public ActionResult ManageEmployee(EmployeeViewModel model, Address address, bool changeLoginInfo)
{
if (ModelState.IsValid)
{
var user = db.Users.Find(model.ID);
// transferir propiedaades entre el modelo de empleado y el objeto de usuario
// exceptuando las propiedades especificadas en el último argumento.
GlobalHelpers.Transfer<EmployeeViewModel, User>(model, user, "Address,Phones,password");
if (changeLoginInfo) // si se especificó cambiar los datos de inicio de sesión
{
if (user.password != model.password) // si se cambió la contraseña
{
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(model.password))
{
model.Address = address;
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return View(model);
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
}
}
GlobalHelpers.Transfer<Address, Address>(address, user.Address, "ID,Insurers,Users");
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index", "Home");
}
model.Address = address;
return View(model);
}
public ActionResult Edit(PatientViewModel model, Address address, bool changeLoginInfo)
{
if (ModelState.IsValid)
{
var user = db.Users.Find(model.ID);
GlobalHelpers.Transfer <PatientViewModel, User>(model, user, "Address,Phones,password");
if (changeLoginInfo)
{
if (user.password != model.password)
{
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(model.password))
{
model.Address = address;
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return(View(model));
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
}
}
GlobalHelpers.Transfer <Address, Address>(address, user.Address, "ID,Insurers,Users");
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
model.Address = address;
return(View(model));
}
public ActionResult ManageDoctor(DoctorViewModel model, Address address, bool changeLoginInfo)
{
if (ModelState.IsValid)
{
var doctor = db.Users.Find(model.ID);
GlobalHelpers.Transfer<DoctorViewModel, User>(model, doctor, "Address,Phones,password");
if (changeLoginInfo)
{
if (doctor.password != model.password)
{
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(model.password))
{
model.Address = address;
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return View(model);
}
doctor.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
doctor.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
}
}
GlobalHelpers.Transfer<Address, Address>(address, doctor.Address, "ID,Insurers,Users");
doctor.gender = ((char)model.gender).ToString();
doctor.maritalStatus = ((char)model.maritalStatus).ToString();
var doctorData = db.Doctors.FirstOrDefault(d => d.userID == model.ID);
doctorData.speciality = model.speciality;
db.Entry(doctor).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index", "Home");
}
model.Address = address;
return View(model);
}
private void CmdGuardar_Click()
{
try
{
// tblUser tbluser = _db.tblUsers.Find(_Id);
// _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified;
IntPtr passwordBSTR = default(IntPtr);
string insecurePassword = "";
passwordBSTR = Marshal.SecureStringToBSTR(Password);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
IntPtr passwordVerificationBSTR = default(IntPtr);
string insecurePasswordVerification = string.Empty;
passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification);
insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR);
if (!insecurePassword.Equals(insecurePasswordVerification))
{
throw new Exception("Error con el Password");
}
//Hash password
if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy))
{
return;
}
_salt = PWDTK.GetRandomSalt(saltSize);
string salt = PWDTK.GetSaltHexString(_salt);
_hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations);
var hashedPassword = PWDTK.HashBytesToHexString(_hash);
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyUpdateUser(_Id, hashedPassword, salt);
}
// tbluser.SecurityStamp = salt;
// tbluser.PasswordHash = hashedPassword;
//_db.SaveChanges();
MessageBox.Show("Dones...", "Done", MessageBoxButton.OK, MessageBoxImage.Information);
CmdSalir_Click();
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
public ActionResult ResetPassword(ResetModel model)
{
if (ModelState.IsValid)
{
var user = db.Users
.FirstOrDefault(u => u.email == model.email);
if (user == null)
{
ModelState.AddModelError("", _("lblInvalidMailErr"));
}
else
{
try
{
var fromAddress = new MailAddress(Settings.Default.SMTP_Mail, Settings.Default.SMTP_FromName);
var toAddress = new MailAddress(model.email, user.firstName);
string fromPassword = Settings.Default.SMTP_Password;
string subject = Language.ResetPasword_SubjectMsg;
var passwordHelper = new PasswordHelper();
var password = GlobalHelpers.CreateRandomPassword(10);
passwordHelper.HashGeneratedPassword(password);
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
db.SaveChanges();
string body = string.Format(
Language.ResetPassword_BodyMsg, user.CompleteName,
user.username, password
);
var smtp = new SmtpClient
{
Host = Settings.Default.SMTP_Host,
Port = Convert.ToInt16(Settings.Default.SMTP_Port),
EnableSsl = true,
DeliveryMethod = SmtpDeliveryMethod.Network,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(fromAddress.Address, fromPassword)
};
using (var message = new MailMessage(fromAddress, toAddress) { Subject = subject, Body = body, IsBodyHtml = true })
{ smtp.Send(message); }
TempData["success"] = _("lblSendMailSuccess");
}
catch
{
ModelState.AddModelError("", _("lblSendMailErr"));
}
}
}
return View(model);
}
public ActionResult Create(DoctorViewModel model, Address address, string[] Uphones)
{
if (ModelState.IsValid)
{
db.Addresses.Add(address);
var user = new User();
GlobalHelpers.Transfer <DoctorViewModel, User>(model, user);
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
// obtener hash de contraseña para almacenar en la bd.
