public ServiceStub <UserServiceStub> Login([FromBody] LogOnViewModel model)
{
ServiceStub <UserServiceStub> result = new ServiceStub <UserServiceStub>();
if (ModelState.IsValid)
{
string deviceId = model.DeviceId;
//model.Password = AESEncryptionLibrary.EncryptText(model.Password, "M013i1)!9TpD"); //for debugging only, please comment on production
ActiveDirectoryUtil AdModel = new ActiveDirectoryUtil();
AdModel.Login(model.UserName, model.Password, model.RememberMe);
if (AdModel.IsAuthenticated)
{
Request.Headers.Add("token", MD5EncryptionLibrary.MD5Hash(model.UserName));
UserServiceStub user = new UserServiceStub()
{
username = model.UserName,
roles = AdModel.Roles
};
List <UserServiceStub> users = new List <UserServiceStub>();
users.Add(user);
result.status = 200;
result.message = "Authorized";
result.total = users.Count;
result.data = users;
return(result);
}
else
{
result.status = 400;
result.message = "Username or password is invalid/not registered";
result.total = 0;
result.data = new List <UserServiceStub>();
return(result);
}
}
else
{
result.status = 400;
result.message = "Username / password / device id cannot be empty";
result.total = 0;
result.data = new List <UserServiceStub>();
return(result);
}
}
public virtual ActionResult Login(LogOnViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
ActiveDirectoryUtil AdModel = new ActiveDirectoryUtil();
MembershipUser user = null;
//AdModel.Login(model.UserName, AESEncryptionLibrary.EncryptText(model.Password, "M013i1)!9TpD"), model.RememberMe);
AdModel.Login(model.UserName, model.Password, model.RememberMe);
if (AdModel.IsAuthenticated)
{
user = membershipService.GetUser(model.UserName);
if (user == null)
{
user = membershipService.CreateUser(model.UserName, model.Password, AdModel.Email);
}
else
{
bool validate = membershipService.ValidateUser(model.UserName, model.Password);
if (!validate)
{
string oldPass = user.ResetPassword();
user.ChangePassword(oldPass, model.Password);
membershipService.UpdateUser(user);
}
}
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1,
model.UserName, //user id
DateTime.Now,
DateTime.Now.AddHours(8), // expiry
model.RememberMe, //remember or not
string.Empty
);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket))
{
HttpOnly = true,
Expires = authTicket.Expiration
};
Response.SetCookie(cookie);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
else
{
ModelState.AddModelError("", "Username / password salah atau tidak terdaftar.");
}
}
// If we got this far, something failed, redisplay form
return(RedirectToAction("Login"));
}