//************************************** // URL: /Account/LogOn // will return this view if invalid user, will login and go to home if valid user // ************************************** public ActionResult LogOn() { //Check A Parameter string a = this.HttpContext.Request.QueryString["a"]; if (string.IsNullOrEmpty(a)) { //No A Parameter string errorMessage = "No A Parameter detected - user not authorised"; logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false); return(View()); } try { string decodedURL = CWTAuthenticationHelper.Decrypt(a); if (!string.IsNullOrEmpty(decodedURL)) { //Split Parameters and put into NameValueCollection for easy access string[] urlParameters = urlParameters = decodedURL.Split(';'); NameValueCollection qsValues = new NameValueCollection(); string[] nameAndValue; foreach (string parameter in urlParameters) { if (parameter != "") { nameAndValue = parameter.Split(new char[] { '=' }); qsValues.Add(nameAndValue[0], nameAndValue[1]); } } //Process User Id if (qsValues["cwt_user_OID"] == null || string.IsNullOrEmpty(qsValues["cwt_user_OID"])) { string errorMessage = "(Err 0002) Failed Login Attempt - UID Parameter Missing"; logRepository.LogError(errorMessage); logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false); return(View()); } ; //Process Timestamp if (qsValues["timestamp"] == null || string.IsNullOrEmpty(qsValues["timestamp"])) { string errorMessage = "(Err 0004) Failed Login Attempt - Timestamp Parameter Missing"; logRepository.LogError(errorMessage); logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false); return(View()); } ; //Check URL timestamp long urlTimeStamp = Int64.Parse(qsValues["timestamp"]); //Get current timestamp (based on UTC time) DateTime times = new DateTime(); DateTime date1970 = new DateTime(1970, 1, 1); times = DateTime.Now.ToUniversalTime(); //change Server time to UTC time TimeSpan t = new TimeSpan(); t = times - date1970; TimeZone localTimeZone = TimeZone.CurrentTimeZone; long currentTimeStamp = new long(); currentTimeStamp = System.Convert.ToInt64(t.TotalMilliseconds - (60000 * ((localTimeZone.GetUtcOffset(times).Hours * 60) + (localTimeZone.GetUtcOffset(times).Minutes)))); //Check if more than 60 seconds since Login URL created if ((Math.Abs(currentTimeStamp - urlTimeStamp) > 60000)) { string errorMessage = "(Err 0005) Failed Login Attempt - Out Of Range TimeStamp, currentTimeStamp=" + currentTimeStamp.ToString() + ", urlTimeStamp=" + urlTimeStamp.ToString(); logRepository.LogError(errorMessage); logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false); return(View()); } //Try login user AccountRepository accountRepository = new AccountRepository(); SystemUser systemUser = accountRepository.GetUserBySystemUserGuid(qsValues["cwt_user_OID"]); if (systemUser == null) { logRepository.LogError("(Err 0006) Failed Login Attempt - No Such User(" + qsValues["cwt_user_OID"].ToString() + ")"); logRepository.LogApplicationUsage(16, "", "", "No Such User(" + qsValues["cwt_user_OID"].ToString() + ")", "", null, false); return(View()); } //SUCCESSFUL LOGIN //Store userdata in cookie for Forms Authentication accountRepository.persistUser(systemUser.SystemUserGuid, ConfigurationManager.AppSettings["DefaultConnectionStringName"]); //Log logRepository.LogApplicationUsageFirstLogin(7, "", "", "", "", null, true, systemUser.SystemUserGuid); //Update login TimeStamp SystemUserRepository systemUserRepository = new SystemUserRepository(); systemUserRepository.UpdateSystemUserLastLoginTimestamp(qsValues["cwt_user_OID"]); //go to Home Page return(RedirectToAction("Index", "Home")); } } catch (Exception ex) { //Other error string errorMessage = "(Err 0007) Failed Login Attempt - " + ex.Message.ToString(); logRepository.LogApplicationUsage(16, "", "", errorMessage, "", null, false); logRepository.LogError(errorMessage); } return(View()); }