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(user.password))
{
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return(View(model));
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
user.Address = address;
user.superUser = false;
user.status = true;
db.Users.Add(user);
// Agregar telefonos
if (Uphones != null)
{
foreach (string n in Uphones)
{
var phone = new Phone();
var data = n.Split('|');
phone.number = data[0];
phone.type = (int)GlobalHelpers.ParseEnum <PhoneTypes>(data[1]);
phone.notes = data[2];
db.Phones.Add(phone);
user.Phones.Add(phone);
}
}
var doctor = new Doctor();
doctor.User = user;
doctor.speciality = model.speciality;
db.Doctors.Add(doctor);
db.SaveChanges();
var roleProvider = (SimpleRoleProvider)Roles.Provider;
roleProvider.AddUsersToRoles(new[] { model.username }, new[] { "Doctor" });
return(RedirectToAction("Index"));
}
return(View(model));
}
private void GetHashButton_Click(object sender, RoutedEventArgs e)
{
if (!PasswordMeetsPolicy(PasswordTextBox.Password, PwdPolicy))
{
return;
}
//Get a random salt
_salt = PWDTK.GetRandomSalt(saltSize);
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, PasswordTextBox.Password, iterations);
//store as a minimum salt, hash and the userID in the database now, I would also recomend storing iteration count as this will likely change in the future as hardware computes faster and so you may need to adjust iterations in the future
CompareHashButton.IsEnabled = true;
MessageBox.Show("Users Password Hash: " + PWDTK.HashBytesToHexString(_hash));
MessageBox.Show("Hash stored, now try changing the text in the password field and hit the \"Compare\" button");
}
public ActionResult Create(PatientViewModel model, Address address, string[] Uphones)
{
if (ModelState.IsValid)
{
db.Addresses.Add(address);
var user = new User();
GlobalHelpers.Transfer <PatientViewModel, User>(model, user, "Phones");
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(user.password))
{
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return(View(model));
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
user.Address = address;
user.status = true;
user.superUser = false;
db.Users.Add(user);
if (Uphones != null)
{
foreach (string n in Uphones)
{
var phone = new Phone();
var data = n.Split('|');
phone.number = data[0];
phone.type = (int)GlobalHelpers.ParseEnum <PhoneTypes>(data[1]);
phone.notes = data[2];
db.Phones.Add(phone);
user.Phones.Add(phone);
}
}
var patient = new Patient();
patient.userID = user.ID;
patient.createBy = WebSecurity.CurrentUserId;
db.Patients.Add(patient);
db.SaveChanges();
var roleProvider = (SimpleRoleProvider)Roles.Provider;
roleProvider.AddUsersToRoles(new[] { model.username }, new[] { "Patient" });
return(RedirectToAction("Index"));
}
return(View(model));
}
private void Guardar_Click()
{
try
{
string areasDeAcceso = string.Empty;
foreach (string s in _AreasDeAcceso)
{
areasDeAcceso += s;
}
switch (_Operation)
{
case 1:
{ //Anadir
IntPtr passwordBSTR = default(IntPtr);
string insecurePassword = "";
passwordBSTR = Marshal.SecureStringToBSTR(Password);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
IntPtr passwordVerificationBSTR = default(IntPtr);
string insecurePasswordVerification = string.Empty;
passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification);
insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR);
if (!insecurePassword.Equals(insecurePasswordVerification))
{
throw new Exception("Error con el Password");
}
//Policy
if (!userMeetsPolicy(CbUser_Text, UserPolicy))
{
return;
}
if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy))
{
return;
}
//Hash password
_salt = PWDTK.GetRandomSalt(saltSize);
string salt = PWDTK.GetSaltHexString(_salt);
_hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations);
var hashedPassword = PWDTK.HashBytesToHexString(_hash);
List <tblUser> u = new List <tblUser>
{
new tblUser
{
UserId = System.Guid.NewGuid(),
UserName = CbUser_Text,
PasswordHash = hashedPassword,
SecurityStamp = salt,
Email = CbUser_Text + "@jolpr.com",
AreasDeAcceso = areasDeAcceso
}
};
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyInsertUsers(u[0].UserId, u[0].UserName, u[0].PasswordHash, u[0].SecurityStamp, u[0].Email, u[0].AreasDeAcceso);
}
MyRefresh();
// u.ForEach(m => _db.tblUsers.Add(m));
// _db.SaveChanges();
}
break;
case 2: //Editar Areas De Acceso
{
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyUpdateUser(_Id, areasDeAcceso);
}
MyRefresh();
// tblUser tbluser = _db.tblUsers.Find(_Id);
// _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified;
//
// tbluser.AreasDeAcceso = areasDeAcceso;
//
// _db.SaveChanges();
}
break;
case 3: //Delete
{
string msg = "You are about to delete 1 user\r";
msg += "Click yes to permanently delete this user( " + CbUser_Text + " ).\r";
msg += "You won't be able to undo those changes.";
var response = MessageBox.Show("!!!" + msg, "Delete...", MessageBoxButton.YesNo, MessageBoxImage.Exclamation);
if (response == MessageBoxResult.Yes)
{
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyDeleteUsers(_Id);
}
MyRefresh();
//Users tbluser = _db.tblUsers.Find(_Id);
//
//
//_db.tblUsers.Remove(tbluser);
//_db.SaveChanges();
}
}
break;
case 4: //Edit Pass
{
// tblUser tbluser = _db.tblUsers.Find(_Id);
// _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified;
//
IntPtr passwordBSTR = default(IntPtr);
string insecurePassword = "";
passwordBSTR = Marshal.SecureStringToBSTR(Password);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
IntPtr passwordVerificationBSTR = default(IntPtr);
string insecurePasswordVerification = string.Empty;
passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification);
insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR);
if (!insecurePassword.Equals(insecurePasswordVerification))
{
throw new Exception("Error con el Password");
}
//Policy
if (!userMeetsPolicy(CbUser_Text, UserPolicy))
{
return;
}
if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy))
{
return;
}
//Hash password
_salt = PWDTK.GetRandomSalt(saltSize);
string salt = PWDTK.GetSaltHexString(_salt);
_hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations);
var hashedPassword = PWDTK.HashBytesToHexString(_hash);
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyUpdateUser(_Id, hashedPassword, salt);
}
MyRefresh();
// tbluser.SecurityStamp = salt;
// tbluser.PasswordHash = hashedPassword;
//
// _db.SaveChanges();
}
break;
}
Cancelar_Click();
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.ToString(), site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
