public ActionResult Index(User user, string action, string ReturnUrl) { if (action == "Submit") { bool result = false; string msg = string.Empty; string fullName = string.Empty; if (ModelState.IsValid) { Entities.UserManagement.SampleData entities = new SampleData(); // result = entities.SUsers.Any(u => u.Username == user.Username); if ( user.Username == null || user.Password == null) { ModelState.AddModelError("", "Please enter Username / Password !"); ViewBag.msg = "Error"; return View(); } if (user.Username == "sadmin") { result = _applicationContext.ServiceContext.AdminService.Login(user.Username, user.Password); fullName = _applicationContext.ServiceContext.AdminService.GetUserName(); } else { if (Url.IsLocalUrl(ReturnUrl) && ReturnUrl.Length > 1 && ReturnUrl.StartsWith("/") && !ReturnUrl.StartsWith("//") && !ReturnUrl.StartsWith("/\\")) { string InstitutionId = ReturnUrl.Split('=')[1]; Session.Add("InstitutionId", InstitutionId); //ReInitializing Application Context with Institution Details. System.Web.HttpContext.Current.Session["ApplicationContext"] = null; _applicationContext = new ApplicationContext(); System.Web.HttpContext.Current.Session["ApplicationContext"] = _applicationContext; result = _applicationContext.ServiceContext.UserService.AuthenticateUser(user.Username, user.Password, out msg, out fullName); } } if (result) { Session["Username"] = fullName; System.Web.HttpContext.Current.Session["ApplicationContext"] = null; Session["InstitutionId"] = null; FormsAuthentication.SetAuthCookie(user.Username, false); if (Url.IsLocalUrl(ReturnUrl) && ReturnUrl.Length > 1 && ReturnUrl.StartsWith("/") && !ReturnUrl.StartsWith("//") && !ReturnUrl.StartsWith("/\\")) { return Redirect(ReturnUrl); } else { return RedirectToAction("ManageInstitution", "Admin"); } } else { if (string.IsNullOrWhiteSpace(msg)) msg = "Invalid username / Password !"; ModelState.AddModelError("", msg); ViewBag.msg = "Error"; string tmp = System.Web.HttpContext.Current.Request.RawUrl; // RedirectToAction("Index", "Admin", new { ReturnUrl = ReturnUrl }); return View(); } } } else { ModelState.Clear(); ViewBag.msg = null; return View(); } return View(); }
// GET: Institution public ActionResult InstitutionDashboard(int? InstitutionId) { List<ViewModels.Appointment> apps = new List<ViewModels.Appointment>(); var instList = _applicationContext.ServiceContext.AdminService.GetTenants(); ViewBag.instListcount = instList.Count; if (instList.Count == 0) { return View(apps); } if (InstitutionId != null && InstitutionId > 0) { //Added to avoid direct injection of Istitution ID. if(HttpContext.User.Identity.Name != "sadmin") if (Session["InstitutionId"] != null && Session["InstitutionId"].ToString() != InstitutionId.ToString()) { FormsAuthentication.SignOut(); Session.Abandon(); return RedirectToAction("Index", "Admin", new { Error = "Sorry you are not Authorized to Perform this Action" }); } if (Session["InstitutionId"] == null || Session["InstitutionId"].ToString() != InstitutionId.ToString()) { Session.Add("InstitutionId", InstitutionId); //ReInitializing Application Context with Institution Details. System.Web.HttpContext.Current.Session["ApplicationContext"] = null; _applicationContext = new ApplicationContext(); System.Web.HttpContext.Current.Session["ApplicationContext"] = _applicationContext; } int v2 = InstitutionId ?? default(int); string InstName = _applicationContext.ServiceContext.AdminService.GetInstitutionName(v2); Session["InstitutionName"] = InstName; NameValueCollection searchfilter = new NameValueCollection(); searchfilter.Add("name", null); searchfilter.Add("appdt", DateTime.Now.ToString("MM/dd/yyyy")); searchfilter.Add("clinicId", "-1"); apps = _applicationContext.ServiceContext.AppointmentService.GetAppointments(v2, searchfilter); ViewBag.AppointmentCount = apps.Count(); ViewBag.RecordStatus = ""; ViewBag.TodaysDate = DateTime.Now.ToString("MM/dd/yyyy"); ViewBag.LBCCount = _applicationContext.ServiceContext.RiskClinicServices.GetPatients("LBC").Count(); ViewBag.BRCACount = _applicationContext.ServiceContext.RiskClinicServices.GetPatients("BRCA").Count(); if (apps.Count == 0) { ViewBag.RecordStatus = "No records found."; } /*=======Start Load Clinic Dropdown======================*/ var _ClinicList = _applicationContext.ServiceContext.AppointmentService.GetClinics((int)Session["InstitutionId"]); ViewBag.ClinicList = new SelectList(_ClinicList.ToList(), "clinicID", "clinicName"); /*=======End Load Clinic Dropdown======================*/ return View(apps); } else if (Session["InstitutionId"] != null) { InstitutionId = Convert.ToInt32(Session["InstitutionId"]); return RedirectToAction("InstitutionDashboard", new { InstitutionId = InstitutionId }); } return RedirectToAction("ManageInstitution", "Admin"); }