHP.Core.ClaimTypes.IsInternalUser, usrLogin.IsInternalUser.ToString())
}, Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
userClaims.AddClaim(new Claim(ClaimTypes.GivenName, apiResponse.Data.Firstname));
userClaims.AddClaim(new Claim(ClaimTypes.Surname, apiResponse.Data.Lastname));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.DisplayName, string.Format("{0},{1}", apiResponse.Data.Lastname, apiResponse.Data.Firstname)));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.Company, apiResponse.Data.Company ?? string.Empty));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.MustChangeSecurityQuestion, usrQuestions.Success ? (usrQuestions.Data.Count != 3).ToString() : bool.FalseString));
userClaims.AddClaim(new Claim(ClaimTypes.Email, apiResponse.Data.Email));
userClaims.AddClaim(new Claim(ClaimTypes.Role, apiResponse.Data.Role));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.LogonToken, sessionInfo.Data.DefaultToken));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.BOSessionId, sessionInfo.Data.SessionId));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.BOSerializedSession, sessionInfo.Data.SerializedSession));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.MustChangePassword, apiResponse.Data.ChangePasswordOnLogon.ToString()));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.LastLogonDate, apiResponse.Data.LastLogonDate));
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.PasswordExpired, (apiResponse.Data.PasswordExpiresOn.Date - DateTime.Today).TotalDays <= 0 ? bool.TrueString:bool.FalseString));
_logMessages.AppendFormat("Using Service SID for tableau account name for external user {0}.", usrLogin.UserName);
serviceId = System.Configuration.ConfigurationManager.AppSettings["SID"];
GenericAjaxResponse <string> tabSigninResponse = _tableauClient.SignIn(serviceId);
if (tabSigninResponse.Success)
{
tableauTicket = tabSigninResponse.Data;
}
_logMessages.AppendFormat("Obtained ticket '{0} for external user {1} using SID'", tableauTicket, usrLogin.UserName);
//add tableau ticket to claims
userClaims.AddClaim(new Claim(AHP.Core.ClaimTypes.TableauAuthTicket, tableauTicket));
success = true;
}
else
{
ModelState.AddModelError(string.Empty, sessionInfo.Errors[0]);
success = false;
}
}
}
}
}
}
catch (Exception ex)
{
_logMessages.Append("An Error occurred Exception Message is " + ex.Message + ".");
Elmah.ErrorLog.GetDefault(null).Log(new Elmah.Error(ex));
ModelState.AddModelError(string.Empty, "Error occurred processing your request. Please try again");
success = false;
}
}
else
{
_logMessages.Append("Model Validation Failed.");
success = false;
}
_logger.Info(_logMessages.ToString());
if (success)
{
_authManager.SignIn(Request, userClaims);
//redirect to customer logon page
return(RedirectToAction("Home", "Customer"));
}
else
{
usrLogin.UserName = string.Empty;
usrLogin.Password = string.Empty;
usrLogin.IsInternalUser = false;
return(View("~/Views/Default/login.cshtml", usrLogin));
}
}