private void CbUser_ChangeItem()
{
try
{
var pass = from p in _db
where p.UserName == CbUser_SelectedItem
select p;
cmdEdit_IsEnabled = true;
cmdEditPass_IsEnabled = true;
cmdCancel_IsEnabled = true;
cmdAdd_IsEnabled = false;
cmdDelete_IsEnabled = true;
Password_IsEnabled = false;
Password_Cls_Visibility = Visibility.Hidden;
cambiarPassword_IsChecked = false; //A
autorizarLotes_IsChecked = false; //B
procesarLotes_IsChecked = false; //C
verElector_IsChecked = false; //D
reportes_IsChecked = false; //E
reversarLote_IsChecked = false; //F
configuraciones_IsChecked = false; //G
corregirEndosos_IsChecked = false; //H
_AreasDeAcceso = new string[9];
foreach (var pss in pass)
{
Byte[] hash = PWDTK.HashHexStringToBytes(pss.PasswordHash);
password_Cls = PWDTK.HashBytesToHexString(hash); // Helper.PasswordHash.HashPasswordDecrypt(pss.PasswordHash); // Helper.PasswordHash.Decrypt(pss.PasswordHash);
verificacionPassword_Cls = password_Cls;
//_Id = pss.UserId;
Id = pss.UserId.ToString();
foreach (char c in pss.AreasDeAcceso.ToCharArray())
{
switch (c)
{
case 'A':
_AreasDeAcceso[1] = "A";
cambiarPassword_IsChecked = true;
break;
case 'B':
_AreasDeAcceso[2] = "B";
autorizarLotes_IsChecked = true;
break;
case 'C':
_AreasDeAcceso[3] = "C";
procesarLotes_IsChecked = true;
break;
case 'D':
_AreasDeAcceso[4] = "D";
verElector_IsChecked = true;
break;
case 'E':
_AreasDeAcceso[5] = "E";
reportes_IsChecked = true;
break;
case 'F':
_AreasDeAcceso[6] = "F";
reversarLote_IsChecked = true;
break;
case 'G':
_AreasDeAcceso[7] = "G";
configuraciones_IsChecked = true;
break;
case 'H':
_AreasDeAcceso[8] = "H";
corregirEndosos_IsChecked = true;
break;
}
}
}
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
/*
* protected void btnLogin_Click(object sender, EventArgs e) {
* if (Membership.ValidateUser(tbUserName.Text, tbPassword.Text)) {
* if(string.IsNullOrEmpty(Request.QueryString["ReturnUrl"])) {
* FormsAuthentication.SetAuthCookie(tbUserName.Text, false);
* Response.Redirect("~/");
* }
* else
* FormsAuthentication.RedirectFromLoginPage(tbUserName.Text, false);
* }
* else {
* tbUserName.ErrorText = "Invalid user";
* tbUserName.IsValid = false;
* }
* }
*/
protected void ASPxButtonLogin_Click(object sender, EventArgs e)
{
Page.Validate();
if (!Page.IsValid)
{
return;
}
if (string.IsNullOrEmpty(recaptchaUserValue.Value))
{
Msg.Visible = true;
Msg.InnerHtml = "Error en los datos de seguridad, vuelva a recargar la página.";
return;
}
var Recaptchav3 = new RecaptchaVerificationHelper();
// If your site is behind CloudFlare, be sure you're suing the CF-Connecting-IP header value instead:
// https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers
RecaptchaVerificationResult recaptchaResult = Recaptchav3.VerifyRecaptchav3Response(
Global.Configuration.Security.Google.Recaptcha.v3.GetGoogleRecaptchaSecretKey()
, Global.Configuration.Security.Google.Recaptcha.v3.GetGoogleRecaptchaWebsiteKey()
, Request.UserHostAddress
, recaptchaUserValue.Value
);
if (recaptchaResult == RecaptchaVerificationResult.Success)
{
//divMessage.InnerHtml = "Score: " + Recaptchav3.Score;
decimal?minScore = new decimal(0.6);
if (Recaptchav3.Score < minScore)
{
Response.Redirect("~/Captcha.aspx", true);
}
//create session
// Global.Sessions.UserCreateSession();
// Go main menu.
