private UserLoginLog prepareLog(HttpContext ctx, string email)
{
string browserAgent = Helper.GetRequestAgent(ctx);
int browserAgentID = 0;
try
{
string friendlyName = Helper.GetBrowserName(ctx);
using (var _lu = new BegiumLogUnit())
{
browserAgentID = _lu.BrowserAgentUnit.GetBrowserAgentID(browserAgent, friendlyName);
}
}
catch (Exception ex)
{
_log.Error("Unable to prepare UserLoginLog", ex);
}
UserLoginLog log = new UserLoginLog()
{
Login = email,
IsSuccess = false,
DateLogin = DateTime.Now.ToUniversalTime(),
RemoteIP = Helper.GetRequestIP(ctx),
Domain = Helper.GetRequestDomain(ctx),
BrowserAgentID = short.Parse(browserAgentID.ToString())
};
return(log);
}
private bool loginNormalUser(HttpContext ctx, string email, string pwd)
{
UserLoginLog log = prepareLog(ctx, email);
bool result = false;
using (var _u = new BegiumUnit())
{
User uModel = _u.UserUnit.GetByLogin(email);
if (uModel == null)
{
return(result);
}
string hashedPwd = Util.Helper.GetSHA256Hash(pwd, uModel.SaltPassword);
User uInfo = _u.UserUnit.GetByLogin(email, hashedPwd);
using (var _lu = new BegiumLogUnit())
{
if (uInfo != null)
{
// write log
log.IsSuccess = true;
log.UserID = uInfo.UserID;
_lu.UserLoginLogUnit.Insert(log, true);
// update last login
_u.UserUnit.UpdateEach(x => x.UserID == uInfo.UserID, x => x.DateLastLogin = DateTime.Now.ToUniversalTime(), true);
// get user profile pic
var img = _u.ImageUnit.GetUniqueImage(uInfo.UserID, Core.ImageType.User);
if (img != null)
{
uInfo.ProfileImgURL = img.URL;
}
// get agencyName and branchName
string agencyName = "";
string branchName = "";
_u.UserUnit.GetBranchNameAgencyNameByUserID(uInfo.AgencyID, uInfo.UserID, ref agencyName, ref branchName);
uInfo.AgencyName = agencyName;
uInfo.BranchName = branchName;
// set user session
ctx.Session["CURRENT_USER_INFO"] = uInfo;
result = true;
}
else
{
// write log
log.UserID = 0;
_lu.UserLoginLogUnit.Insert(log, true);
}
}
}
return(result);
}
private bool loginSuperAdmin(HttpContext ctx, string email, string pwd)
{
UserLoginLog log = prepareLog(ctx, email);
bool result = false;
using (var _u = new BegiumUnit())
{
SuperAdmin sModel = _u.SuperAdminUnit.GetByLogin(email.Trim());
if (sModel == null)
{
return(result);
}
string hashedPwd = Util.Helper.GetSHA256Hash(pwd, sModel.SaltPassword);
SuperAdmin sInfo = _u.SuperAdminUnit.GetByLogin(email.Trim(), hashedPwd);
using (var _lu = new BegiumLogUnit())
{
if (sInfo != null)
{
// write log
log.IsSuccess = true;
log.UserID = sInfo.SuperAdminID;
_lu.UserLoginLogUnit.Insert(log, true);
// update last login
_u.SuperAdminUnit.UpdateEach(x => x.SuperAdminID == sInfo.SuperAdminID, x => x.DateLastLogin = DateTime.Now.ToUniversalTime(), true);
// set user session
ctx.Session["CURRENT_USER_INFO"] = sInfo;
result = true;
}
else
{
// write log
log.UserID = 0;
_lu.UserLoginLogUnit.Insert(log, true);
}
}
}
return(result);
}
/// <summary>
/// Impersonate user
/// </summary>
/// <param name="ctx"></param>
/// <param name="timeToLive">Specify how many MINUTES should the key live</param>
/// <returns></returns>
public LoginResult impersonate(HttpContext ctx, int timeToLive = 15)
{
LoginResult res = new LoginResult();
// IMPORTANT!!! clear all session first
ctx.Session.Clear();
using (var _u = new BegiumUnit())
{
// Reset Language
_u.LocalizationStringUnit.LocalizationDicEn = null;
_u.LocalizationStringUnit.LocalizationDicSp = null;
Helper.CombineUserSession = null;
string token = ctx.Request.Params["token"];
string key = "";
try
{
key = LoginManager.DecryptImpersonateKey(token);
}
catch (Exception ex)
{
_log.Error("Could not DecryptImpersonateKey: " + token, ex);
res.Message = "Token is invalid.";
return(res);
}
KeyValuePair <int, DateTime> kv = new KeyValuePair <int, DateTime>();
try
{
kv = LoginManager.ValidateImpersonateKey(key, 15);
}
catch (Exception ex)
{
_log.Error("Could not ValidateImpersonateKey: " + token, ex);
res.Message = ex.Message;
return(res);
}
var uInfo = _u.UserUnit.GetByID(kv.Key);
if (uInfo == null)
{
res.Message = "User not found.";
return(res);
}
else if (!uInfo.IsActive)
{
res.Message = "User is inactive.";
return(res);
}
// everything looks fine now ...
