public ActionResult ResendOTP() { List <OTPConfigurationDTO> lstOTPConfiguration = null; LoginUserDetails objLoginUserDetails = null; int OTPDigits = 0; bool IsAlphaNumeric = false; int OTPConfigMasterID = 1; int UserInfoID = 0; string EmailId = string.Empty; string UserFullName = string.Empty; int OTPExpirationTimeInSeconds = 0; string GeneratedOTP = string.Empty; string userLoginId = string.Empty; bool returnResult = false; try { objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); userLoginId = objLoginUserDetails.UserName; using (TwoFactorAuthSL objOTPAuthDAL = new TwoFactorAuthSL()) { lstOTPConfiguration = objOTPAuthDAL.GetOTPConfiguration(objLoginUserDetails.CompanyDBConnectionString); foreach (var OTPConfig in lstOTPConfiguration) { OTPDigits = OTPConfig.OTPDigits; IsAlphaNumeric = OTPConfig.IsAlphaNumeric; OTPConfigMasterID = OTPConfig.OTPConfigurationSettingMasterID; OTPExpirationTimeInSeconds = OTPConfig.OTPExpirationTimeInSeconds; } lstOTPConfiguration = objOTPAuthDAL.GetUserDeatailsForOTP(objLoginUserDetails.CompanyDBConnectionString, userLoginId); foreach (var usrDetails in lstOTPConfiguration) { UserInfoID = usrDetails.UserInfoId; EmailId = usrDetails.EmailID; UserFullName = usrDetails.FullName; } } Session["OTPDownTime"] = OTPExpirationTimeInSeconds; Random RandomeNo = new Random(); string OTPCharacters = Common.Common.OTPAllowedCharacters(OTPDigits); if (IsAlphaNumeric) { GeneratedOTP = OTPCharacters; } else { GeneratedOTP = Common.Common.OTPGeneratorUsingMD5AlgorithemAndDateTimeParameters(OTPCharacters, Convert.ToString(RandomeNo.Next(10)), OTPDigits); } if (EmailId.Length > 0) { if (GeneratedOTP.Length == OTPDigits) { using (TwoFactorAuthSL objSaveOTP = new TwoFactorAuthSL()) { returnResult = objSaveOTP.SaveOTPDetails(objLoginUserDetails.CompanyDBConnectionString, OTPConfigMasterID, UserInfoID, EmailId, GeneratedOTP, OTPExpirationTimeInSeconds); } if (returnResult) { Common.Common.SendOTPMail(EmailId, objLoginUserDetails.CompanyName, GeneratedOTP, UserFullName); } } } else { Session["OTPDownTime"] = 0; objLoginUserDetails.SuccessMessage = null; objLoginUserDetails.ErrorMessage = Common.Common.getResource("tfa_msg_61008"); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile(Common.Common.getResource("tfa_msg_61008")); return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } } catch (Exception exp) { Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); } objLoginUserDetails.ErrorMessage = null; objLoginUserDetails.SuccessMessage = Common.Common.getResource("tfa_msg_61005"); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("OTP has been re-sent to your registered email id"); return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); }
public async Task <ActionResult> Login(UserDetailsModel model) { LoginUserDetails objLoginUserDetails = null; InsiderTradingEncryption.DataSecurity objPwdHash = null; CompanyDTO objSelectedCompany = null; DataSecurity objDataSecurity = new DataSecurity(); PasswordConfigDTO objPasswordConfig = null; int loginCount = 0; Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod()); bool IsEmailOTPActive = false; try { Session["UserCaptchaText"] = (model.sCaptchaText == null) ? string.Empty : model.sCaptchaText; TempData["ShowDupTransPopUp"] = 1; objLoginUserDetails = new LoginUserDetails(); string formUsername = string.Empty; string formPassword = string.Empty; string formEncryptedUsername = string.Empty; string formEncryptedPassword = string.Empty; string sPasswordHash = string.Empty; string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key; string EncryptedRandomNo = string.Empty; if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt)) { objPwdHash = new InsiderTradingEncryption.DataSecurity(); formEncryptedUsername = model.sUserName; formEncryptedPassword = model.sPassword; formEncryptedUsername = DecryptStringAES(formEncryptedUsername, javascriptEncryptionKey, javascriptEncryptionKey); formEncryptedPassword = DecryptStringAES(formEncryptedPassword, javascriptEncryptionKey, javascriptEncryptionKey); EncryptedRandomNo = formEncryptedUsername.Split('~')[1].ToString(); if (EncryptedRandomNo != Convert.ToString(Session["randomNumber"])) { throw new System.Web.HttpException(401, "Unauthorized access"); } formUsername = formEncryptedUsername.Split('~')[0].ToString(); formPassword = formEncryptedPassword.Split('~')[0].ToString(); } else { Session["IsSSOActivated"] = "1"; formUsername = model.sUserName; sPasswordHash = string.IsNullOrEmpty(model.sPassword) ? "" : model.sPassword; } using (CompaniesSL objCompanySL = new CompaniesSL()) { if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox") { Dictionary <string, string> objCompaniesDictionary = null; objCompaniesDictionary = new Dictionary <string, string>(); foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString())) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName); } if (objCompaniesDictionary.ContainsValue(model.sCompanyName.ToLower())) { model.sCompanyName = (from entry in objCompaniesDictionary where entry.Value.ToLower() == model.sCompanyName.ToLower() select entry.Key).FirstOrDefault(); } else { objLoginUserDetails.ErrorMessage = "Invalid company name"; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Invalid company