private void SetAuthentication(Spartan_User_Core UserDetails)
{
// create instance of context view model
ContextViewModel CM = new ContextViewModel();
// set logged in values with context view model to store values with cookies
CM.Email = UserDetails.Spartan_Users[0].Email;
CM.Id = UserDetails.Spartan_Users[0].Id;
CM.Id_User = UserDetails.Spartan_Users[0].Id_User;
CM.Password = UserDetails.Spartan_Users[0].Password;
CM.Role = UserDetails.Spartan_Users[0].Role;
CM.Status = UserDetails.Spartan_Users[0].Status;
CM.Name = UserDetails.Spartan_Users[0].Name;
CM.UserName = UserDetails.Spartan_Users[0].Username;
AuthenticationSerialize serialiseAuth = new AuthenticationSerialize();
UserContextViewModel userContext = new UserContextViewModel();
userContext.CurrentUser = CM;
serialiseAuth.UserContext = userContext;
JavaScriptSerializer serializer = new JavaScriptSerializer();
string userData = serializer.Serialize(serialiseAuth);
// set login cookie time for user
var tenDaysFromNow = DateTime.UtcNow.AddMinutes(Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]));
// set form authentication ticket with logged int user values
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1,
serialiseAuth.UserContext.CurrentUser.UserName + " " + serialiseAuth.UserContext.CurrentUser.UserName,
DateTime.Now,
tenDaysFromNow,
false,
userData);
string encTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
// Add values of user with browser cookie
Response.Cookies.Add(faCookie);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string action = filterContext.ActionDescriptor.ActionName;
Authentication auth = null;
if (CurrentUser != null && CurrentUser.Identity != null && CurrentUser.Identity.IsAuthenticated && SessionHelper.Relogin == false)
{
// Get cookies values of user
HttpCookie authCookie =
filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null && !string.IsNullOrWhiteSpace(authCookie.Value))
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
AuthenticationSerialize serialiseAuth = serializer.Deserialize <AuthenticationSerialize>(authTicket.UserData);
auth = new Authentication(authTicket.Name);
// set user context from cookies
if (authCookie != null && !string.IsNullOrWhiteSpace(authCookie.Value))
{
auth.UserContext = serialiseAuth.UserContext;
}
if (SessionHelper.UserEntity == null || SessionHelper.UserCredential == null)
{
ISpartan_UserApiConsumer _IUseroApiConsumer = new Spartan_UserApiConsumer();
ISpartane_FileApiConsumer _ISpartane_FileApiConsumer = new Spartane_FileApiConsumer();
// Call Validate User API for user Exists in application
Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource;
if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count > 0)
{
if (UserDetails.Spartan_Users[0].Status == 1)
{
TTUsuario user = new TTUsuario
{
/*CODMANINI-UPD*/
IdUsuario = Convert.ToInt32(UserDetails.Spartan_Users[0].Id_User),
/*CODMANFIN-UPD*/
Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name),
Clave_de_Acceso = UserDetails.Spartan_Users[0].Username,
//Activo = UserDetails.Spartan_Users[0].Status
};
//Adding user Core entity Data
SessionHelper.UserEntity = UserDetails.Spartan_Users[0];
var userImage =
_ISpartane_FileApiConsumer.GetByKey(Convert.ToInt32(UserDetails.Spartan_Users[0].Image))
.Resource;
if (userImage != null && userImage.File != null)
{
SessionHelper.UserImage = userImage.File;
}
//Saving Credentials
SessionHelper.UserCredential = new Spartane_Credential
{
Password = auth.UserContext.CurrentUser.Password,
UserName = auth.UserContext.CurrentUser.UserName,
};
// save role id in session
SessionHelper.Role = UserDetails.Spartan_Users[0].Role;
// save role object in session
SessionHelper.Sprtan_Role = new RoleSpartanUserRole
{
Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id,
Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description,
Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status,
Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status,
User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id,
