public void RecordSuccessfulLoginAttempt(LoginModel login, string ipAddress, string message = null)
{
LoginAttemptLog log = new LoginAttemptLog()
{
IpAddress = ipAddress,
Location = new Location(login.LocationId),
LoginDate = DateTime.Now,
Reason = string.IsNullOrEmpty(message) ? null : message,
ResultFlag = true,
UserName = login.Name
};
SecurityRepository.InsertLoginAttempt(log);
}
public void RecordFailedLoginAttempt(LoginModel login, string ipAddress, string reason)
{
LoginAttemptLog log = new LoginAttemptLog()
{
IpAddress = ipAddress,
Location = new Location(login.LocationId),
LoginDate = DateTime.Now,
Reason = reason,
ResultFlag = false,
UserName = login.Name
};
SecurityRepository.InsertLoginAttempt(log);
}
public ActionResult ValidateLogin(LoginModel login)
{
try
{
if (ModelState.IsValid)
{
var user = SecurityServices.ValidateUser(login.Name, login.Password);
if (user == null)
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid credentials: {0} - {1}", login.Name, login.Password));
ModelState.AddModelError(String.Empty, "The login name or password is invalid.");
}
if (user != null && !user.CanLogin)
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "User login disabled");
ModelState.AddModelError(String.Empty, "Access denied.");
}
if (user != null && !IsIpValid(user.RoleName, login.LocationId))
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "Invalid IP address");
ModelState.AddModelError(String.Empty, "Access denied.");
}
if (ModelState.IsValid)
{
if (login.DowngradeRole)
{
user.RoleName = "Employee";
SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, "Downgraded to Employee role");
}
else if (user.RoleName == "Manager" && login.LocationId != user.LocationId)
{
user.RoleName = "Employee";
var message = string.Format("Manager downgraded to Employee role");
SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, message);
}
else
{
SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress);
}
var token = CreateToken(user.Id, user.RoleName, login.LocationId);
var auth = TokenSerializer.GetCookieFromToken(token);
if (HttpContext.Request.IsLocal) //local development overrides
{
auth.Domain = null;
auth.Secure = false;
}
HttpContext.Response.Cookies.Add(auth);
if (Url.IsLocalUrl(login.ReturnUrl) && user.RoleName == "Administrator")
return Redirect(login.ReturnUrl);
else
return RedirectToAction("Index", "ShopFloor");
}
}
else
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid model state: {0}", ModelState.ToString()));
}
}
catch (Exception ex)
{
Logger.Error(ex.ToString());
ModelState.AddModelError(String.Empty, Constants.ServerError);
}
// Invalid - redisplay with errors
ViewBag.Locations = LocationServices.GetLocationLookup();
return View("Index", login);
}
//TODO: exclude from token validation
public ActionResult Index(string returnUrl)
{
var model = new LoginModel() { ReturnUrl = returnUrl };
ViewBag.Locations = LocationServices.GetLocationLookup();
return View(model);
}