name"); Session["IsSSOActivated"] = null; return(RedirectToAction("Login", "Account")); } } objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), model.sCompanyName); if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt)) { string saltValue = string.Empty; string calledFrom = "Login"; using (UserInfoSL ObjUserInfoSL = new UserInfoSL()) { List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objSelectedCompany.CompanyConnectionString, formUsername, calledFrom); foreach (var UserDetails in lstUserDetails) { saltValue = UserDetails.SaltValue; } } using (TwoFactorAuthSL objIsOTPEnable = new TwoFactorAuthSL()) { IsEmailOTPActive = objIsOTPEnable.CheckIsOTPActived(objSelectedCompany.CompanyConnectionString, formUsername); } string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue; if (saltValue != null && saltValue != "") { sPasswordHash = objPwdHash.CreateHashToVerify(formPassword, usrSaltValue); } else { sPasswordHash = objPwdHash.CreateHash(formPassword, usrSaltValue); } } objLoginUserDetails.UserName = formUsername; objLoginUserDetails.Password = sPasswordHash; objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString; objLoginUserDetails.CompanyName = model.sCompanyName; objLoginUserDetails.IsUserLogin = false; //this flag indicate that user is not yet login sucessfully Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); using (var objPassConfigSL = new PasswordConfigSL()) { objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString); loginCount = (Session["UserLgnCount"] == null) ? 0 : Convert.ToInt32(Session["UserLgnCount"].ToString()); TempData["ShowCaptcha"] = false; if (loginCount >= (objPasswordConfig.LoginAttempts - 1)) { TempData["ShowCaptcha"] = true; Session["DisplayCaptcha"] = true; } if ((loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText == "") || loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText != Session["CaptchaValue"].ToString()) { TempData["ShowCaptcha"] = true; TempData["ErrorMessage"] = "Please provide valid text"; } } } } catch (Exception exp) { //If User is trying to login with a loginID which is being logged-in into the system. Then show the message and don't allow to login. string sErrMessage = exp.Message; objLoginUserDetails.ErrorMessage = sErrMessage; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); Session["IsSSOActivated"] = null; ClearAllSessions(); return(RedirectToAction("Login", "Account")); } finally { objLoginUserDetails = null; objPwdHash = null; objSelectedCompany = null; } if (IsEmailOTPActive) { Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); Session["TwoFactor"] = 1; Session["IsOTPAuthPage"] = "TwoFactorAuthentication"; return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } else { Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); Session["loginStatus"] = 1; return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" })); } }
public ActionResult OTPAuthentication(TwoFactorAuthModel objtwoFactorModel) { List <OTPConfigurationDTO> lstOTPConfiguration = null; LoginUserDetails objLoginUserDetails = null; int OTPDigits = 0; bool IsAlphaNumeric = false; int OTPConfigMasterID = 1; int UserInfoID = 0; string EmailId = string.Empty; int OTPExpirationTimeInSeconds = 0; string GeneratedOTP = string.Empty; string userLoginId = string.Empty; int returnResult = 0; try { objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); userLoginId = objLoginUserDetails.UserName; using (TwoFactorAuthSL objOTPAuthDAL = new TwoFactorAuthSL()) { lstOTPConfiguration = objOTPAuthDAL.GetOTPConfiguration(objLoginUserDetails.CompanyDBConnectionString); foreach (var OTPConfig in lstOTPConfiguration) { OTPDigits = OTPConfig.OTPDigits; IsAlphaNumeric = OTPConfig.IsAlphaNumeric; OTPConfigMasterID = OTPConfig.OTPConfigurationSettingMasterID; OTPExpirationTimeInSeconds = OTPConfig.OTPExpirationTimeInSeconds; } lstOTPConfiguration = objOTPAuthDAL.GetUserDeatailsForOTP(objLoginUserDetails.CompanyDBConnectionString, userLoginId); foreach (var usrDetails in lstOTPConfiguration) { UserInfoID = usrDetails.UserInfoId; EmailId = usrDetails.EmailID; } if (objtwoFactorModel.OTPCode.Length == OTPDigits) { returnResult = objOTPAuthDAL.ValidateOTPDetails(objLoginUserDetails.CompanyDBConnectionString, OTPConfigMasterID, UserInfoID, objtwoFactorModel.OTPCode); } else { returnResult = 3; } } if (returnResult == 1) { Session["loginStatus"] = 1; Session["TwoFactor"] = 0; return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" })); } else if (returnResult == 2) { objLoginUserDetails.SuccessMessage = null; objLoginUserDetails.ErrorMessage = Common.Common.getResource("tfa_msg_61004"); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile(Common.Common.getResource("tfa_msg_61004")); return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } else if (returnResult == 3) { objLoginUserDetails.SuccessMessage = null; objLoginUserDetails.ErrorMessage = Common.Common.getResource("tfa_msg_61003"); Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile(Common.Common.getResource("tfa_msg_61003")); return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } else { return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } } catch (Exception exp) { Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); ClearAllSessions(); return(RedirectToAction("Login", "Account")); } finally { objLoginUserDetails = null; } }