public ActionResult ResendOTP()
{
List <OTPConfigurationDTO> lstOTPConfiguration = null;
LoginUserDetails objLoginUserDetails = null;
int OTPDigits = 0;
bool IsAlphaNumeric = false;
int OTPConfigMasterID = 1;
int UserInfoID = 0;
string EmailId = string.Empty;
string UserFullName = string.Empty;
int OTPExpirationTimeInSeconds = 0;
string GeneratedOTP = string.Empty;
string userLoginId = string.Empty;
bool returnResult = false;
try
{
objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
userLoginId = objLoginUserDetails.UserName;
using (TwoFactorAuthSL objOTPAuthDAL = new TwoFactorAuthSL())
{
lstOTPConfiguration = objOTPAuthDAL.GetOTPConfiguration(objLoginUserDetails.CompanyDBConnectionString);
foreach (var OTPConfig in lstOTPConfiguration)
{
OTPDigits = OTPConfig.OTPDigits;
IsAlphaNumeric = OTPConfig.IsAlphaNumeric;
OTPConfigMasterID = OTPConfig.OTPConfigurationSettingMasterID;
OTPExpirationTimeInSeconds = OTPConfig.OTPExpirationTimeInSeconds;
}
lstOTPConfiguration = objOTPAuthDAL.GetUserDeatailsForOTP(objLoginUserDetails.CompanyDBConnectionString, userLoginId);
foreach (var usrDetails in lstOTPConfiguration)
{
UserInfoID = usrDetails.UserInfoId;
EmailId = usrDetails.EmailID;
UserFullName = usrDetails.FullName;
}
}
Session["OTPDownTime"] = OTPExpirationTimeInSeconds;
Random RandomeNo = new Random();
string OTPCharacters = Common.Common.OTPAllowedCharacters(OTPDigits);
if (IsAlphaNumeric)
{
GeneratedOTP = OTPCharacters;
}
else
{
GeneratedOTP = Common.Common.OTPGeneratorUsingMD5AlgorithemAndDateTimeParameters(OTPCharacters, Convert.ToString(RandomeNo.Next(10)), OTPDigits);
}
if (EmailId.Length > 0)
{
if (GeneratedOTP.Length == OTPDigits)
{
using (TwoFactorAuthSL objSaveOTP = new TwoFactorAuthSL())
{
returnResult = objSaveOTP.SaveOTPDetails(objLoginUserDetails.CompanyDBConnectionString, OTPConfigMasterID, UserInfoID, EmailId, GeneratedOTP, OTPExpirationTimeInSeconds);
}
if (returnResult)
{
Common.Common.SendOTPMail(EmailId, objLoginUserDetails.CompanyName, GeneratedOTP, UserFullName);
}
}
}
else
{
Session["OTPDownTime"] = 0;
objLoginUserDetails.SuccessMessage = null;
objLoginUserDetails.ErrorMessage = Common.Common.getResource("tfa_msg_61008");
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile(Common.Common.getResource("tfa_msg_61008"));
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
}
catch (Exception exp)
{
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
}
objLoginUserDetails.ErrorMessage = null;
objLoginUserDetails.SuccessMessage = Common.Common.getResource("tfa_msg_61005");
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile("OTP has been re-sent to your registered email id");
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
public async Task <ActionResult> Login(UserDetailsModel model)
{
LoginUserDetails objLoginUserDetails = null;
InsiderTradingEncryption.DataSecurity objPwdHash = null;
CompanyDTO objSelectedCompany = null;
DataSecurity objDataSecurity = new DataSecurity();
PasswordConfigDTO objPasswordConfig = null;
int loginCount = 0;
Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod());
bool IsEmailOTPActive = false;
try
{
Session["UserCaptchaText"] = (model.sCaptchaText == null) ? string.Empty : model.sCaptchaText;
TempData["ShowDupTransPopUp"] = 1;
objLoginUserDetails = new LoginUserDetails();
string formUsername = string.Empty;
string formPassword = string.Empty;
string formEncryptedUsername = string.Empty;
string formEncryptedPassword = string.Empty;
string sPasswordHash = string.Empty;
string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key;
string EncryptedRandomNo = string.Empty;
if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt))
{
objPwdHash = new InsiderTradingEncryption.DataSecurity();
formEncryptedUsername = model.sUserName;
formEncryptedPassword = model.sPassword;
formEncryptedUsername = DecryptStringAES(formEncryptedUsername, javascriptEncryptionKey, javascriptEncryptionKey);
formEncryptedPassword = DecryptStringAES(formEncryptedPassword, javascriptEncryptionKey, javascriptEncryptionKey);
EncryptedRandomNo = formEncryptedUsername.Split('~')[1].ToString();
if (EncryptedRandomNo != Convert.ToString(Session["randomNumber"]))
{
throw new System.Web.HttpException(401, "Unauthorized access");
}
formUsername = formEncryptedUsername.Split('~')[0].ToString();
formPassword = formEncryptedPassword.Split('~')[0].ToString();
}
else
{
Session["IsSSOActivated"] = "1";
formUsername = model.sUserName;
sPasswordHash = string.IsNullOrEmpty(model.sPassword) ? "" : model.sPassword;
}
using (CompaniesSL objCompanySL = new CompaniesSL())
{
if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
{
Dictionary <string, string> objCompaniesDictionary = null;
objCompaniesDictionary = new Dictionary <string, string>();
foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
{
objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
}
if (objCompaniesDictionary.ContainsValue(model.sCompanyName.ToLower()))
{
model.sCompanyName = (from entry in objCompaniesDictionary
where entry.Value.ToLower() == model.sCompanyName.ToLower()
select entry.Key).FirstOrDefault();
}
else
{
objLoginUserDetails.ErrorMessage = "Invalid company name";
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile("Invalid company name");
Session["IsSSOActivated"] = null;
return(RedirectToAction("Login", "Account"));
}
