private void SetAuthentication(Spartan_User_Core UserDetails) { // create instance of context view model ContextViewModel CM = new ContextViewModel(); // set logged in values with context view model to store values with cookies CM.Email = UserDetails.Spartan_Users[0].Email; CM.Id = UserDetails.Spartan_Users[0].Id; CM.Id_User = UserDetails.Spartan_Users[0].Id_User; CM.Password = UserDetails.Spartan_Users[0].Password; CM.Role = UserDetails.Spartan_Users[0].Role; CM.Status = UserDetails.Spartan_Users[0].Status; CM.Name = UserDetails.Spartan_Users[0].Name; CM.UserName = UserDetails.Spartan_Users[0].Username; AuthenticationSerialize serialiseAuth = new AuthenticationSerialize(); UserContextViewModel userContext = new UserContextViewModel(); userContext.CurrentUser = CM; serialiseAuth.UserContext = userContext; JavaScriptSerializer serializer = new JavaScriptSerializer(); string userData = serializer.Serialize(serialiseAuth); // set login cookie time for user var tenDaysFromNow = DateTime.UtcNow.AddMinutes(Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"])); // set form authentication ticket with logged int user values FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, serialiseAuth.UserContext.CurrentUser.UserName + " " + serialiseAuth.UserContext.CurrentUser.UserName, DateTime.Now, tenDaysFromNow, false, userData); string encTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); // Add values of user with browser cookie Response.Cookies.Add(faCookie); }
public override void OnAuthorization(AuthorizationContext filterContext) { string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string action = filterContext.ActionDescriptor.ActionName; Authentication auth = null; if (CurrentUser != null && CurrentUser.Identity != null && CurrentUser.Identity.IsAuthenticated && SessionHelper.Relogin == false) { // Get cookies values of user HttpCookie authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null && !string.IsNullOrWhiteSpace(authCookie.Value)) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); JavaScriptSerializer serializer = new JavaScriptSerializer(); AuthenticationSerialize serialiseAuth = serializer.Deserialize <AuthenticationSerialize>(authTicket.UserData); auth = new Authentication(authTicket.Name); // set user context from cookies if (authCookie != null && !string.IsNullOrWhiteSpace(authCookie.Value)) { auth.UserContext = serialiseAuth.UserContext; } if (SessionHelper.UserEntity == null || SessionHelper.UserCredential == null) { ISpartan_UserApiConsumer _IUseroApiConsumer = new Spartan_UserApiConsumer(); ISpartane_FileApiConsumer _ISpartane_FileApiConsumer = new Spartane_FileApiConsumer(); // Call Validate User API for user Exists in application Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count > 0) { if (UserDetails.Spartan_Users[0].Status == 1) { TTUsuario user = new TTUsuario { /*CODMANINI-UPD*/ IdUsuario = Convert.ToInt32(UserDetails.Spartan_Users[0].Id_User), /*CODMANFIN-UPD*/ Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name), Clave_de_Acceso = UserDetails.Spartan_Users[0].Username, //Activo = UserDetails.Spartan_Users[0].Status }; //Adding user Core entity Data SessionHelper.UserEntity = UserDetails.Spartan_Users[0]; var userImage = _ISpartane_FileApiConsumer.GetByKey(Convert.ToInt32(UserDetails.Spartan_Users[0].Image)) .Resource; if (userImage != null && userImage.File != null) { SessionHelper.UserImage = userImage.File; } //Saving Credentials SessionHelper.UserCredential = new Spartane_Credential { Password = auth.UserContext.CurrentUser.Password, UserName = auth.UserContext.CurrentUser.UserName, }; // save role id in session SessionHelper.Role = UserDetails.Spartan_Users[0].Role; // save role object in session SessionHelper.Sprtan_Role = new RoleSpartanUserRole { Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id, Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description, Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status, Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status, User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id, }; HttpContext.Current.Session["USERID"] = user.IdUsuario; HttpContext.Current.Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id; } } else if (controller != "Account" && action != "Login") { filterContext.Controller.TempData["cssClass"] = "error"; filterContext.Controller.TempData["message"] = "You are not logged in."; filterContext.Result = new RedirectResult("~/Account/Login"); //new RedirectResult("/Account/Login"); auth = null; } } HttpContext.Current.User = auth; } } // write code here as per role RoleType else if (controller != "Account" && action != "Login") { if ((controller == "General") && (action == "ExecuteQueryTable")) { } else { filterContext.Controller.TempData["cssClass"] = "error"; filterContext.Controller.TempData["message"] = "You are not logged in."; filterContext.Result = new RedirectResult("~/Account/Login"); //new RedirectResult("/Account/Login"); } } }
public ActionResult ReLogin(LoginViewModel model, string returnUrl) { if (ModelState.ContainsKey("LanguageList")) { ModelState["LanguageList"].Errors.Clear(); } SessionHelper.Relogin = true; if (Session.Count <= 1) { LoginViewModel oLoginViewModel = new LoginViewModel(); oLoginViewModel.LanguageList = GetLanguage(); oLoginViewModel.UserName = model.UserName; oLoginViewModel.Password = model.Password; return(Login(oLoginViewModel)); } if (ModelState.IsValid) { if (!_tokenManager.GenerateToken(model.UserName, EncryptHelper.CalculateMD5Hash(model.Password))) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); return(Json(Resources.LoginResources.InvalidUserPassword)); } _IUseroApiConsumer.SetAuthHeader(_tokenManager.Token); // Call Validate User API for user Exists in application Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { //return Json(string.Empty); if (UserDetails.Spartan_Users[0].Status == 1) { TTUsuario user = new TTUsuario { IdUsuario = Convert.ToInt16(UserDetails.Spartan_Users[0].Id_User), Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name), Clave_de_Acceso = UserDetails.Spartan_Users[0].Username, //Activo = UserDetails.Spartan_Users[0].Status }; SetAuthentication(UserDetails); //_authenticationService.SignIn(user, model.RememberMe); //Saving Credentials SessionHelper.UserCredential = new Spartane_Credential { Password = EncryptHelper.CalculateMD5Hash(model.Password), UserName = model.UserName, }; // save role id in session SessionHelper.Role = UserDetails.Spartan_Users[0].Role; // save role object in session SessionHelper.Sprtan_Role = new RoleSpartanUserRole { Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id, Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description, Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status, Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status, User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id, }; Session["USERID"] = user.IdUsuario; Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id; Session.Timeout = Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]); SessionHelper.Relogin = false; return(Json(string.Empty)); } else { ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount); return(Json(Resources.LoginResources.DeactivateAccount)); } } else { ModelState.AddModelError("", Resources.LoginResources.InvalidPassword); return(Json(Resources.LoginResources.InvalidPassword)); } } return(Json("SessionExpired")); }