try
{
// write log
UserLoginLog log = prepareLog(ctx, uInfo.Email);
// append SSO info
log.SSOToken = token;
log.SSOTimestamp = kv.Value;
log.IsSuccess = true;
log.UserID = uInfo.UserID;
using (var _lu = new BegiumLogUnit())
{
_lu.UserLoginLogUnit.Insert(log, true);
}
// update last login
_u.UserUnit.UpdateEach(x => x.UserID == uInfo.UserID, x => x.DateLastLogin = DateTime.Now.ToUniversalTime(), true);
// get user profile pic
var img = _u.ImageUnit.GetUniqueImage(uInfo.UserID, Core.ImageType.User);
if (img != null)
{
uInfo.ProfileImgURL = img.URL;
}
// get agencyName and branchName
string agencyName = "";
string branchName = "";
_u.UserUnit.GetBranchNameAgencyNameByUserID(uInfo.AgencyID, uInfo.UserID, ref agencyName, ref branchName);
uInfo.AgencyName = agencyName;
uInfo.BranchName = branchName;
// set user session
ctx.Session["CURRENT_USER_INFO"] = uInfo;
// set cookie
FormsAuthentication.SetAuthCookie(uInfo.Email, false);
// make response successful
res.IsSuccess = true;
res.Url = ServerRoot + "/Agency/Index.aspx";
}
catch (Exception ex)
{
_log.Error("Could not finish impersonate process.", ex);
res.Message = "Unable to process request. Please try again later.";
}
}
return(res);
}
public LoginResult impersonateSetPWForSA(HttpContext ctx)
{
LoginResult res = new LoginResult();
// IMPORTANT!!! clear all session first
ctx.Session.Clear();
using (var _u = new BegiumUnit())
{
using (var _ul = new BegiumLogUnit())
{
// Reset Language
_u.LocalizationStringUnit.LocalizationDicEn = null;
_u.LocalizationStringUnit.LocalizationDicSp = null;
Helper.CombineUserSession = null;
string token = ctx.Request.Params["token"];
string key = "";
try
{
key = LoginManager.DecryptImpersonateKey(token);
}
catch (Exception ex)
{
_log.Error("Could not DecryptImpersonateKey: " + token, ex);
res.Message = "Token is invalid.";
return(res);
}
KeyValuePair <int, Guid> kv = new KeyValuePair <int, Guid>();
try
{
kv = LoginManager.ValidateImpersonateKeySetPW(key);
}
catch (Exception ex)
{
_log.Error("Could not ValidateImpersonateKey: " + token, ex);
res.Message = ex.Message;
return(res);
}
//valid OTP
var otp = _ul.OneTimePWUnit.GetOTPByOTPKey(kv.Key, kv.Value);
if (otp == null)
{
res.Message = "not valid";
return(res);
}
else if (otp.DateFirstLogin.Year > 1900)
{
res.Message = "Este enlace ya no es válido";
return(res);
}
SuperAdmin uInfo = _u.SuperAdminUnit.GetByID(kv.Key);
if (uInfo == null)
{
res.Message = "User not found.";
return(res);
}
else if (!uInfo.IsActive)
{
res.Message = "User is inactive.";
return(res);
}
// everything looks fine now ...
otp.DateFirstLogin = DateTime.UtcNow;
_ul.OneTimePWUnit.Update(otp, true);
try
{
// write log
UserLoginLog log = prepareLog(ctx, uInfo.Email);
// append SSO info
log.SSOToken = token;
log.SSOTimestamp = DateTime.UtcNow;
log.IsSuccess = true;
log.UserID = uInfo.SuperAdminID;
using (var _lu = new BegiumLogUnit())
{
_lu.UserLoginLogUnit.Insert(log, true);
}
// update last login
_u.UserUnit.UpdateEach(x => x.UserID == uInfo.SuperAdminID, x => x.DateLastLogin = DateTime.Now.ToUniversalTime(), true);
// set user session
ctx.Session["CURRENT_USER_INFO"] = uInfo;
// set cookie
FormsAuthentication.SetAuthCookie(uInfo.Email, false);
// make response successful
res.IsSuccess = true;
res.Url = "~/SuperAdmin/Agency/AgenciesManager.aspx";
}
catch (Exception ex)
{
_log.Error("Could not finish impersonate process.", ex);
res.Message = "Unable to process request. Please try again later.";
}
}
}
return(res);
}
