Exemplo n.º 1
0
        public ActionResult SignIn(SignInVM User)
        {
            //add fullname and userid to vm

            if (ModelState.IsValid)
            {
                Users u = new Users();

                if (u.Authenticate(User.Login, User.Passkey))
                {
                    DateTime exDate = User.RememberMe ? DateTime.Now.AddMonths(6) : DateTime.Now.AddDays(1);
                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, u.UserID,
                                                                                     DateTime.Now,
                                                                                     exDate,
                                                                                     true,
                                                                                     u.Fullname, FormsAuthentication.FormsCookiePath);
                    AppUtility.SetCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket), exDate, FormsAuthentication.RequireSSL);

                    AppUtility.SetCookie("UserFName", u.FirstName);
                    AppUtility.SetCookie("DeviceType", AppUtility.GetDeviceType());

                    if (string.IsNullOrEmpty(User.ReturnUrl))
                    {
                        return(Redirect(FormsAuthentication.DefaultUrl));
                    }
                    else
                    {
                        return(Redirect("~" + HttpUtility.UrlDecode(User.ReturnUrl)));
                    }
                }
                else
                {
                    ModelState.AddModelError("", Users.ReturnMessage);
                    TempData["SignInMsg"] = Users.ReturnMessage;
                    return(RedirectToAction("Index", "Home"));
                }
            }

            ModelState.AddModelError("", "Provide login and password");
            TempData["SignInMsg"] = "Provide login and password";
            return(RedirectToAction("Index", "Home"));
        }
Exemplo n.º 2
0
        public bool Authenticate(string Email, string Passkey)
        {
            using (var db = new MemberLiteEntities().Init)
            {
                var u = db.Users.Select(a => new
                {
                    a.UserID,
                    a.FirstName,
                    a.Email,
                    a.Password,
                    a.Status
                })
                        .Where(a => a.Email == Email)
                        .FirstOrDefault();
                if (u == null)
                {
                    ReturnMessage = "Invalid login or password! Check and try again";
                    return(false);
                }

                string userIDHash = Crypto.SHA256Hash(u.UserID);
                string pwdHash    = Crypto.SHA256Hash(Passkey.ToUpper());
                string finalHash  = Crypto.SHA256Hash(userIDHash + pwdHash);

                if (finalHash == u.Password)
                {
                    //Check account status
                    var status = (StatusType)u.Status;
                    if (status == StatusType.Locked)
                    {
                        if (LockoutReleaseDate.HasValue)
                        {
                            //perform lock action
                        }

                        ReturnMessage = "Your account is locked!";
                        return(false);
                    }
                    else if (status == StatusType.Banned)
                    {
                        ReturnMessage = "You have been banned!";
                        return(false);
                    }

                    this.UserID = u.UserID;

                    //Log login history
                    db.LoginHistory.Add(new LoginHistory
                    {
                        UserID     = u.UserID,
                        IP         = AppUtility.GetUserIPAddress(),
                        DeviceType = AppUtility.GetDeviceType(),
                        DateStamp  = DateTime.Now,
                        UserAgent  = HttpContext.Current.Request.Browser.Browser
                    });
                    db.SaveChanges();

                    ReturnMessage = "Login ok!";
                    return(true);
                }
                else
                {
                    ReturnMessage = "Invalid login or password! Check and try again.";
                    return(false);
                }
            }
        }