if (ValidateLogin())
{
HttpCookie userid = new HttpCookie("User.Email", Email.Value.ToString())
{
Expires = DateTime.Now.AddYears(1)
};
Response.Cookies.Add(userid);
Response.Redirect("~/recursos/");
}
else
{
Msg.Visible = true;
}
Msg.InnerHtml = "Login fallido. Por favor revise sus datos e intente de nuevo.";
}
else
{
Msg.Visible = true;
Msg.InnerHtml = "Existe un problema para validar la seguridad, intente mas tarde o por favor contacte a soporte técnico.";
}
bool ValidateLogin()
{
bool loginOK = false;
string salt = string.Empty, encrypass = string.Empty, dbpassword = string.Empty;
SqlParameter[] parameters =
{
new SqlParameter {
ParameterName = "Email", DbType = DbType.AnsiString, Size = 50, Value = Email.Value.ToString()
}
};
string tsql = @"
SELECT TOP 1
[UserRegisterID]
,[Names]
,[LastName]
,[Email]
,[Password]
,[PasswordSalt]
FROM [CMSUserRegister]
WHERE
Email = @Email
ORDER BY [UserRegisterID] DESC
;";
var sqlserver = new SqlApiSqlClient();
using (sqlserver.Connection = new SqlConnection(Global.Configuration.DB.GetConnectionStringDBMain()))
{
using (var dr = sqlserver.DataReaderSqlString(tsql, parameters))
{
if (dr.Read())
{
salt = dr["PasswordSalt"].ToString();;
dbpassword = dr["Password"].ToString();;
Byte[] _salt;
Byte[] _hash;
//This is the password policy that all passwords must adhere to, if the password doesn't meet the policy we save CPU processing time by not even bothering to calculate hash of a clearly incorrect password
PWDTK.PasswordPolicy PwdPolicy = new PWDTK.PasswordPolicy(numberUpper, numberNonAlphaNumeric, numberNumeric, minPwdLength, maxPwdLength);
//or we can just use the default password policy provided by the API like below
//PWDTK.PasswordPolicy PwdPolicy = PWDTK.cDefaultPasswordPolicy;
_salt = PWDTK.HashHexStringToBytes(salt); // reverse operation ;
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, Password.Value.ToString(), iterations);
encrypass = PWDTK.HashBytesToHexString(_hash);
if (encrypass == dbpassword)
{
loginOK = true;
// Session["User.UserEmail"] = dr["UserEmail"].ToString();
}
else
{
loginOK = false;
}
}
else
{
loginOK = false;
}
dr.Close();
}
sqlserver.Connection.Close();
};
if (loginOK)
{
return(true);
}
else
{
return(false);
}
}
}
/// <summary>
/// Metodo utilizado para inicializar la configuración del
/// plugin WebSecurity, y la inicialización de la conexión
/// de la base de datos, tomando en cuenta la tabla de la
/// base de datos que almacenará los datos de los usuarios
/// de la aplicación. También en este método se insertan los
/// datos por defecto requeridos para el mínimo funcionamiento
/// de la aplicación, tales como roles y un usuario por defecto.
/// </summary>
public static void RegisterWebSec()
{
///inizializar el websecurity, especificando la tabla
///que guardará los datos básicos de usuario.
WebSecurity.InitializeDatabaseConnection
(
"SIGECContext",
"Users",
"ID",
"username",
autoCreateTables: true
);
///creación de la cuenta por defecto de administrador.
if (!WebSecurity.UserExists("admin"))
{
using (SIGECContext db = new SIGECContext())
{
Address a = new Address();
a.city = "Ciudad";
a.municipality = "Municipio";
a.sector = "Sector";
a.street = "Calle";
a.number = "Numero";
a.country = "Republica Dominicana";
var passwordHelper = new PasswordHelper();
passwordHelper.HashPassword("123456");
db.Addresses.Add(a);
var user = new User();
user.username = "******";
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
user.bornDate = DateTime.Now;
user.createDate = DateTime.Now;
user.email = "*****@*****.**";
user.status = true;
user.gender = "M";
user.maritalStatus = "S";
user.dni = "00000000000";
user.firstName = "admin";
user.lastName = "istrador";
user.occupation = "Super Admin";
db.Users.Add(user);
user.Address = a;
db.SaveChanges();
}
}
var roles = (SimpleRoleProvider)Roles.Provider;
if (!roles.RoleExists("Admin"))
{
roles.CreateRole("Admin");
}
if (!roles.GetRolesForUser("admin").Contains("Admin"))
{
roles.AddUsersToRoles(new[] { "admin" }, new[] { "Admin" });
}
///insertar datos de menús y acciones en la base de datos
///para el manejo de permisos.
