private void OnBeginRequest(object sender, EventArgs args)
{
HttpContext context = HttpContext.Current;
string query = context.Request.RawUrl;
const string QParamName = "QPARAM";
if (context.Request.Url.OriginalString.Contains(".aspx") && query.Contains("?") && context.Request.Cookies.AllKeys.Contains(".ASPXAUTH"))
{
var param = query.Split(new char[] { '?' }, 2);
if (param.Length == 2)
{
if (query.Contains(QParamName))
{
var encrypted = context.Request.QueryString[QParamName];
context.RewritePath(param[0], string.Empty, SecurityModelCrypto.Decrypt(encrypted));
}
else if (0 == string.Compare(context.Request.HttpMethod, "GET", true))
{
string newUrl = string.Format("{0}?{1}={2}", param[0], QParamName, SecurityModelCrypto.Encrypt(param[1]));
context.Response.Redirect(newUrl);
}
}
}
}
public virtual void CreateUser(tbs_User user)
{
using (SecurityEntities sc = new SecurityEntities())
using (TransactionScope ts = new TransactionScope())
{
var mapper = ServiceContainer.GetService <IMapper>();
tbs_User newUser = mapper.Map <tbs_User>(user);
newUser.Password = SecurityModelCrypto.HashEncrypt(user.Password);
sc.tbs_User.Add(newUser);
sc.SaveChanges();
ts.Complete();
}
}
public virtual void UpdateUser(tbs_User user)
{
using (SecurityEntities sc = new SecurityEntities())
using (TransactionScope ts = new TransactionScope())
{
var mapper = ServiceContainer.GetService <IMapper>();
var passList = sc.tbs_User.Where(u => u.UserCode == user.UserCode).Select(u => u.Password).ToList();
string pass = passList.Count > 0 ? passList[0] : string.Empty;
tbs_User edited = mapper.Map <tbs_User>(user);
if (false == edited.Password.Equals(pass) || string.IsNullOrEmpty(pass))
{
edited.Password = SecurityModelCrypto.HashEncrypt(edited.Password);
}
sc.tbs_User.Attach(edited);
sc.Entry(edited).State = System.Data.Entity.EntityState.Modified;
sc.SaveChanges();
ts.Complete();
}
}
public virtual bool ChangePassword(string userCode, string oldPassword, string newPassword)
{
using (SecurityEntities db = new SecurityEntities())
{
string encryptedOld = SecurityModelCrypto.HashEncrypt(oldPassword);
var users = db.tbs_User
.Where(a => (a.UserCode == userCode) &&
a.Password == encryptedOld)
.ToList();
if (users.Count != 1)
{
return(false);
}
string encryptedNew = SecurityModelCrypto.HashEncrypt(newPassword);
users[0].Password = encryptedNew;
db.Entry(users[0]).State = System.Data.Entity.EntityState.Modified;
db.SaveChanges();
return(true);
}
}
public virtual bool Authenticate(string loginName, string password)
{
string encrypted = SecurityModelCrypto.HashEncrypt(password);
return(Repository.TryAuthenticate(loginName, encrypted));
}
