protected void Session_Start(object sender, EventArgs e)
{
foreach (AppSessionItem item in AppSession.AppSessionConfig.SessionItems)
{
AppSession.SetSession(item.Name, item.Value, Session);
}
AppSession.SetSession("CSRF_TOKEN", AuthenUtil.GenerateToken(), Session);
}
public static QueryResult ForgetPassword(QueryParameter queryParameter)
{
QueryResult result = null;
string userID = queryParameter["USER_ID"].ToString();
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter param = new QueryParameter();
param.Add("USER_ID", userID);
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("UM_USER_Q", param);
if (queryResult.Success)
{
string userEmail = queryResult.DataTable.Rows[0]["EMAIL"].ToString();
string token = AuthenUtil.GetStringSha256Hash(AuthenUtil.GenerateToken());
param = new QueryParameter();
param.Add("USER_ID", userID);
param.Add("TOKEN", token);
result = dbConnector.ExecuteStoredProcedure("APP_FORGET_PWD_TOKEN_I", param);
if (result.Success)
{
string passwordResetUrl = string.Format("http://localhost/WebApp/resetpassword.aspx?userID={0}&token={1}", userID, token);
QueryParameter mailParameter = new QueryParameter();
mailParameter.Add("MAIL_TO", userEmail);
mailParameter.Add("MAIL_SUBJECT", "Reset Password");
mailParameter.Add("MAIL_BODY", string.Format(@"
<h1>Reset Password</h1>
<div>
You have requested to reset password for account {0} <br/>
<b>Plase contact administrator if you have not issued reset password request.</b>
</div>
<br/>
Click <a href=""{1}"">here</a> to reset password.
", userID, passwordResetUrl));
result = MailUtil.SendEmail(mailParameter);
}
}
else
{
result = new QueryResult();
result.Success = false;
result.Message = "USER_NOT_EXIST";
}
return(result);
}
public static QueryResult Login(HttpContext context, QueryParameter queryParameter)
{
queryParameter = new QueryParameter(queryParameter.Parameter);
if (queryParameter.Parameter.ContainsKey("PASSWORD"))
{
string password = queryParameter["PASSWORD"].ToString();
string hashPassword = AuthenUtil.GetStringSha256Hash(password);
queryParameter.Add("PASSWORD", hashPassword);
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("APP_LOGIN_Q", queryParameter);
if (queryResult.Success && queryResult.DataTable != null && queryResult.DataTable.Rows.Count > 0)
{
foreach (DataColumn dataColumn in queryResult.DataTable.Columns)
{
foreach (AppSessionItem sessionItem in AppSession.AppSessionConfig.SessionItems)
{
if (sessionItem.Name.Equals(dataColumn.ColumnName))
{
AppSession.SetSession(dataColumn.ColumnName, queryResult.DataTable.Rows[0][dataColumn.ColumnName], context.Session);
break;
}
}
}
string userID = AppSession.GetSession("USER_ID", context.Session).ToString();
string token = AuthenUtil.GenerateToken();
AppSession.SetSession("AUTHEN_TOKEN", token, context.Session);
AppSession.SetSession("IS_GUEST", false, context.Session);
if (AppHttpHandler.AppHttpHandlerConfig.Security.EnableDuplicateAuthenChecking)
{
AuthenUtil.StoreToken(userID, token);
}
// ถ้าต้องการให้ retrun ค่าของ USER_ID ไปด้วยให้ลบบรรทัดนี้เลย
queryResult.DataTable.Columns.Remove("USER_ID");
}
return(queryResult);
}
