public static bool HasSingleSignon(string userID) { try { ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { Staff thisUser = defaultPtDb.Staff.FirstOrDefault(s => s.UserID == userID); if (thisUser == null) { return(false); } else { return(thisUser.SingleSignon && thisUser.OSUser != "" && thisUser.Active); } } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error checking for single sign-on capability", generalException); return(false); } }
public static string SingleSignonID() { try { // Log in as the administration user to find the user ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { Staff thisUser = defaultPtDb.Staff.FirstOrDefault(s => s.OSUser == domainUser); if (thisUser == null) { return(""); } else if (thisUser.SingleSignon && thisUser.UserID != "") { return(thisUser.UserID); } else { return(""); } } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(""); } catch (Exception generalException) { MessageFunctions.Error("Error checking for single sign-on capability", generalException); return(""); } }
//Password functions public static bool CheckPassword(string userID, string password) { try { string strDbUser = DbUserPrefix + userID; ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { Staff thisUser = defaultPtDb.Staff.FirstOrDefault(s => s.UserID == userID); if (thisUser == null) { return(false); } var checkPasswordResults = defaultPtDb.stf_CheckHashedPassword(userID, password).ToList(); bool passwordMatches = (checkPasswordResults[0] == true); return(passwordMatches); } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error checking existing login", generalException); return(false); } }
private static void changeDatabasePassword(string userID, string newPassword) { try { ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { defaultPtDb.stf_ChangeDatabasePassword(userID, newPassword); } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); } catch (Exception generalException) { MessageFunctions.Error("Error updating database password to handle single sign-on", generalException); } }
public TableSecurity(Staff currentUser = null, int userID = 0) { try { ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { if (currentUser == null && userID == 0) { MessageFunctions.Error("A staff record or ID number must be provided to get Table Permissions.", null); } else if (currentUser == null) { currentUser = defaultPtDb.Staff.Find(userID); } string thisUsersRole = currentUser.RoleCode; var permissions = from tp in defaultPtDb.TablePermissions where tp.RoleCode == thisUsersRole select tp; // Set all permissions that can be set based on the TablePermissions table foreach (var tUP in permissions) { userPermissions.Add("View" + tUP.TableName, (bool)tUP.ViewTable); userPermissions.Add("Add" + tUP.TableName, (bool)tUP.InsertRows); userPermissions.Add("Edit" + tUP.TableName, (bool)tUP.UpdateRows); userPermissions.Add("Activate" + tUP.TableName, (bool)tUP.ChangeStatus); } // ToDo - Now set other permissions based on other factors, e.g. can the user change Entity or do they only have one? } } catch (Exception generalException) { MessageFunctions.Error("Error setting security permissions", generalException);; } }
public static bool ChangeLoginDetails(int staffID, string userID, string newPassword, string confirmPassword) { bool passwordChange = (newPassword != ""); bool userIDChange = false; if (userID == "") { MessageFunctions.Error("UserID has not been passed to this function.", null); // UserID is required to check complexity so that userID cannot equal password return(false); } if (passwordChange && newPassword != confirmPassword) { MessageFunctions.InvalidMessage("New password does not match confirmation. Please check both fields and try again.", "Password Mismatch"); return(false); } else if (passwordChange && !PasswordComplexityOK(userID, newPassword)) { return(false); } else { try { // Log in as the administration user to allow the change to be made ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { try { Staff thisUser = defaultPtDb.Staff.FirstOrDefault(s => s.ID == staffID); if (thisUser == null) { MessageFunctions.Error("Error amending login details in the database: user with ID " + staffID.ToString() + " not found.", null); return(false); } if (passwordChange) { thisUser.Passwd = newPassword; } if (thisUser.UserID == null || thisUser.UserID != userID) { Staff checkUserID = defaultPtDb.Staff.FirstOrDefault(s => s.UserID == userID && s.ID != staffID); if (checkUserID != null) { MessageFunctions.InvalidMessage("A different staff member with UserID '" + userID + "' already exists. Please try a different one.", "Duplicate UserID"); return(false); } userIDChange = true; thisUser.UserID = userID; } defaultPtDb.SaveChanges(); // Now amend any history records, to show that the user effectively made this change DateTime timeFrom = System.DateTime.Now.AddMinutes(-5); int[] auditEntryIDs = defaultPtDb.AuditEntries .Where(ae => ae.TableName == "Staff" && ae.ChangeTime >= timeFrom && ae.ActionType == "Updated" && ae.PrimaryValue == staffID.ToString() && ae.UserName.Substring(0, 5) != DbUserPrefix && ((passwordChange && ae.ChangeColumn == "PasswordHash") || (userIDChange && ae.ChangeColumn == "UserID")) ) .OrderByDescending(ae => ae.ChangeTime) .Select(ae => (int)ae.ID) .ToArray(); foreach (int entry in auditEntryIDs) { AuditEntries lastAuditEntry = defaultPtDb.AuditEntries.Find(entry); lastAuditEntry.UserName = DbUserPrefix + MyUserID; defaultPtDb.SaveChanges(); } if (staffID == MyStaffID) { string databaseLogin = DbUserPrefix + userID; ProjectTileSqlDatabase userPtDb = SqlServerConnection.UserPtDbConnection(databaseLogin, newPassword); // Log in again so that future database calls have the new password } return(true); } catch (SqlException sqlException) { MessageFunctions.Error("Error amending login details in the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error amending login details", generalException); return(false); } } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error checking existing login", generalException); return(false); } } }
public static bool SingleSignon(string userID) { Staff thisUser = null; string newPassword = ""; try { // Log in as the administration user to find the user ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { thisUser = defaultPtDb.Staff.FirstOrDefault(s => s.UserID == userID); } if (thisUser == null) { MessageFunctions.InvalidMessage("No matching user found with UserID " + userID + ".", "Invalid UserID"); return(false); } else if (thisUser.SingleSignon && domainUser == thisUser.OSUser) { char[] validChars = Enumerable.Range('A', 26) .Concat(Enumerable.Range('a', 26)) .Concat(Enumerable.Range('0', 10)) .Select(i => (char)i) .ToArray(); byte[] randomNumber = new byte[64 + 1]; RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider(); using (crypto) { crypto.GetBytes(randomNumber); int length = 32 + (int)(32 * (randomNumber[0] / (double)byte.MaxValue)); newPassword = new string(randomNumber .Skip(1) .Take(length) .Select(b => (int)((validChars.Length - 1) * (b / (double)byte.MaxValue))) .Select(i => validChars[i]) .ToArray() ); newPassword = newPassword.Substring(0, Math.Min(newPassword.Length, 20)); crypto.Dispose(); } AttemptLogin(userID, newPassword); // AttemptLogin will now handle the password change if needed return(true); } else { return(false); } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error finding matching staff member", generalException); return(false); } }