예제 #1
0
        public static void LogOut()
        {
            if (HttpContext.Current.Session["UserInfo"] != null)
            {
                UserInfo uInfo = HttpContext.Current.Session["UserInfo"] as UserInfo;

                // if Session is not null then here we will update the logout time for the user who was currently logged in. (Zahir)

                int n = DAL.DataAccess.Instance.ExecuteNonQuery(StoredProcedure.spUpdateLogoutTime, System.Data.CommandType.StoredProcedure, new List <ICommanParameter>
                {
                    new CommanParameter {
                        Name = "@UserName", Type = System.Data.DbType.String, value = uInfo.UserName
                    },
                    new CommanParameter {
                        Name = "@LoginOutTime", Type = System.Data.DbType.DateTime, value = System.DateTime.Now
                    }
                });
            }
            HttpContext.Current.Session["UserInfo"] = null;
            AuthoCookie.ClearAuthoCookie();
            SessionHijacking.RegenrateSessionId();
            SessionHijacking.ClearSession();
            HttpContext.Current.Session.Abandon();
            //HttpContext.Current.Response.Redirect("~/Login.aspx?logout=true");
            HttpContext.Current.Application["currentUser"] = null;
        }
예제 #2
0
        public UserInfo AuthenticateUser(string userName, string password, bool IsPresistent = false)
        {
            UserInfo uinfo = new UserInfo();

            try
            {
                // Authenticating User with username and encrypted password. (Zahir)
                DataSet ds = DataAccess.Instance.ExecuteDataSet(StoredProcedure.spLogin, System.Data.CommandType.StoredProcedure,
                                                                new List <ICommanParameter>
                {
                    new CommanParameter {
                        Name = "@UserName", Type = System.Data.DbType.String, value = userName
                    },
                    new CommanParameter {
                        Name = "@Pwd", Type = System.Data.DbType.String, value = password
                    }
                }
                                                                );
                if (ds.Tables[0].Rows.Count > 0)
                {
                    DataRow dr = ds.Tables[0].Rows[0];
                    uinfo.UserName = dr[DataBaseFields.UserName].GetEmptyOrString();
                    string roleUser = dr[DataBaseFields.RoleName].ToString();
                    uinfo.Roles.Add(roleUser.ConvertToEnum <Role>());
                    uinfo.isFirstLogin = Convert.ToBoolean(dr[DataBaseFields.isFirstLogin].ToString());
                    uinfo.Password     = dr[DataBaseFields.Password].ToString();

                    //if User exists then the login time entry is being inserted in the database. (Zahir)

                    int n = DAL.DataAccess.Instance.ExecuteNonQuery(StoredProcedure.spInsertLoginTime, System.Data.CommandType.StoredProcedure, new List <ICommanParameter>
                    {
                        new CommanParameter {
                            Name = "@UserName", Type = System.Data.DbType.String, value = uinfo.UserName
                        },
                        new CommanParameter {
                            Name = "@LoginTime", Type = System.Data.DbType.DateTime, value = System.DateTime.Now
                        }
                    });

                    SetLoggedInUser(uinfo); // Calling the function to store current user in session. (Zahir)
                    AuthoCookie.CreateAuthoCookie();
                    SessionHijacking.RegenrateSessionId();
                    SessionHijacking.SetSessionHijachingSession();
                    return(uinfo);
                }
                else
                {
                    //if user does not exists then the unsuccessfull login entry in being stored in the database. (Zahir)

                    int n = DAL.DataAccess.Instance.ExecuteNonQuery(StoredProcedure.spInsertUnsuccessfulLoginDetails, System.Data.CommandType.StoredProcedure, new List <ICommanParameter>
                    {
                        new CommanParameter {
                            Name = "@UserName", Type = System.Data.DbType.String, value = userName
                        },
                        new CommanParameter {
                            Name = "@loginDate", Type = System.Data.DbType.DateTime, value = System.DateTime.Now.ToShortDateString()
                        },
                        new CommanParameter {
                            Name = "@lock_time", Type = System.Data.DbType.DateTime, value = System.DateTime.Now
                        },
                        new CommanParameter {
                            Name = "@isLocked", Type = System.Data.DbType.Byte, value = 0
                        }
                    });
                    return(null);
                }
            }
            catch (Exception e)
            {
                throw;
            }
        }