public ActionResult DoHL7Login(HL7LoginModel model) { string validateRequestHashFormat = string.Format("{0}|{1}|{2}", model.userid, model.timestampUTCEpoch, AppSettings.HL7ApiKey); string validateRequestHash = HL7AuthHelper.GetEncrypted(validateRequestHashFormat, AppSettings.HL7SharedKey); // The hash does not match what we expect, this is an invalid request if (validateRequestHash != model.requestHash) { Log.For(this).Error("Invalid attempt to login as HL7 user with user ID {0} and request hash '{1}'", model.userid, model.requestHash); return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AttemptInvalid)); } try { // Verify that the request sent from HL7 took less than 5 minutes if (!HL7AuthHelper.ValidateTimestamp(model.timestampUTCEpoch)) { Log.For(this).Warn("Request to login took longer than 5 minutes to reach the server."); return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AuthTimeout)); } } catch { Log.For(this).Error("Timestamp passed in request to HL7 login is not a valid timestamp: {0}", model.timestampUTCEpoch); return(Redirect("/?Message=An error occurred while logging in.")); } string userData = string.Format("{0}=HL7;{1}={2};{3}={4}", CheckPoint.AUTH_DATA_ORGANIZATION, CheckPoint.AUTH_DATA_USERID, model.userid, CheckPoint.AUTH_DATA_ROLES, model.roles); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, model.userid, DateTime.Now, DateTime.Now.AddDays(20), true, userData); string encAuthTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encAuthTicket); faCookie.Expires = DateTime.Now.AddDays(20); if (Response.Cookies[FormsAuthentication.FormsCookieName] != null) { Response.Cookies.Set(faCookie); } else { Response.Cookies.Add(faCookie); } CheckPoint.Instance.CheckHL7Roles(model.userid, model.roles); // Audit the login AuditEntryExtension.SaveAuditEntry("Login", "Success", model.userid, "HL7"); // Either return the user to the specified url, or to the default homepage if none is specified return(Redirect(!string.IsNullOrEmpty(model.ReturnUrl) ? model.ReturnUrl : "/")); }
/// <summary> /// Checks if the authenticated user has a "Login" audit within the last 24 hours. If not, creates a /// Login audit. /// </summary> /// <remarks> /// When user is logged in via "remember me", Login does not have to occur. /// </remarks> private void AuditLogin() { using (TemplateDatabaseDataSource tdb = new TemplateDatabaseDataSource()) { DateTime minDate = DateTime.Now.AddHours(-24); string userName = string.Format("{0} ({1})", CheckPoint.Instance.UserName, CheckPoint.Instance.OrganizationName); // Determine if a login audit has been recorded in the last 24 hours if (tdb.AuditEntries.Count(y => y.AuditDate > minDate && y.Username == userName && y.Type == "Login") == 0) { AuditEntryExtension.SaveAuditEntry("Login", "Success"); } } }
/// <summary> /// Checks if the authenticated user has a "Login" audit within the last 24 hours. If not, creates a /// Login audit. /// </summary> /// <remarks> /// When user is logged in via "remember me", Login does not have to occur. /// </remarks> private void AuditLogin() { using (IObjectRepository tdb = DBContext.Create()) { var user = CheckPoint.Instance.GetUser(tdb); DateTime minDate = DateTime.Now.AddHours(-24); if (user == null) { return; } // Determine if a login audit has been recorded in the last 24 hours if (tdb.AuditEntries.Count(y => y.AuditDate > minDate && y.Username == user.UserName && y.Type == "Login") == 0) { AuditEntryExtension.SaveAuditEntry("Login", "Success", user.UserName); } } }
public ActionResult DoLogin(LoginModel model) { Organization org = this.tdb.Organizations.Single(y => y.Id == model.OrganizationId); // Run the re-captcha checks unless we allow re-captcha to be bypassed or the client has not specified debug mode if (!AppSettings.RecaptchaAllowBypass || !this.Request.Params.ToString().Split('&').Contains("debug")) { if (!ModelState.IsValid) { LoginModel newModel = GetLoginModel(model, App_GlobalResources.TrifoliaLang.RecaptchaInvalid); AuditEntryExtension.SaveAuditEntry("Login", "Failed - The re-captcha response specified is not valid", model.Username, org.Name); return(View("Login", newModel)); } } if (CheckPoint.Instance.ValidateUser(model.Username, org.Name, model.Password)) { Response.Cookies.Clear(); string userData = string.Format("{0}={1}", CheckPoint.AUTH_DATA_ORGANIZATION, org.Name); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 2, model.Username, DateTime.Now, DateTime.Now.AddDays(20), model.RememberMe, userData); string encAuthTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encAuthTicket); if (model.RememberMe) { faCookie.Expires = DateTime.Now.AddDays(20); } Response.Cookies.Set(faCookie); // Audit the login AuditEntryExtension.SaveAuditEntry("Login", "Success", model.Username, org.Name); if (!string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(RedirectToAction("LoggedInIndex", "Home")); } else { LoginModel newModel = GetLoginModel( model.ReturnUrl, model.Username, model.OrganizationId, App_GlobalResources.TrifoliaLang.AuthenticationInvalid, model.RememberMe); // Audit the failed login AuditEntryExtension.SaveAuditEntry("Login", "Failed", model.Username, org.Name); return(View("Login", newModel)); } }