//GlobalHelpers.InsertMenusAndActions();
///asignar permisos sobre todas las acciones al rol Admin
using (var db = new SIGECContext())
{
var adminRole = db.webpages_Roles.FirstOrDefault(r => r.RoleName == "Admin");
foreach (SIGEC.Models.Action a in db.Actions)
{
if (!adminRole.Actions.Contains(a))
{
adminRole.Actions.Add(a);
}
}
db.Entry(adminRole).State = System.Data.EntityState.Modified;
db.SaveChanges();
}
}
/*
* bool IsUserAlreadyExist()
* {
*
* SqlParameter[] parameters = {
* new SqlParameter { ParameterName="UserLogin", DbType= DbType.AnsiString, Size=128, Value= Email.Value.ToString()}
*
* };
*
* string email = SqlApiSqlClient.GetStringRecordValue("SELECT [UserLogin] FROM Users WHERE [UserLogin] = @UserLogin;", parameters, Global.Configuration.DB.GetConnectionStringDBMain());
*
* if (!string.IsNullOrEmpty(email)) return true;
* else return false;
*
* }
*/
//TODO: send confirmation email
bool CreateUser()
{
string salt, encrypass;
Byte[] _salt;
Byte[] _hash;
//This is the password policy that all passwords must adhere to, if the password doesn't meet the policy we save CPU processing time by not even bothering to calculate hash of a clearly incorrect password
PWDTK.PasswordPolicy PwdPolicy = new PWDTK.PasswordPolicy(numberUpper, numberNonAlphaNumeric, numberNumeric, minPwdLength, maxPwdLength);
//or we can just use the default password policy provided by the API like below
//PWDTK.PasswordPolicy PwdPolicy = PWDTK.cDefaultPasswordPolicy;
//Get a random salt
_salt = PWDTK.GetRandomSalt(saltSize);
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, PasswordReg.Value.ToString(), iterations);
encrypass = PWDTK.HashBytesToHexString(_hash);
salt = PWDTK.HashBytesToHexString(_salt); // reverse operation PWDTK.HashHexStringToBytes();
SqlParameter[] parameters =
{
new SqlParameter {
ParameterName = "Names", DbType = DbType.AnsiString, Size = 50, Value = Names.Value.ToString()
}
, new SqlParameter{
ParameterName = "LastName", DbType = DbType.AnsiString, Size = 50, Value = LastName.Value.ToString()
}
, new SqlParameter{
ParameterName = "Mobile", DbType = DbType.AnsiString, Size = 50, Value = Mobile.Value.ToString()
}
, new SqlParameter{
ParameterName = "Email", DbType = DbType.AnsiString, Size = 50, Value = Email.Value.ToString()
}
, new SqlParameter{
ParameterName = "Business", DbType = DbType.AnsiString, Size = 50, Value = Business.Value.ToString()
}
, new SqlParameter{
ParameterName = "Position", DbType = DbType.AnsiString, Size = 50, Value = Position.Value.ToString()
}
, new SqlParameter{
ParameterName = "Country", DbType = DbType.AnsiString, Size = 50, Value = Country.Value.ToString()
}
, new SqlParameter{
ParameterName = "City", DbType = DbType.AnsiString, Size = 50, Value = City.Value.ToString()
}
, new SqlParameter{
ParameterName = "Telephone", DbType = DbType.AnsiString, Size = 50, Value = Telephone.Value.ToString()
}
, new SqlParameter{
ParameterName = "Password", DbType = DbType.AnsiString, Size = 1000, Value = encrypass
}
, new SqlParameter{
ParameterName = "PasswordSalt", DbType = DbType.AnsiString, Size = 1000, Value = salt
}
};
string tsql = @"
SET NOCOUNT OFF;
INSERT INTO [CMSUserRegister] ([Names], [LastName], [Mobile], [Email], [Business], [Position], [Country], [City], [Telephone], [RegisterDate], [Password], [PasswordSalt], [LastLogin]) VALUES (@Names, @LastName, @Mobile, @Email, @Business, @Position, @Country, @City, @Telephone, GETDATE(), @Password, @PasswordSalt, GETDATE());
; ";
var sqlserver = new SqlApiSqlClient();
int r = sqlserver.CommandExecuteSqlString(tsql, parameters, Global.Configuration.DB.GetConnectionStringDBMain());
if (r == 1)
{
return(true);
}
else
{
return(false);
}
}