};
HttpContext.Current.Session["USERID"] = user.IdUsuario;
HttpContext.Current.Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id;
}
}
else if (controller != "Account" && action != "Login")
{
filterContext.Controller.TempData["cssClass"] = "error";
filterContext.Controller.TempData["message"] = "You are not logged in.";
filterContext.Result = new RedirectResult("~/Account/Login"); //new RedirectResult("/Account/Login");
auth = null;
}
}
HttpContext.Current.User = auth;
}
}
// write code here as per role RoleType
else if (controller != "Account" && action != "Login")
{
if ((controller == "General") && (action == "ExecuteQueryTable"))
{
}
else
{
filterContext.Controller.TempData["cssClass"] = "error";
filterContext.Controller.TempData["message"] = "You are not logged in.";
filterContext.Result = new RedirectResult("~/Account/Login"); //new RedirectResult("/Account/Login");
}
}
}
public ActionResult ReLogin(LoginViewModel model, string returnUrl)
{
if (ModelState.ContainsKey("LanguageList"))
{
ModelState["LanguageList"].Errors.Clear();
}
SessionHelper.Relogin = true;
if (Session.Count <= 1)
{
LoginViewModel oLoginViewModel = new LoginViewModel();
oLoginViewModel.LanguageList = GetLanguage();
oLoginViewModel.UserName = model.UserName;
oLoginViewModel.Password = model.Password;
return(Login(oLoginViewModel));
}
if (ModelState.IsValid)
{
if (!_tokenManager.GenerateToken(model.UserName, EncryptHelper.CalculateMD5Hash(model.Password)))
{
ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword);
return(Json(Resources.LoginResources.InvalidUserPassword));
}
_IUseroApiConsumer.SetAuthHeader(_tokenManager.Token);
// Call Validate User API for user Exists in application
Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource;
if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0)
{
//return Json(string.Empty);
if (UserDetails.Spartan_Users[0].Status == 1)
{
TTUsuario user = new TTUsuario
{
IdUsuario = Convert.ToInt16(UserDetails.Spartan_Users[0].Id_User),
Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name),
Clave_de_Acceso = UserDetails.Spartan_Users[0].Username,
//Activo = UserDetails.Spartan_Users[0].Status
};
SetAuthentication(UserDetails);
//_authenticationService.SignIn(user, model.RememberMe);
//Saving Credentials
SessionHelper.UserCredential = new Spartane_Credential
{
Password = EncryptHelper.CalculateMD5Hash(model.Password),
UserName = model.UserName,
};
// save role id in session
SessionHelper.Role = UserDetails.Spartan_Users[0].Role;
// save role object in session
SessionHelper.Sprtan_Role = new RoleSpartanUserRole
{
Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id,
Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description,
Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status,
Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status,
User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id,
};
Session["USERID"] = user.IdUsuario;
Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id;
Session.Timeout = Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]);
SessionHelper.Relogin = false;
return(Json(string.Empty));
}
else
{
ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount);
return(Json(Resources.LoginResources.DeactivateAccount));
}
}
else
{
ModelState.AddModelError("", Resources.LoginResources.InvalidPassword);
return(Json(Resources.LoginResources.InvalidPassword));
}
}
return(Json("SessionExpired"));
}
public JsonResult ForgotPassword(ForgotPasswordViewModel model)
{
if (ModelState.IsValid)
{
try
{
Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Email = '" + model.Email + "'").Resource;
if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0)
{
if (System.IO.File.Exists(Server.MapPath("~/HTMLTemplates/ForgotPassword.html")))
{
// Get HTML Template for Forgot password
StreamReader sread = new StreamReader(Server.MapPath("~/HTMLTemplates/ForgotPassword.html"));
string strBodyTemplate = sread.ReadToEnd();
// Replace User Full Name
