public SignInStatus TwoFactorSignIn(string provider, string code, bool isPersistent, bool rememberBrowser)
{
var userId = GetVerifiedUserId();
if (userId == null)
{
return(SignInStatus.Failure);
}
var user = UserManager.FindById(userId);
if (user == null)
{
return(SignInStatus.Failure);
}
if (UserManager.IsLockedOut(user.Id))
{
return(SignInStatus.LockedOut);
}
if (UserManager.VerifyTwoFactorToken(user.Id, provider, code))
{
// When token is verified correctly, clear the access failed count used for lockout
UserManager.ResetAccessFailedCount(user.Id);
SignInAsync(user, isPersistent, rememberBrowser);
return(SignInStatus.Success);
}
// If the token is incorrect, record the failure which also may cause the user to be locked out
UserManager.AccessFailed(user.Id);
return(SignInStatus.Failure);
}
public SignInStatus PasswordSignIn(string userName, string password, bool isPersistent, bool shouldLockout)
{
var user = UserManager.FindByName(userName);
if (user == null)
{
return(SignInStatus.Failure);
}
if (UserManager.IsLockedOut(user.Id))
{
return(SignInStatus.LockedOut);
}
if (UserManager.CheckPassword(user, password))
{
return(SignInOrTwoFactor(user, isPersistent));
}
if (shouldLockout)
{
// If lockout is requested, increment access failed count which might lock out the user
UserManager.AccessFailed(user.Id);
if (UserManager.IsLockedOut(user.Id))
{
return(SignInStatus.LockedOut);
}
}
return(SignInStatus.Failure);
}
protected override IPrincipal ValidateUser(string userName, string password)
{
var user = _userManager.FindByName(userName);
if (user == null)
{
return(null);
}
if (_userManager.IsLockedOut(user.Id))
{
return(null);
}
var result = _userManager.CheckPassword(user, password);
if (result)
{
_userManager.ResetAccessFailedCount(user.Id);
return(new ClaimsPrincipal(_userManager.CreateIdentity(user, "HTTP Basic")));
}
if (_userManager.SupportsUserLockout)
{
_userManager.AccessFailed(user.Id);
}
return(null);
}
/// <summary>
/// Sign in the user in using the user name and password
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="ipAddress"></param>
/// <param name="isPersistent"></param>
/// <param name="shouldLockout"></param>
/// <returns></returns>
public SignInStatus TronixPasswordSignIn(string userName, string password, string[] ipAddress, bool isPersistent = false, bool shouldLockout = false)
{
var user = UserManager?.FindByName(userName);
if (user == null)
{
return(SignInStatus.Failure);
}
if (user.Inactive)
{
return(SignInStatus.Failure);
}
if (UserManager.IsLockedOut(user.Id))
{
return(SignInStatus.LockedOut);
}
if (UserManager.CheckPassword(user, password))
{
UserManager.ResetAccessFailedCount(user.Id);
return(SignInOrTwoFactor(user, isPersistent, ipAddress));
}
if (!shouldLockout)
{
return(SignInStatus.Failure);
}
// If lockout is requested, increment access failed count which might lock out the user
UserManager.AccessFailed(user.Id);
return(UserManager.IsLockedOut(user.Id) ? SignInStatus.LockedOut : SignInStatus.Failure);
}
public async Task <ActionResult> Login(LoginViewModel details, string returnUrl)
{
AppUser user = await UserManager.FindAsync(details.Name, details.Password);
AppUser currUser = UserManager.Users.FirstOrDefault(u => u.UserName == details.Name);
if ((user == null) || (currUser != null && UserManager.IsLockedOut(currUser.Id)))
{
if (currUser != null)
{
