/// <summary>
/// Log in as a new session. If success, regardless of expired password, set context.User to the user instance.
/// If failed, it will throw exception with message in the language specified in context.CurrentLanguage.
/// The user with expired password, the caller must force the user to change password.
/// </summary>
/// <param name="context"></param>
/// <param name="session"></param>
/// <param name="application"></param>
/// <param name="ipAddress"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="userMustChangePassword"></param>
/// <returns>last log in time of the user</returns>
//public static void Login(BizPortalSessionContext context, HttpSessionState session, HttpApplicationState application,
// iSystem systemApplication, String ipAddress, String userName, String password, int systemID,
// out bool userMustChangePassword, bool fakeLogin = false)
public static void Login(BizPortalSessionContext context, HttpSessionState session, HttpApplicationState application, String ipAddress,
String userName, String password, out bool userMustChangePassword)
{
userMustChangePassword = false;
try
{
BizPortalConfiguration config = GetConfiguration(context, context.MySystem.SystemID);
if (config.ID != BizPortalConfiguration.CurrentConfiguration.ID)
{
BizPortalConfiguration.CurrentConfiguration = config;
//BizPortalConfiguration.CurrentConfiguration.Security.WebSessionTimeoutValueInMinutes = config.Security.WebSessionTimeoutValueInMinutes;
//BizPortalConfiguration.CurrentConfiguration.Security.PasswordPolicy.MinPasswordLength = config.Security.PasswordPolicy.MinPasswordLength;
//BizPortalConfiguration.CurrentConfiguration.Security.PasswordPolicy.MaxPasswordLength = config.Security.PasswordPolicy.MaxPasswordLength;
//BizPortalConfiguration.CurrentConfiguration.Security.MaxConsecutiveFailedLogonAttempts = config.Security.MaxConsecutiveFailedLogonAttempts;
//BizPortalConfiguration.CurrentConfiguration.Security.MaxDaysOfInactivity = config.Security.MaxDaysOfInactivity;
//BizPortalConfiguration.CurrentConfiguration.Security.MaxUsernameLength = config.Security.MaxUsernameLength;
}
}
catch (Exception)
{
throw new Exception("เกิดข้อผิดพลาดในการติดต่อฐานข้อมูลกรุณาติดต่อผู้ดูแลระบบ");
}
MemberUser mu = null;
LoginResult loginResult = LoginResult.IncorrectPassword;
try
{
User user;
loginResult = context.MySystem.Login(context, userName, password, out user, out userMustChangePassword);
mu = (MemberUser)context.PersistenceSession.GetSessionImplementation().PersistenceContext.Unproxy(user);
}
catch (Exception exc)
{
LogFailureSession(context, session.SessionID, userName, mu, exc.ToString());
throw exc;
}
int invalidPasswordAttemptLimit;
string message = null;
switch (loginResult)
{
case LoginResult.AuthenticationSuccess:
if (mu.IsDisable)
{
message = Messages.Security.UserIsDisable.Format(context.CurrentLanguage.Code);
LogFailureSession(context, session.SessionID, userName, mu, message);
throw new Exception(Messages.Security.UserIsDisableDisplayScreen.Format(context.CurrentLanguage.Code));
}
invalidPasswordAttemptLimit = context.Configuration.Security.MaxConsecutiveFailedLogonAttempts;
if (mu.NumberOfConsecutiveFailedLoginAttemptsReachesLimit(invalidPasswordAttemptLimit))
{
message = Messages.Security.UserIsSuspended.Format(context.CurrentLanguage.Code, invalidPasswordAttemptLimit);
LogFailureSession(context, session.SessionID, userName, mu, message);
SendSMSToSelfAuthenticatedUser(context, mu, message);
throw new Exception(Messages.Security.UserIsConsecutiveFailedLoginDisplayScreen.Format(context.CurrentLanguage.Code));
}
else if (mu.HasBeenInactiveTooLong(context.Configuration.Security.MaxDaysOfInactivity))
{
message = Messages.Security.UserIsInactive.Format(context.CurrentLanguage.Code, context.Configuration.Security.MaxDaysOfInactivity);
LogFailureSession(context, session.SessionID, userName, mu, message);
SendSMSToSelfAuthenticatedUser(context, mu, message);
throw new Exception(Messages.Security.UserIsInactiveDisplayScreen.Format(context.CurrentLanguage.Code));
}
//Check for login collision
var userId = mu.ID;
var activeUsers = (Dictionary <long, string>)application["ActivingUsers"];
if (activeUsers.ContainsKey(userId))
{
ForceLogout(context, application, mu);
LogFailureSession(context, session.SessionID, userName, mu, Messages.Security.MultipleLogon.Format(context.CurrentLanguage.Code));
