public HttpResponseMessage Registration(UserModel model) { if (!ModelState.IsValid) { return(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState)); } else { var encryptedPassword = EncryptDecryptPassword.EncryptPlainTextToCipherText(model.Password); db.UserTbls.Add(new UserTbl() { CityId = model.CityId, FirstName = model.FirstName, LastName = model.LastName, Email = model.Email, MobileNumber = model.MobileNumber, FlatNumber = model.FlatNumber, CountryId = model.CountryId, StateId = model.StateId, SocityName = model.SocityName, DateModified = DateTime.Now, DateAdded = DateTime.Now, WhatsAppNumber = model.WhatsAppNumber, WingName = model.WingName, Landmark = model.Landmark, Password = encryptedPassword, UserName = model.UserName, Token = model.Token }); db.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.OK)); } }
public HttpResponseMessage Login(UserTbl model) { if (ModelState.IsValid) { var encryptedPasswordString = EncryptDecryptPassword.EncryptPlainTextToCipherText(model.Password); var user = db.UserTbls.FirstOrDefault(item => item.UserName == model.UserName && item.Password == encryptedPasswordString); if (user != null) { user.Token = Guid.NewGuid(); db.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.OK, new { Token = user.Token, Name = string.Concat(user.FirstName, " ", user.LastName) })); } else { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Username and password")); } } else { return(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState)); } }
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { bool validKey = false; string apiKey = EncryptDecryptPassword.EncryptPlainTextToCipherText(Convert.ToString(ConfigurationSettings.AppSettings["ApiKey"])); IEnumerable <string> requestHeaders; var checkApiKeyExists = request.Headers.TryGetValues("ApiKey", out requestHeaders); if (checkApiKeyExists) { if (requestHeaders.FirstOrDefault().Equals(apiKey)) { validKey = true; } } if (!validKey) { return(new HttpResponseMessage(HttpStatusCode.Forbidden) { Content = new StringContent(JsonConvert.SerializeObject(new { message = "Invalid API Key" })), ReasonPhrase = "Invalid API Key" }); } var response = await base.SendAsync(request, cancellationToken); return(response); }
public async Task <IActionResult> Post(RegistrationModel model) { try { var user = await this.context.RegisterUsers.FirstOrDefaultAsync(a => a.UserName == model.UserName); if (user == null) { model.UserId = Guid.NewGuid().ToString(); model.UserType = 0; model.Password = EncryptDecryptPassword.Encrypt(model.Password, model.UserId.ToString()); this.context.RegisterUsers.Add(model); await this.context.SaveChangesAsync(); return(Ok(model)); } else { return(BadRequest("This User is already registered with us!!!")); } } catch (Exception ex) { return(BadRequest(ex.Message)); } }
/// <summary> /// Encrypt Answer /// </summary> /// <param name="answer"></param> /// <returns></returns> // FIXED-FEB16 - Move "[^0-9a-z]+" to constant public string EncryptAnswer(string answer) { string encryptedString = string.Empty; if (answer != null) { string convertToLower = answer.ToLower(); encryptedString = Regex.Replace(convertToLower, Constants.SpecialCharacterPatterne, string.Empty); } return(EncryptDecryptPassword.EncryptText(encryptedString)); }
/// <summary> /// Validates the user. /// </summary> /// <param name="password"></param> /// <param name="userDetails"></param> /// <returns></returns> private bool ValidateUser(string password, User userDetails) { if (!string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(userDetails.PasswordHash) && !string.IsNullOrEmpty(userDetails.PasswordSalt)) { string passwordInput = string.Format("{0}{1}", password, userDetails.PasswordSalt); string passwordStored = EncryptDecryptPassword.DecryptText(userDetails.PasswordHash); userDetails.ValidLogin = String.CompareOrdinal(passwordInput, passwordStored) == 0; } if (userDetails.UserTypeId != 1) //not SSI Admin { PostApiResponse <bool>(Constants.User, Constants.UpdateUserLogin, userDetails, true); } return(userDetails.ValidLogin); }