strBodyTemplate = strBodyTemplate.Replace("*|fullname|*", UserDetails.Spartan_Users[0].Name);
strBodyTemplate = strBodyTemplate.Replace("*|username|*", UserDetails.Spartan_Users[0].Username);
strBodyTemplate = strBodyTemplate.Replace("*|email|*", UserDetails.Spartan_Users[0].Email);
//strBodyTemplate = strBodyTemplate.Replace("*|password|*", UserDetails.Spartan_Users[0].Password);
//Replace text for apropiates values in Resources
strBodyTemplate = strBodyTemplate.Replace("*|text1|*", Resources.LoginResources.Hello);
strBodyTemplate = strBodyTemplate.Replace("*|text2|*", Resources.LoginResources.textTemplateEmail1);
strBodyTemplate = strBodyTemplate.Replace("*|text3|*", Resources.LoginResources.UserName.ToString());
strBodyTemplate = strBodyTemplate.Replace("*|text4|*", Resources.LoginResources.Email.ToString());
strBodyTemplate = strBodyTemplate.Replace("*|text5|*", Resources.LoginResources.Password);
strBodyTemplate = strBodyTemplate.Replace("*|text6|*", Resources.LoginResources.textTemplateEmail2.ToString());
if (!_tokenManager.GenerateToken("admin", "admin"))
{
return(null);
}
var userApi = new Spartan_UserApiConsumer();
userApi.SetAuthHeader(_tokenManager.Token);
var tmpuser = userApi.GetByKey(UserDetails.Spartan_Users[0].Id_User, false);
var pass = System.Web.Security.Membership.GeneratePassword(7, 0);
pass = Regex.Replace(pass, @"[^a-zA-Z0-9]", m => "9") + "$";
tmpuser.Resource.Password = EncryptHelper.CalculateMD5Hash(pass);
var res = userApi.Update(tmpuser.Resource, null, null);
var userhistApi = new Spartan_User_Historical_PasswordApiConsumer();
userhistApi.SetAuthHeader(_tokenManager.Token);
res = userhistApi.Insert(new Core.Domain.Spartan_User_Historical_Password.Spartan_User_Historical_Password()
{
Fecha_de_Registro = DateTime.Now,
Usuario = tmpuser.Resource.Id_User,
Password = tmpuser.Resource.Password
}, null, null);
strBodyTemplate = strBodyTemplate.Replace("*|password|*", pass);
// Replace ForgotPassword Link with Token and Encrypted Email
List <string> emails = new List <string>();
emails.Add(model.Email);
if (Helper.SendEmail(emails, string.Format(Resources.LoginResources.ForgotPasswordEmailSubject, model.UserName), strBodyTemplate))
{
return(Json(new { data = string.Format(Resources.LoginResources.ForgotPasswordSuccess, model.Email), valid = true }));
}
else
{
return(Json(new { data = Resources.LoginResources.ForgotPasswordEmailError, valid = false }));
}
}
else
{
return(Json(new { data = Resources.LoginResources.ForgotPasswordEmailError, valid = false }));
}
}
else
{
return(Json(new { data = Resources.LoginResources.InvalidEmailUserName, valid = false }));
}
}
catch (Exception)
{
return(Json(new { data = Resources.LoginResources.InvalidEmailUserName, valid = false }));
}
}
else
{
return(Json(Resources.LoginResources.InvalidEmailUserName));
}
}
public ActionResult Login(LoginViewModel model, string returnUrl = "")
{
Session["BlockUser"] = null;
if (ModelState.ContainsKey("LanguageList"))
{
ModelState["LanguageList"].Errors.Clear();
}
if (ModelState.IsValid)
{
string passwordEncripted = EncryptHelper.CalculateMD5Hash(model.Password);
if (!_tokenManager.GenerateToken(model.UserName, passwordEncripted))
{
ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword);
if (SessionHelper.Relogin)
{
return(Json(Resources.LoginResources.InvalidUserPassword));
}
}
_ISpartan_SettingsApiConsumer.SetAuthHeader(_tokenManager.Token);
var FailedAttemptDB = _ISpartan_SettingsApiConsumer.GetByKey("FailedAttempts", false).Resource;
int FailedAttempts = Convert.ToInt32(FailedAttemptDB.Valor);
model.MaxFailedAttempts = FailedAttempts;
if (Session["UserName"] != null && Session["UserName"].ToString() != model.UserName)
{
model.FailedAttempts = 1;
}
Session["UserName"] = model.UserName;
_IUseroApiConsumer.SetAuthHeader(_tokenManager.Token);
Spartan_Security_Log oSecurityLog = new Spartan_Security_Log();
var UsersByName = _IUseroApiConsumer.ListaSelAll(0, 10, "Spartan_User.Username = '******'", "").Resource;
if (UsersByName.RowCount == 0)
{
ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword);
model.LanguageList = GetLanguage();
SessionHelper.Relogin = false;
return(View(model));
}
// Call Validate User API for user Exists in application
Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource;
if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0)
{
if (UserDetails.Spartan_Users[0].Status == 1)
{
var spartan_user = new Core.Domain.Spartan_User.Spartan_User
{
Id_User = UserDetails.Spartan_Users[0].Id_User,
Name = UserDetails.Spartan_Users[0].Name,
Password = UserDetails.Spartan_Users[0].Password
};
TTUsuario user = new TTUsuario
{
IdUsuario = Convert.ToInt16(UserDetails.Spartan_Users[0].Id_User),
Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name),
Clave_de_Acceso = UserDetails.Spartan_Users[0].Username,
//Activo = UserDetails.Spartan_Users[0].Status
};
SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, UserDetails.Spartan_Users[0].Id_User, UserDetails.Spartan_Users[0].Role, (short)Result_Type.Granted);
int SecurityLogId = _ISpartanSecurityApiConsumer.Insert(oSecurityLog).Resource;
SetAuthentication(UserDetails);
//_authenticationService.SignIn(user, model.RememberMe);
//Adding user Core entity Data
SessionHelper.UserEntity = UserDetails.Spartan_Users[0];
//Getting User Image
_ISpartane_FileApiConsumer.SetAuthHeader(_tokenManager.Token);
var userImage =
_ISpartane_FileApiConsumer.GetByKey(Convert.ToInt32(UserDetails.Spartan_Users[0].Image))
.Resource;
if (userImage != null && userImage.File != null)
{
SessionHelper.UserImage = userImage.File;
}
Response.Cookies["UserSettings"]["SecurityLogId"] = SecurityLogId.ToString();
Spartan_Session_Log oSessionLog = new Spartan_Session_Log();
SetSessionLogging(ref oSessionLog, (short)Event_Type.Login, (short)Event_Type.Login, SecurityLogId, UserDetails.Spartan_Users[0].Id_User, UserDetails.Spartan_Users[0].Role, (short)Result_Type.Granted);
_ISpartanSessionApiConsumer.Insert(oSessionLog);
//Saving Credentials
SessionHelper.UserCredential = new Spartane_Credential
{
Password = EncryptHelper.CalculateMD5Hash(model.Password),
UserName = model.UserName,
};
// save role id in session
SessionHelper.Role = UserDetails.Spartan_Users[0].Role;
// save role object in session
SessionHelper.Sprtan_Role = new RoleSpartanUserRole
{
Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id,
Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description,
Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status,
Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status,
User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id,
};
Session["USERID"] = user.IdUsuario;
Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id;
Session.Timeout = Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]);
Session["LANGUAGEID"] = (model.SelectedLanguage.HasValue) ? model.SelectedLanguage.Value : 1;
SessionHelper.Relogin = false;
return(RedirectToLocal("~/Frontal/Home/Index"));
}
else
{
SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, null, null, (short)Result_Type.Denied);
_ISpartanSecurityApiConsumer.Insert(oSecurityLog);
ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount);
if (SessionHelper.Relogin)
{
return(Json(Resources.LoginResources.DeactivateAccount));
}
}
}
else
{
SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, null, null, (short)Result_Type.Denied);
_ISpartanSecurityApiConsumer.Insert(oSecurityLog);
ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword);
if (model.FailedAttempts < model.MaxFailedAttempts)
{
model.FailedAttempts = model.FailedAttempts + 1;
}
else
{
if (UsersByName.RowCount == 1)
{
var UserByName = UsersByName.Spartan_Users.First();
UserByName.Status = 2;
int status = _IUseroApiConsumer.Update(UserByName, null, null).Resource;
model.FailedAttempts = 1;
}
Session["BlockUser"] = true;
}
if (SessionHelper.Relogin)
{
return(Json(Resources.LoginResources.InvalidUserPassword));
}
}
}
model.LanguageList = GetLanguage();
// If we got this far, something failed, redisplay form
return(View(model));
}