}
objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), model.sCompanyName);
if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt))
{
string saltValue = string.Empty;
string calledFrom = "Login";
using (UserInfoSL ObjUserInfoSL = new UserInfoSL())
{
List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objSelectedCompany.CompanyConnectionString, formUsername, calledFrom);
foreach (var UserDetails in lstUserDetails)
{
saltValue = UserDetails.SaltValue;
}
}
using (TwoFactorAuthSL objIsOTPEnable = new TwoFactorAuthSL())
{
IsEmailOTPActive = objIsOTPEnable.CheckIsOTPActived(objSelectedCompany.CompanyConnectionString, formUsername);
}
string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue;
if (saltValue != null && saltValue != "")
{
sPasswordHash = objPwdHash.CreateHashToVerify(formPassword, usrSaltValue);
}
else
{
sPasswordHash = objPwdHash.CreateHash(formPassword, usrSaltValue);
}
}
objLoginUserDetails.UserName = formUsername;
objLoginUserDetails.Password = sPasswordHash;
objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString;
objLoginUserDetails.CompanyName = model.sCompanyName;
objLoginUserDetails.IsUserLogin = false; //this flag indicate that user is not yet login sucessfully
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
using (var objPassConfigSL = new PasswordConfigSL())
{
objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
loginCount = (Session["UserLgnCount"] == null) ? 0 : Convert.ToInt32(Session["UserLgnCount"].ToString());
TempData["ShowCaptcha"] = false;
if (loginCount >= (objPasswordConfig.LoginAttempts - 1))
{
TempData["ShowCaptcha"] = true;
Session["DisplayCaptcha"] = true;
}
if ((loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText == "") || loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText != Session["CaptchaValue"].ToString())
{
TempData["ShowCaptcha"] = true;
TempData["ErrorMessage"] = "Please provide valid text";
}
}
}
}
catch (Exception exp)
{
//If User is trying to login with a loginID which is being logged-in into the system. Then show the message and don't allow to login.
string sErrMessage = exp.Message;
objLoginUserDetails.ErrorMessage = sErrMessage;
objLoginUserDetails.IsAccountValidated = false;
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
Session["IsSSOActivated"] = null;
ClearAllSessions();
return(RedirectToAction("Login", "Account"));
}
finally
{
objLoginUserDetails = null;
objPwdHash = null;
objSelectedCompany = null;
}
if (IsEmailOTPActive)
{
Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
Session["TwoFactor"] = 1;
Session["IsOTPAuthPage"] = "TwoFactorAuthentication";
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
else
{
Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod());
Session["loginStatus"] = 1;
return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" }));
}
}
public ActionResult OTPAuthentication(TwoFactorAuthModel objtwoFactorModel)
{
List <OTPConfigurationDTO> lstOTPConfiguration = null;
LoginUserDetails objLoginUserDetails = null;
int OTPDigits = 0;
bool IsAlphaNumeric = false;
int OTPConfigMasterID = 1;
int UserInfoID = 0;
string EmailId = string.Empty;
int OTPExpirationTimeInSeconds = 0;
string GeneratedOTP = string.Empty;
string userLoginId = string.Empty;
int returnResult = 0;
try
{
objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
userLoginId = objLoginUserDetails.UserName;
using (TwoFactorAuthSL objOTPAuthDAL = new TwoFactorAuthSL())
{
lstOTPConfiguration = objOTPAuthDAL.GetOTPConfiguration(objLoginUserDetails.CompanyDBConnectionString);
foreach (var OTPConfig in lstOTPConfiguration)
{
OTPDigits = OTPConfig.OTPDigits;
IsAlphaNumeric = OTPConfig.IsAlphaNumeric;
OTPConfigMasterID = OTPConfig.OTPConfigurationSettingMasterID;
OTPExpirationTimeInSeconds = OTPConfig.OTPExpirationTimeInSeconds;
}
lstOTPConfiguration = objOTPAuthDAL.GetUserDeatailsForOTP(objLoginUserDetails.CompanyDBConnectionString, userLoginId);
foreach (var usrDetails in lstOTPConfiguration)
{
UserInfoID = usrDetails.UserInfoId;
EmailId = usrDetails.EmailID;
}
if (objtwoFactorModel.OTPCode.Length == OTPDigits)
{
returnResult = objOTPAuthDAL.ValidateOTPDetails(objLoginUserDetails.CompanyDBConnectionString, OTPConfigMasterID, UserInfoID, objtwoFactorModel.OTPCode);
}
else
{
returnResult = 3;
}
}
if (returnResult == 1)
{
Session["loginStatus"] = 1;
Session["TwoFactor"] = 0;
return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" }));
}
else if (returnResult == 2)
{
objLoginUserDetails.SuccessMessage = null;
objLoginUserDetails.ErrorMessage = Common.Common.getResource("tfa_msg_61004");
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile(Common.Common.getResource("tfa_msg_61004"));
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
else if (returnResult == 3)
{
objLoginUserDetails.SuccessMessage = null;
objLoginUserDetails.ErrorMessage = Common.Common.getResource("tfa_msg_61003");
Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
Common.Common.WriteLogToFile(Common.Common.getResource("tfa_msg_61003"));
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
else
{
return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" }));
}
}
catch (Exception exp)
{
Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp);
ClearAllSessions();
return(RedirectToAction("Login", "Account"));
}
finally
{
objLoginUserDetails = null;
}
}