/// <summary> /// Add question answer and password. /// </summary> /// <returns></returns> public int AddQuestionAnswerAndPassword(User user) { if (user != null) { string passwordSalt = GetPasswordSalt(user); string passwordHash = EncryptDecryptPassword.EncryptText(string.Format("{0}{1}", user.PasswordHash, passwordSalt)); _cmd = _db.GetStoredProcCommand("AddQuestionAnswerAndPassword"); _db.AddInParameter(_cmd, "@UserID", DbType.Int32, user.UserId); _db.AddInParameter(_cmd, "@PasswordHash", DbType.String, passwordHash); _db.AddInParameter(_cmd, "@PasswordSalt", DbType.String, passwordSalt); _db.AddInParameter(_cmd, "@SecuirtyQuestionAnswer", DbType.Xml, Serializer.ToXml(user.UserSecurityQuestion)); _db.AddInParameter(_cmd, "@EmailType", DbType.Int32, user.EmailType); _db.AddInParameter(_cmd, "@UserName", DbType.String, user.RequestedUserName); return(Convert.ToInt32(_db.ExecuteScalar(_cmd))); } return(0); }
/// <summary> /// Add question answer and password. /// </summary> /// <returns></returns> private string GetPasswordSalt(User user) { string passwordSalt; if (user.EmailType == Convert.ToInt32(Enums.EmailType.AccountActivation) || user.EmailType == Convert.ToInt32(Enums.EmailType.AccountReset)) { passwordSalt = EncryptDecryptPassword.GenerateSalt(); } else { _cmd = _db.GetStoredProcCommand("GetPasswordSalt"); _db.AddInParameter(_cmd, "@UserID", DbType.Int32, user.UserId); passwordSalt = Convert.ToString(_db.ExecuteScalar(_cmd)); } return(passwordSalt); }
/// <summary> /// View AccountActivation Page /// </summary> public ActionResult AccountActivation(string token) { string guid = EncryptDecryptPassword.DecryptText(token); if (!string.IsNullOrEmpty(guid)) { UserViewModel userViewModel = new UserViewModel { UserGuid = new Guid(guid) }; User user = Mapper.Map <UserViewModel, User>(userViewModel); User userinfo = PostApiResponse <User>(Constants.User, Constants.ValidateToken, user, true); if (userinfo != null) { userViewModel = Mapper.Map <User, UserViewModel>(userinfo); return(View(userViewModel)); } } return(View(new UserViewModel())); }
public async Task <IActionResult> Login(LoginModel model) { try { var user = await this.context.RegisterUsers.FirstOrDefaultAsync(a => a.UserName == model.UserName); if (user != null) { var testing = EncryptDecryptPassword.Encrypt(model.Password, user.UserId); var password = EncryptDecryptPassword.Decrypt(user.Password, user.UserId); if (password == model.Password) { var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim("UserID", user.UserId.ToString()) }), Expires = DateTime.UtcNow.AddDays(1), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_appSettings.JWT_Secret)), SecurityAlgorithms.HmacSha256Signature) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var SecurityToken = tokenHandler.WriteToken(securityToken); return(Ok(new { SecurityToken, user })); } else { return(BadRequest("Password is incorrect")); } } else { return(BadRequest("Username is incorrect.")); } } catch (Exception ex) { return(BadRequest("Incorrect username or password")); } }
public JsonResult Attempt(string username, string password) { try { //check if model is valid if (ModelState.IsValid) { //get the result of login using ignition web service string result = HttpHandler.UserLogin(username, password); //handle error if (result == null || result == "") { response.Add("success", false); response.Add("error", true); response.Add("message", "Something went wrong. Please try again later."); } else { if (Convert.ToBoolean(result) == true) { //if the result is true get the user info from AD web service string userType = ""; //init the encryptor/decryptor EncryptDecryptPassword e = new EncryptDecryptPassword(); //use default credentials for the service HttpClientHandler handler = new HttpClientHandler(); handler.UseDefaultCredentials = true; //init the client HttpClient client = new