throw new Exception(Messages.Security.MultipleLogon.Format(context.CurrentLanguage.Code));
}
if (activeUsers.ContainsValue(session.SessionID))
{
while (activeUsers.ContainsValue(session.SessionID))
{
foreach (var pair in activeUsers)
{
if (session.SessionID.Equals(pair.Value))
{
ForceLogoutForDIfferenceUserSameSession(context, application, mu);
break;
}
}
}
}
activeUsers.Add(userId, session.SessionID);
break;
case LoginResult.IncorrectPassword:
invalidPasswordAttemptLimit = context.Configuration.Security.MaxConsecutiveFailedLogonAttempts;
if (mu.NumberOfConsecutiveFailedLoginAttemptsReachesLimit(invalidPasswordAttemptLimit))
{
message = Messages.Security.UserIsSuspended.Format(context.CurrentLanguage.Code, invalidPasswordAttemptLimit);
}
else
{
message = Messages.Security.IncorrectPassword.Format(context.CurrentLanguage.Code, mu.ConsecutiveFailedLoginCount, invalidPasswordAttemptLimit);
}
LogFailureSession(context, session.SessionID, userName, mu, message);
SendSMSToSelfAuthenticatedUser(context, mu, message);
throw new Exception(Messages.Security.PasswordIsInvalidCode.Format(context.CurrentLanguage.Code));
case LoginResult.UsernameNotFound:
LogFailureSession(context, session.SessionID, userName, mu, Messages.Security.UsernameIsInvalidCode.Format(context.CurrentLanguage.Code));
throw new Exception(Messages.Security.UsernameIsInvalidCode.Format(context.CurrentLanguage.Code));
default:
LogFailureSession(context, session.SessionID, userName, mu, Messages.Security.LoginFailed.Format(context.CurrentLanguage.Code));
throw new Exception(Messages.Security.LoginFailed.Format(context.CurrentLanguage.Code));
}
context.User = mu;
InitializeSession(context, mu, session);
#region Old
//}
//catch (Exception exc)
//{
// LogFailure(context, session, systemApplication, ipAddress, userName, mu, exc.ToString());
// if (exc.Message != Messages.Security.MultipleLogon.Format(context.CurrentLanguage.Code) && mu != null)
// {
// string loginFailed = Messages.Security.UsernameIsInvalidCode.Format(context.CurrentLanguage.Code, mu.ConsecutiveFailedLoginCount);
// if (mu is SelfAuthenticatedUser)
// {
// string messageSMS = "";
// if (exc.Message == Messages.Security.UserIsSuspendedForTooManyConsecutiveLoginFailures.Format(context.CurrentLanguage.Code,
// context.Configuration.Security.MaxConsecutiveFailedLogonAttempts))
// {
// messageSMS = Messages.Security.UserIsSuspendedForTooManyConsecutiveLoginFailures.Format(context.CurrentLanguage.Code,
// context.Configuration.Security.MaxConsecutiveFailedLogonAttempts);
// }
// else if (mu.ConsecutiveFailedLoginCount >= context.Configuration.Security.MaxConsecutiveFailedLogonAttempts)//by kittikun
// {
// messageSMS = Messages.Security.UserIsSuspendedForTooManyConsecutiveLoginFailures.Format(context.CurrentLanguage.Code,
// context.Configuration.Security.MaxConsecutiveFailedLogonAttempts);
// }
// else if (exc.Message == Messages.Security.UserHasBeenInactiveLongerThanLimit.Format(context.CurrentLanguage.Code, context.Configuration.Security.MaxDaysOfInactivity))
// {
// messageSMS = Messages.Security.UserHasBeenInactiveLongerThanLimit.Format(context.CurrentLanguage.Code,
// context.Configuration.Security.MaxDaysOfInactivity);
// }
// else
// {
// messageSMS = Messages.Security.UserIsDisableForExcessiveConsecutiveFailedLoginUnLimit.Format(
// context.CurrentLanguage.Code,
// mu.ConsecutiveFailedLoginCount,
// context.Configuration.Security.MaxConsecutiveFailedLogonAttempts);
// }
// try
// {
// Adapter.SendLoginFailed(context, CIMB.Adapter.CIMBSMS.SmsLanguageType.TH, mu.MobilePhoneNumber, messageSMS);
// }
// catch (Exception ex)
// {
// context.Log(SystemFunctionID.Login.ID, 0, 0, ActionLog.SystemFunction.SendSMSFailed, string.Format("<b>ส่ง SMS ไม่สำเร็จ</b><br /><b>ข้อผิดพลาด</b> : {0}", ex.Message));
// }
// }
// context.Log(SystemFunctionID.Login.ID, 0, 0, SystemFunctionID.Login.Action.Failed, string.Format("<b>เข้าสู่ระบบไม่สำเร็จ</b><br /><b>ชื่อเข้าใช้งาน</b> : {0}<br /><b>ข้อผิดพลาด</b> : {1}", userName, exc.Message));
// throw;
// }
//context.Log(SystemFunctionID.Login.ID, 0, 0, SystemFunctionID.Login.Action.Failed, string.Format("<b>เข้าสู่ระบบไม่สำเร็จ</b><br /><b>ชื่อเข้าใช้งาน</b> : {0}<br /><b>ข้อผิดพลาด</b> : {1}", userName, exc.Message));
//throw exc;
//}
#endregion Old
}