currUser.LockoutEnabled = true;
if (UserManager.IsLockedOut(currUser.Id))
{
ModelState.AddModelError("", $"Ваш аккаунт заблокирован в целях безопасноти, до {currUser.LockoutEndDateUtc.Value}");
UserManager.ResetAccessFailedCount(currUser.Id);
}
else if (UserManager.MaxFailedAccessAttemptsBeforeLockout <= currUser.AccessFailedCount + 1)
{
currUser.LockoutEndDateUtc = DateTime.UtcNow.AddMinutes(1);
await UserManager.UpdateAsync(currUser);
UserManager.ResetAccessFailedCount(currUser.Id);
ModelState.AddModelError("", $"Ваш аккаунт заблокирован в целях безопасноти, до {currUser.LockoutEndDateUtc.Value}");
}
else
{
UserManager.AccessFailed(currUser.Id);
ModelState.AddModelError("", $"Некорректный пароль осталось {UserManager.MaxFailedAccessAttemptsBeforeLockout - UserManager.GetAccessFailedCount(currUser.Id)} попытки.");
}
}
else
{
ModelState.AddModelError("", "Некорректное имя.");
}
}
else
{
ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,
DefaultAuthenticationTypes.ApplicationCookie);
await UserManager.ResetAccessFailedCountAsync(user.Id);
AuthManager.SignOut();
AuthManager.SignIn(new AuthenticationProperties
{
IsPersistent = true
}, ident);
AccountInfoEvent($"Account wiht name:{user.UserName}; and id:{user.Id} has been successfuly logged in");
if (!string.IsNullOrEmpty(returnUrl))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToActionPermanent("Index", "Home"));
}
}
return(View(details));
}
public void CanIncrementFailedAttempts()
{
UserManager.MaxFailedAccessAttemptsBeforeLockout = 5;
var user = CreateBasicUser();
var result = UserManager.AccessFailed(user.Id);
result.Succeeded.ShouldBe(true);
UserManager.GetAccessFailedCount(user.Id).ShouldBe(1);
}
public void LockoutAccount()
{
var userManager = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(this._session));
userManager.MaxFailedAccessAttemptsBeforeLockout = 3;
userManager.UserLockoutEnabledByDefault = true;
userManager.DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0);
userManager.Create(new ApplicationUser()
{
UserName = "******", LockoutEnabled = true
}, "Welcome");
var user = userManager.Find("test", "Welcome");
Assert.AreEqual(0, userManager.GetAccessFailedCount(user.Id));
userManager.AccessFailed(user.Id);
Assert.AreEqual(1, userManager.GetAccessFailedCount(user.Id));
userManager.AccessFailed(user.Id);
Assert.AreEqual(2, userManager.GetAccessFailedCount(user.Id));
userManager.AccessFailed(user.Id);
Assert.IsTrue(userManager.IsLockedOut(user.Id));
}
bool ValidLogin(Login login)
{
UserStore <IdentityUser> userStore = new UserStore <IdentityUser>();
UserManager <IdentityUser> userManager = new UserManager <IdentityUser>(userStore)
{
UserLockoutEnabledByDefault = true,
DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0),
MaxFailedAccessAttemptsBeforeLockout = 5
};
var user = userManager.FindByName(login.UserName);
if (user == null)
{
UserNoFound = true;
return(false);
}
// User is locked out.
if (userManager.SupportsUserLockout && userManager.IsLockedOut(user.Id))
{
Locked = true;
return(false);
}
// Validated user was locked out but now can be reset.
if (userManager.CheckPassword(user, login.Password) && userManager.IsEmailConfirmed(user.Id))
{
if (userManager.SupportsUserLockout &&
userManager.GetAccessFailedCount(user.Id) > 0)
{
userManager.ResetAccessFailedCount(user.Id);
}
}
// Login is invalid so increment failed attempts.