HttpClient(handler); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); //get the user type from the local db and use it to display the position //we are not using the AD's employee position. instead we will use our application's user type for the position try { userType = UserModels.GetPosition(username); } catch { userType = "N/A"; } bool isLoginSuperVision = UserModels.isLoginSuperVision(username); JavaScriptSerializer j = new JavaScriptSerializer(); //init the url for the service var url = ConfigurationManager.AppSettings[ConfigurationManager.AppSettings["env"].ToString() + "_api_base_url"].ToString() + "login/userinfo?username="******"&json=true"; HttpResponseMessage res = client.GetAsync(url).Result; //if success create session and cookie to store login status if (res.IsSuccessStatusCode) { try { //create the session and cookie based on the result from AD service (user info) string strJson = res.Content.ReadAsStringAsync().Result; dynamic jObj = (JObject)JsonConvert.DeserializeObject(strJson); object a = j.Deserialize(strJson, typeof(object)); var dict = JsonConvert.DeserializeObject <Dictionary <string, object> >(strJson); HttpContext.Session.Add("Username", username); HttpContext.Session.Add("Name", dict["cn"]); HttpContext.Session.Add("Position", userType); HttpContext.Session.Add("isLoginSuperVision", isLoginSuperVision); HttpContext.Session.Add("EmployeeNumber", dict["employeeNumber"].ToString()); string thumbnail = ""; try { thumbnail = dict["thumbnailPhoto"].ToString(); } catch { } if (thumbnail.ToString() == null || thumbnail == "") { byte[] imageBytes = ReadImageFile(Server.MapPath("~/Content/template/images/default_photo.jpg")); string imageBase64String = Convert.ToBase64String(imageBytes); string defaultImage = imageBase64String; thumbnail = defaultImage; } HttpContext.Session.Add("ThumbnailPhoto", thumbnail); HttpHandler.UpdateThumbnailPhoto(username, thumbnail); DateTime now = DateTime.Now; try { HttpCookie cookieThumbnailPhoto = new HttpCookie("ThumbnailPhoto"); cookieThumbnailPhoto.Value = thumbnail; cookieThumbnailPhoto.Expires = now.AddDays(30); Response.Cookies.Add(cookieThumbnailPhoto); HttpCookie cookieName = new HttpCookie("Name"); cookieName.Value = dict["cn"].ToString(); cookieName.Expires = now.AddDays(30); Response.Cookies.Add(cookieName); HttpCookie cookiePositon = new HttpCookie("Position"); cookiePositon.Value = userType; cookiePositon.Expires = now.AddDays(30); Response.Cookies.Add(cookiePositon); HttpCookie cookieLoginSupervision = new HttpCookie("isLoginSuperVision"); cookieLoginSupervision.Value = isLoginSuperVision.ToString(); cookieLoginSupervision.Expires = now.AddDays(30); Response.Cookies.Add(cookieLoginSupervision); HttpCookie cookieEmployeeNumber = new HttpCookie("EmployeeNumber"); cookieEmployeeNumber.Value = dict["employeeNumber"].ToString(); cookieEmployeeNumber.Expires = now.AddDays(30); Response.Cookies.Add(cookieEmployeeNumber); } catch { } } catch { //handle users not in the AD (standalone user for the application) //get the default thumbnail photo byte[] imageBytes = ReadImageFile(Server.MapPath("~/Content/template/images/default_photo.jpg")); string imageBase64String = Convert.ToBase64String(imageBytes); string defaultImage = imageBase64String; //create session and cookie HttpContext.Session.Add("Username", username); HttpContext.Session.Add("Name", username); HttpContext.Session.Add("Position", userType); HttpContext.Session.Add("isLoginSuperVision", isLoginSuperVision); HttpContext.Session.Add("EmployeeNumber", ""); HttpContext.Session.Add("ThumbnailPhoto", defaultImage); HttpHandler.UpdateThumbnailPhoto(username, defaultImage); DateTime now = DateTime.Now; try { HttpCookie cookieThumbnailPhoto = new HttpCookie("ThumbnailPhoto"); cookieThumbnailPhoto.Value = defaultImage; cookieThumbnailPhoto.Expires = now.AddDays(30); Response.Cookies.Add(cookieThumbnailPhoto); HttpCookie cookieName = new HttpCookie("Name"); cookieName.Value = username; cookieName.Expires = now.AddDays(30); Response.Cookies.Add(cookieName); HttpCookie cookiePosition = new HttpCookie("Position"); cookiePosition.Value = userType; cookiePosition.Expires = now.AddDays(30); Response.Cookies.Add(cookiePosition); HttpCookie cookieLoginSupervision = new HttpCookie("isLoginSuperVision"); cookieLoginSupervision.Value = isLoginSuperVision.ToString(); cookieLoginSupervision.Expires = now.AddDays(30); Response.Cookies.Add(cookieLoginSupervision); HttpCookie cookieEmployeeNumber = new HttpCookie("EmployeeNumber"); cookieEmployeeNumber.Value = ""; cookieEmployeeNumber.Expires = now.AddDays(30); Response.Cookies.Add(cookieEmployeeNumber); } catch { } } r.Add("success", true); r.Add("error", false); } var check = r["success"]; if (check.ToString() == "True") { response.Add("message", "Login Successful"); response.Add("success", true); response.Add("error", false); } else { throw new Exception("Login failed!"); } } else { response.Add("success", false); response.Add("error", true); response.Add("message", "Invalid username and/or password."); } } } else { throw new Exception("Login failed!"); } } catch (Exception e) { response.Add("success", false); response.Add("error", true); response.Add("message", e.ToString()); } //return the json response return(Json(response, JsonRequestBehavior.AllowGet)); }
/// <summary> /// IsEmail Notification Send /// </summary> /// <param name="user"></param> /// <returns></returns> public bool IsEmailNotificationSend(User user) { if (user != null) { string emailContent, emailSubject = string.Empty; string serverMapPath = user.EmailType == Convert.ToInt32(Enums.EmailType.AccountActivation) ? Server.MapPath(Constants.MailMessageTemplate) : Server.MapPath(Constants.PasswordResetTemplate); using (StreamReader reader = new StreamReader(serverMapPath)) { emailContent = reader.ReadToEnd(); } switch ((Enums.EmailType)Convert.ToInt32(user.EmailType)) { case Enums.EmailType.AccountActivation: emailSubject = Constants.MailSubject; emailContent = emailContent.Replace("##LINK", Constants.ActivationMailLink); break; case Enums.EmailType.AccountReset: emailSubject = Constants.MailSubjectAccountReset; emailContent = emailContent.Replace("##LINK", Constants.ResetAccountMailLink); break; case Enums.EmailType.ChangePassword: emailSubject = Constants.MailSubjectChangePassword; emailContent = emailContent.Replace("##LINK", Constants.ChangePasswordMailLink); break; case Enums.EmailType.PasswordReset: emailSubject = Constants.MailSubjectPasswordReset; emailContent = emailContent.Replace("##LINK", Constants.ResetPasswordMailLink); break; case Enums.EmailType.RecoverPassword: emailSubject = Constants.MailSubjectRecoverPassword; emailContent = emailContent.Replace("##LINK", Constants.RecoverPasswordMailLink); break; } Uri url = System.Web.HttpContext.Current.Request.Url; string domainName = string.Format("{0}/{1}", url.GetLeftPart(UriPartial.Authority), (url.Segments.Length >= 2) ? url.Segments[1] : String.Empty); //email token string emailLink = string.Format("{0}{1}{2}", domainName, Constants.EmailUrl, Server.UrlEncode(EncryptDecryptPassword.EncryptText(user.UserGuid.ToString()))); emailContent = emailContent.Replace("##DATA", user.EmailType == Convert.ToInt32(Enums.EmailType.AccountActivation) ? Constants.ActivationMailBody : Constants.PasswordMailBody); // Change http to https in email link url for production not other environment string httpsEmailLink = emailLink; if (!Constants.HttpUrls.Contains(url.Host)) { httpsEmailLink = emailLink.Replace(Constants.Http, Constants.Https); } emailContent = emailContent.Replace("##GUID", httpsEmailLink); if (user.EmailType != Convert.ToInt32(Enums.EmailType.AccountActivation)) { emailContent = emailContent.Replace("##NAME", string.Format("{0} {1}", user.FirstName, user.LastName)); } try { SaveEmailLog(user); Utilities.SendMail(emailSubject, emailContent, user.UserName); } catch (Exception ex) { Log.LogError("Send Email Exeception", user.UserName, ex); } } return(true); }