// upon login, update user's role and group access
private void UpdateStaffDetails(string group, int staffId)
{
// set staff's role
var role = "";
if (group.Contains("MRBankingSeniorManager"))
{
role = "MR Senior Manager";
}
else if (group.Contains("MRBankingDutyManager"))
{
role = "MR Duty Manager";
}
else if (group.Contains("CUBankingDutyManager"))
{
role = "CU Duty Manager";
}
else if (group.Contains("MRBankingSupervisor"))
{
role = "MR Supervisor";
}
else if (group.Contains("MRBankingClearance"))
{
role = "MR Clearance";
}
else if (group.Contains("CUBankingClearance"))
{
role = "CU Clearance";
}
// update staff's role and group
RunStoredProcedure rsp = new RunStoredProcedure();
rsp.StoredProcedureUpdateString("Proc_UpdateRole", "role", role, "staffId", staffId);
rsp.StoredProcedureUpdateString("Proc_UpdateGroup", "group", group, "staffId", staffId);
UserCredentials.Role = role;
}
protected void btnUpdatePassword_Click(object sender, EventArgs e)
{
// once the new password is submitted, redirect them to the default url
// update the password for this user
RunStoredProcedure rsp = new RunStoredProcedure();
// join these two methods together
// encrypt password
string encryptedPassword = rsp.EncryptPassword(txtNewPassword.Text);
// update password stored in the database
rsp.StoredProcedureUpdateString("Proc_UpdatePassword", "password", encryptedPassword, "username", txtUsername.Text);
//ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('Password updated');location.href='/Web_Forms/Default.aspx';", true); // show alert textbox first then redirect to default url
AlertMessage alert = new AlertMessage();
alert.DisplayMessage("Password updated!");
// hide the current objetcs displayed and display a textbox to write their new password
divLogin.Visible = true;
divNewPassword.Visible = false;
txtUsername.Focus();
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string group, displayName;
string[] groupArray;
StringBuilder groupsList = new StringBuilder();
AuthenticateUser authUser = new AuthenticateUser("LDAP://MRSLGROUP");
try
{
using (HostingEnvironment.Impersonate())
{
if (true == authUser.IsAuthenticated("MRSLGROUP", txtUsername.Text, txtPassword.Text)) // check if login details are valid - checking from Active Directory User Account details
{
group = authUser.GetGroups(txtUsername.Text); // retrieve user groups + display name
groupArray = group.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
Session["Username"] = txtUsername.Text;
UserCredentials.Username = txtUsername.Text; // record username
displayName = groupArray[groupArray.Length - 1];
Session["DisplayName"] = displayName;
UserCredentials.DisplayName = displayName;
groupArray = groupArray.Take(groupArray.Count() - 1).ToArray(); // delete the last array item (display name), to keep this array variable set to usr groups only
for (int i = 0; i < groupArray.Length; i++)
{
groupsList.Append(groupArray[i]); // store group name
groupsList.Append("|"); // add a back slash delimeter
}
group = groupsList.ToString(); // set user groups
UserCredentials.Groups = group;
// upon login, check staff details and update necessary details
Staff(displayName, group);
RunStoredProcedure rsp = new RunStoredProcedure();
// encrypt password
string encryptedPassword = rsp.EncryptPassword(txtPassword.Text);
// update password stored in the database
rsp.StoredProcedureUpdateString("Proc_UpdatePassword", "password", encryptedPassword, "username", txtUsername.Text);
bool isCookiePersistent = false; // Create the ticket, and add the groups.
// set expiration of the authentication ticket - current set: 480 minutes / 8 hours
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(480), isCookiePersistent, group);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //Encrypt the ticket.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); //Create a cookie, and then add the encrypted ticket to the cookie as data.
if (true == isCookiePersistent)
{
authCookie.Expires = authTicket.Expiration;
}
Response.Cookies.Add(authCookie); //Add the cookie to the outgoing cookies collection.
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false), false); //You can redirect now.
}
else
{
bool passwordGiven = CheckIfPasswordIsGiven();
if (!passwordGiven)
{
errorLabel.Text = "Invalid details. Please check your username and password.";
}
}
}
}
catch (Exception ex)
{
bool passwordGiven = CheckIfPasswordIsGiven();
if (!passwordGiven)
{
errorLabel.Text = "Error logging in user. " + ex.Message;
}
}
}