else
{
bool lockoutEnabled = userManager.GetLockoutEnabled(user.Id);
PasswordIncorrent = true;
if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(user.Id))
{
userManager.AccessFailed(user.Id);
return(false);
}
}
return(true);
}
//public void DeleteRole(string roleId)
//{
// var roleUsers = _db.Users.Where(u => u.Roles.Any(r => r.RoleId == roleId));
// var role = _db.Roles.Find(roleId);
// foreach (var user in roleUsers)
// {
// this.RemoveFromRole(user.Id, role.Name);
// }
// _db.Roles.Remove(role);
// _db.SaveChanges();
//}
protected void LogIn(object sender, EventArgs e)
{
if (IsValid)
{
// Validate the user password
var manager = new UserManager();
ApplicationUser user = manager.Find(UserName.Text, Password.Text);
if (user != null)
{
bool x = manager.IsLockedOut(user.Id);
if (x)
{
usrststr.WriteStat(user.Id, "User is blocked");
FailureText.Text = "User is blocked";
ErrorMessage.Visible = true;
}
else
{
manager.ResetAccessFailedCount(user.Id);
//IdentityHelper.SignIn(manager, user, RememberMe.Checked);
IdentityHelper.SignIn(manager, user, false);
// begin statistica
usrststr.WriteStat(user.Id, "Login");
// end statistica
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
}
}
else
{
var r = manager.FindByName(UserName.Text);
if (r != null)
{
usrststr.WriteStat(r.Id, "Invalid password.");
FailureText.Text = "Invalid password.";
ErrorMessage.Visible = true;
if (manager.IsLockedOut(r.Id))
{
}
else
{
if (manager.IsInRole(r.Id, "Administrator") == true)
{
}
else
{
var z = manager.SetLockoutEnabled(r.Id, true);
manager.AccessFailed(r.Id);
}
usrststr.WriteStat(r.Id, "Access denied.");
}
}
else
{
FailureText.Text = "Invalid username.";
ErrorMessage.Visible = true;
}
}
}
}
bool ValidLogin(Login login)
{
UserStore<IdentityUser> userStore = new UserStore<IdentityUser>();
UserManager<IdentityUser> userManager = new UserManager<IdentityUser>(userStore)
{
UserLockoutEnabledByDefault = true,
DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0),
MaxFailedAccessAttemptsBeforeLockout = 3
};
var user = userManager.FindByName(login.UserName);
if (user == null)
return false;
// User is locked out.
if (userManager.SupportsUserLockout && userManager.IsLockedOut(user.Id))
return false;
// Validated user was locked out but now can be reset.
if (userManager.CheckPassword(user, login.Password)
&& userManager.IsEmailConfirmed(user.Id))
{
if (userManager.SupportsUserLockout
&& userManager.GetAccessFailedCount(user.Id) > 0)
{
userManager.ResetAccessFailedCount(user.Id);
}
}
// Login is invalid so increment failed attempts.
else {
bool lockoutEnabled = userManager.GetLockoutEnabled(user.Id);
if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(user.Id))
{
userManager.AccessFailed(user.Id);
return false;
}
}
return true;
}
bool ValidLogin(Login login)
{
UserStore<IdentityUser> userStore = new UserStore<IdentityUser>();
UserManager<IdentityUser> userManager = new UserManager<IdentityUser>(userStore)
{
UserLockoutEnabledByDefault = true,
DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0),
MaxFailedAccessAttemptsBeforeLockout = 3
};
var user = userManager.FindByName(login.UserName);
if (user == null)
return false;
// User is locked out.
if (userManager.SupportsUserLockout && userManager.IsLockedOut(user.Id))
{
return false;
}
// Validated user was locked out but now can be reset.
if (userManager.CheckPassword(user, login.Password))
{
if (userManager.SupportsUserLockout
&& userManager.GetAccessFailedCount(user.Id) > 0)
{
userManager.ResetAccessFailedCount(user.Id);
}
}
// Login is invalid so increment failed attempts.