public JsonResult ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { try { Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Email = '" + model.Email + "'").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { if (System.IO.File.Exists(Server.MapPath("~/HTMLTemplates/ForgotPassword.html"))) { // Get HTML Template for Forgot password StreamReader sread = new StreamReader(Server.MapPath("~/HTMLTemplates/ForgotPassword.html")); string strBodyTemplate = sread.ReadToEnd(); // Replace User Full Name strBodyTemplate = strBodyTemplate.Replace("*|fullname|*", UserDetails.Spartan_Users[0].Name); strBodyTemplate = strBodyTemplate.Replace("*|username|*", UserDetails.Spartan_Users[0].Username); strBodyTemplate = strBodyTemplate.Replace("*|email|*", UserDetails.Spartan_Users[0].Email); //strBodyTemplate = strBodyTemplate.Replace("*|password|*", UserDetails.Spartan_Users[0].Password); //Replace text for apropiates values in Resources strBodyTemplate = strBodyTemplate.Replace("*|text1|*", Resources.LoginResources.Hello); strBodyTemplate = strBodyTemplate.Replace("*|text2|*", Resources.LoginResources.textTemplateEmail1); strBodyTemplate = strBodyTemplate.Replace("*|text3|*", Resources.LoginResources.UserName.ToString()); strBodyTemplate = strBodyTemplate.Replace("*|text4|*", Resources.LoginResources.Email.ToString()); strBodyTemplate = strBodyTemplate.Replace("*|text5|*", Resources.LoginResources.Password); strBodyTemplate = strBodyTemplate.Replace("*|text6|*", Resources.LoginResources.textTemplateEmail2.ToString()); if (!_tokenManager.GenerateToken("admin", "admin")) { return(null); } var userApi = new Spartan_UserApiConsumer(); userApi.SetAuthHeader(_tokenManager.Token); var tmpuser = userApi.GetByKey(UserDetails.Spartan_Users[0].Id_User, false); var pass = System.Web.Security.Membership.GeneratePassword(7, 0); pass = Regex.Replace(pass, @"[^a-zA-Z0-9]", m => "9") + "$"; tmpuser.Resource.Password = EncryptHelper.CalculateMD5Hash(pass); var res = userApi.Update(tmpuser.Resource, null, null); var userhistApi = new Spartan_User_Historical_PasswordApiConsumer(); userhistApi.SetAuthHeader(_tokenManager.Token); res = userhistApi.Insert(new Core.Domain.Spartan_User_Historical_Password.Spartan_User_Historical_Password() { Fecha_de_Registro = DateTime.Now, Usuario = tmpuser.Resource.Id_User, Password = tmpuser.Resource.Password }, null, null); strBodyTemplate = strBodyTemplate.Replace("*|password|*", pass); // Replace ForgotPassword Link with Token and Encrypted Email List <string> emails = new List <string>(); emails.Add(model.Email); if (Helper.SendEmail(emails, string.Format(Resources.LoginResources.ForgotPasswordEmailSubject, model.UserName), strBodyTemplate)) { return(Json(new { data = string.Format(Resources.LoginResources.ForgotPasswordSuccess, model.Email), valid = true })); } else { return(Json(new { data = Resources.LoginResources.ForgotPasswordEmailError, valid = false })); } } else { return(Json(new { data = Resources.LoginResources.ForgotPasswordEmailError, valid = false })); } } else { return(Json(new { data = Resources.LoginResources.InvalidEmailUserName, valid = false })); } } catch (Exception) { return(Json(new { data = Resources.LoginResources.InvalidEmailUserName, valid = false })); } } else { return(Json(Resources.LoginResources.InvalidEmailUserName)); } }
public ActionResult Login(LoginViewModel model, string returnUrl = "") { Session["BlockUser"] = null; if (ModelState.ContainsKey("LanguageList")) { ModelState["LanguageList"].Errors.Clear(); } if (ModelState.IsValid) { string passwordEncripted = EncryptHelper.CalculateMD5Hash(model.Password); if (!_tokenManager.GenerateToken(model.UserName, passwordEncripted)) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); if (SessionHelper.Relogin) { return(Json(Resources.LoginResources.InvalidUserPassword)); } } _ISpartan_SettingsApiConsumer.SetAuthHeader(_tokenManager.Token); var FailedAttemptDB = _ISpartan_SettingsApiConsumer.GetByKey("FailedAttempts", false).Resource; int FailedAttempts = Convert.ToInt32(FailedAttemptDB.Valor); model.MaxFailedAttempts = FailedAttempts; if (Session["UserName"] != null && Session["UserName"].ToString() != model.UserName) { model.FailedAttempts = 1; } Session["UserName"] = model.UserName; _IUseroApiConsumer.SetAuthHeader(_tokenManager.Token); Spartan_Security_Log oSecurityLog = new Spartan_Security_Log(); var UsersByName = _IUseroApiConsumer.ListaSelAll(0, 10, "Spartan_User.Username = '******'", "").Resource; if (UsersByName.RowCount == 0) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); model.LanguageList = GetLanguage(); SessionHelper.Relogin = false; return(View(model)); } // Call Validate User API for user Exists in application Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { if (UserDetails.Spartan_Users[0].Status == 1) { var spartan_user = new Core.Domain.Spartan_User.Spartan_User { Id_User = UserDetails.Spartan_Users[0].Id_User, Name = UserDetails.Spartan_Users[0].Name, Password = UserDetails.Spartan_Users[0].Password }; TTUsuario user = new TTUsuario { IdUsuario = Convert.ToInt16(UserDetails.Spartan_Users[0].Id_User), Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name), Clave_de_Acceso = UserDetails.Spartan_Users[0].Username, //Activo = UserDetails.Spartan_Users[0].Status }; SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, UserDetails.Spartan_Users[0].Id_User, UserDetails.Spartan_Users[0].Role, (short)Result_Type.Granted); int SecurityLogId = _ISpartanSecurityApiConsumer.Insert(oSecurityLog).Resource; SetAuthentication(UserDetails); //_authenticationService.SignIn(user, model.RememberMe); //Adding user Core entity Data SessionHelper.UserEntity = UserDetails.Spartan_Users[0]; //Getting User Image _ISpartane_FileApiConsumer.SetAuthHeader(_tokenManager.Token); var userImage = _ISpartane_FileApiConsumer.GetByKey(Convert.ToInt32(UserDetails.Spartan_Users[0].Image)) .Resource; if (userImage != null && userImage.File != null) { SessionHelper.UserImage = userImage.File; } Response.Cookies["UserSettings"]["SecurityLogId"] = SecurityLogId.ToString(); Spartan_Session_Log oSessionLog = new Spartan_Session_Log(); SetSessionLogging(ref oSessionLog, (short)Event_Type.Login, (short)Event_Type.Login, SecurityLogId, UserDetails.Spartan_Users[0].Id_User, UserDetails.Spartan_Users[0].Role, (short)Result_Type.Granted); _ISpartanSessionApiConsumer.Insert(oSessionLog); //Saving Credentials SessionHelper.UserCredential = new Spartane_Credential { Password = EncryptHelper.CalculateMD5Hash(model.Password), UserName = model.UserName, }; // save role id in session SessionHelper.Role = UserDetails.Spartan_Users[0].Role; // save role object in session SessionHelper.Sprtan_Role = new RoleSpartanUserRole { Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id, Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description, Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status, Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status, User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id, }; Session["USERID"] = user.IdUsuario; Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id; Session.Timeout = Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]); Session["LANGUAGEID"] = (model.SelectedLanguage.HasValue) ? model.SelectedLanguage.Value : 1; SessionHelper.Relogin = false; return(RedirectToLocal("~/Frontal/Home/Index")); } else { SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, null, null, (short)Result_Type.Denied); _ISpartanSecurityApiConsumer.Insert(oSecurityLog); ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount); if (SessionHelper.Relogin) { return(Json(Resources.LoginResources.DeactivateAccount)); } } } else { SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, null, null, (short)Result_Type.Denied); _ISpartanSecurityApiConsumer.Insert(oSecurityLog); ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); if (model.FailedAttempts < model.MaxFailedAttempts) { model.FailedAttempts = model.FailedAttempts + 1; } else { if (UsersByName.RowCount == 1) { var UserByName = UsersByName.Spartan_Users.First(); UserByName.Status = 2; int status = _IUseroApiConsumer.Update(UserByName, null, null).Resource; model.FailedAttempts = 1; } Session["BlockUser"] = true; } if (SessionHelper.Relogin) { return(Json(Resources.LoginResources.InvalidUserPassword)); } } } model.LanguageList = GetLanguage(); // If we got this far, something failed, redisplay form return(View(model)); }