else {
bool lockoutEnabled = userManager.GetLockoutEnabled(user.Id);
if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(user.Id))
{
userManager.AccessFailed(user.Id);
return false;
}
CaptchaHelper captchaHelper = new CaptchaHelper();
string captchaResponse = captchaHelper.CheckRecaptcha();
if (captchaResponse != "Valid")
{
ViewBag.ErrorResponse = "The captcha must be valid";
}
}
return true;
}
public async Task <ActionResult> SignIn([Bind(Include = "SinginId,Password")] SignInViewModel model)
{
bool signIn = false;
SignInLogModel log = new SignInLogModel();
log.ClientIp = GetClientIp();
log.UserCode = model.SinginId;
if (!ModelState.IsValid)
{
log.SetStatus(-1);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
return(View(model));
}
UserModel user = await UserManager.FindByNameAsync(model.SinginId);
if (user != null)
{
log.UserModelId = user.Id;
if (user.Deleted)
{
log.SetStatus(-2);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
ModelState.AddModelError("", AuthResources.AuthError);
return(View(model));
}
if (UserManager.IsLockedOut(user.Id))
{
log.SetStatus(-3);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
ModelState.AddModelError("", AuthResources.AuthUserLockedOut);
return(View(model));
}
if (UserManager.CheckPassword(user, model.Password))
{
if (user.Enabled == false)
{
log.SetStatus(-4);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
ModelState.AddModelError("", AuthResources.AuthUserDisabled);
return(View(model));
}
if (user.PasswordSkipCnt >= 3)
{
log.SetStatus(-5);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
ModelState.AddModelError("", AuthResources.AuthPasswordNoChange);
return(View(model));
}
signIn = true;
}
else
{
UserManager.AccessFailed(user.Id);
if (UserManager.IsLockedOut(user.Id))
{
log.SetStatus(-6);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
ModelState.AddModelError("", AuthResources.AuthUserLockedOutNow);
return(View(model));
}
}
}
if (signIn)
{
user = await UserManager.FindAsync(model.SinginId, model.Password);
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
ClaimsIdentity identity = await user.GenerateUserIdentityAsync(UserManager);
AuthenticationManager.SignIn(new AuthenticationProperties()
{
IsPersistent = false
}, identity);
await UserManager.ResetAccessFailedCountAsync(user.Id);
log.SetStatus(0);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
if (user.Expiration < DateTime.Now)
{
user.PasswordSkipCnt++;
await UserManager.UpdateAsync(user);
return(RedirectToAction("ExpirationChangePassword"));
}
// await UserManager.UpdateAsync(user);
}
else
{
log.SetStatus(-7);
dbContext.SignInLogModels.Add(log);
dbContext.SaveChanges();
ModelState.AddModelError("", AuthResources.AuthError);
return(View(model));
}
return(RedirectToHome());
}
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
string log;
if (!ModelState.IsValid)
{
return(View(model));
}
try
{
UserManager.UserLockoutEnabledByDefault = Convert.ToBoolean(ConfigurationManager.AppSettings["UserLockoutEnabled"]);
UserManager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(ConfigurationManager.AppSettings["AccountLockoutTimeSpan"]));
UserManager.MaxFailedAccessAttemptsBeforeLockout = Convert.ToInt32(ConfigurationManager.AppSettings["MaxFailedAccessAttemptsBeforeLockout"]);
var usuario = await UserManager.FindByNameAsync(model.UserName);
if (usuario != null)
{
if (await UserManager.IsLockedOutAsync(usuario.Id))
{
ModelState.AddModelError("",
string.Format(CommonMensajesResource.ERROR_Identity_UsuarioBloqueadoTemporalmente,
ConfigurationManager.AppSettings["AccountLockoutTimeSpan"],
ConfigurationManager.AppSettings["MaxFailedAccessAttemptsBeforeLockout"]));
return(View(model));
}
var passwordValid = UserManager.PasswordHasher.VerifyHashedPassword(usuario.PasswordHash, model.Password);
if (passwordValid == PasswordVerificationResult.Failed)
{
UserManager.AccessFailed(usuario.Id);
ModelState.AddModelError("", CommonMensajesResource.ERROR_Identity_UsuarioPassword);
return(View(model));
}
await SignInAsync(usuario, model.RememberMe);
return(RedirectToLocal(returnUrl));
}
}
catch (BusinessException businessEx)
{
log = CommonManager.BuildMessageLog(
TipoMensaje.Error,
ControllerContext.Controller.ValueProvider.GetValue("controller").RawValue.ToString(),
ControllerContext.Controller.ValueProvider.GetValue("action").RawValue.ToString(),
businessEx.ToString(),
Request);
CommonManager.WriteBusinessLog(log, TipoMensaje.Error);
return(View(model));
}
catch (Exception e)
{
log = CommonManager.BuildMessageLog(
TipoMensaje.Error,
ControllerContext.Controller.ValueProvider.GetValue("controller").RawValue.ToString(),
ControllerContext.Controller.ValueProvider.GetValue("action").RawValue.ToString(),
e.ToString(), Request);
CommonManager.WriteAppLog(log, TipoMensaje.Error);
}
ModelState.AddModelError("", CommonMensajesResource.ERROR_Identity_UsuarioPassword);
return(View(model));
}
public void LockoutAccount()
{
var userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(this._session));
userManager.MaxFailedAccessAttemptsBeforeLockout = 3;
userManager.UserLockoutEnabledByDefault = true;
userManager.DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0);
userManager.Create(new ApplicationUser() { UserName = "******", LockoutEnabled = true }, "Welcome");
var user = userManager.Find("test", "Welcome");
Assert.AreEqual(0, userManager.GetAccessFailedCount(user.Id));
userManager.AccessFailed(user.Id);
Assert.AreEqual(1, userManager.GetAccessFailedCount(user.Id));
userManager.AccessFailed(user.Id);
Assert.AreEqual(2, userManager.GetAccessFailedCount(user.Id));
userManager.AccessFailed(user.Id);
Assert.IsTrue(userManager.IsLockedOut(user.Id));
}
protected void BtnIniciar_Click1(object sender, EventArgs e)
{
var userStore = new UserStore<IdentityUser>();
var userManager = new UserManager<IdentityUser>(userStore);
//var user = userManager.Find(UserName.Text, Password.Text);
var user = userManager.FindByName(UserName.Text);
if (user != null)
{
var validCredentials = userManager.Find(UserName.Text, Password.Text);
if (userManager.IsLockedOut(user.Id))
{
ModelState.AddModelError("", string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", ConfigurationManager.AppSettings["DefaultAccountLockoutTimeSpan"].ToString()));
StatusText.Text = string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", ConfigurationManager.AppSettings["DefaultAccountLockoutTimeSpan"].ToString());
}
else if (userManager.GetLockoutEnabled(user.Id) && validCredentials == null)
{
userManager.AccessFailed(user.Id);
string message;
if (userManager.IsLockedOut(user.Id))
{
message = string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", ConfigurationManager.AppSettings["DefaultAccountLockoutTimeSpan"].ToString());
StatusText.Text = message;
}
else
{
int accessFailedCount = userManager.GetAccessFailedCount(user.Id);
int attemptsLeft =
Convert.ToInt32(
ConfigurationManager.AppSettings["MaxFailedAccessAttemptsBeforeLockout"].ToString()) -
accessFailedCount;
message = string.Format(
"Invalid credentials. You have {0} more attempt(s) before your account gets locked out.", attemptsLeft);
StatusText.Text = message;
}
ModelState.AddModelError("", message);
}
else if (validCredentials == null)
{
ModelState.AddModelError("", "Invalid credentials. Please try again.");
StatusText.Text = "Invalid credentials. Please try again.";
}
else
{
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
var userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, userIdentity);
userManager.ResetAccessFailedCount(user.Id);
string vig = DateTime.Now.Year.ToString();
SetCookieUser(UserName.Text, vig);
string url = Request.QueryString["ReturnUrl"];
if (url == "" || url == null)
{
gesMenuAdapter mg = new gesMenuAdapter();
List<dataTree> l = mg.getOpciones("INICI", UserName.Text);
if (l.Where(t => t.roles == "INICIAdministrativo").FirstOrDefault() != null)
{
SetCookieRol("administrador");
url = "/Inicio/Administrativo/Inicio.aspx";
}
else
{
if (l.Where(t => t.roles == "INICIAcudientes").FirstOrDefault() != null)
{
SetCookieRol("acudiente");
url = "/Inicio/Acudientes/Inicio.aspx";
}
}
}
IdentityHelper.RedirectToReturnUrl(url, Response);
}
}
else
{
StatusText.Text = "Invalid username or password.";
}
}
