public ActionResult LoadSecurity(string UserName)
{
///<summary>
/// Loads the Login Security Question and Answer
/// Stores the Answer for the corresponding chosen Question
/// </summary>
LMSDBContext context = new LMSDBContext();
List <SelectListItem> ddSecurityQuestions = new List <SelectListItem>();
LMSLogin login = context.LMSLogins.SingleOrDefault(x => x.UserName == UserName);
int questionId = 0;
if (login != null)
{
LMSUserSecurityAnswer answer = context.LMSUserSecurityAnswers.SingleOrDefault(x => x.LMSLoginId == login.UserId);
if (answer != null)
{
questionId = answer.LMSSecurityQuestionId;
if (questionId > 0)
{
IEnumerable <LMSSecurityQuestion> securityQuestions = unitofwork.LMSSecurityQuestionRepository.Get(x => x.LMSSecurityQuestionId == questionId);
securityQuestions.ToList().ForEach(x => ddSecurityQuestions.Add(new SelectListItem {
Text = x.Question, Value = x.LMSSecurityQuestionId.ToString(), Selected = true
}));
}
}
}
ViewBag.questionId = questionId;
ViewBag.ddSecurityQuestions = ddSecurityQuestions;
return(View());
}
public ActionResult ForgotPassword(LMSUserSecurityAnswer model)
{
///<summary>
/// To recover the forgotten password
/// Checks the user name and the Security Answer if it matches and then stores the new password entered by the user
///</summary>
bool isSuccess = false;
string message = "";
LMSLogin login = null;
LMSDBContext context = null;
LMSUserSecurityAnswer securityanswer = null;
try
{
context = new LMSDBContext();
login = context.LMSLogins.SingleOrDefault(x => x.UserName == model.UserName);
if (login != null)
{
securityanswer = context.LMSUserSecurityAnswers.SingleOrDefault(x => x.LMSLoginId == login.UserId);
if (securityanswer != null)
{
if (securityanswer.LMSSecurityQuestionId == model.LMSSecurityQuestionId && string.Equals(securityanswer.SecurityAnswer, model.SecurityAnswer, StringComparison.OrdinalIgnoreCase))
{
int charaters = CommonConstants.PasswordLength;
string newPassword = charaters.RandomString();
string strCurrentDate = DateTime.Now.ToString();
byte[] strSaltTemp = Encryptor.EncryptText(strCurrentDate, login.UserName);
string se = Convert.ToBase64String(strSaltTemp);
byte[] strPasswordHash = Encryptor.GenerateHash(newPassword, se.ToString());
login.PasswordHash = strPasswordHash;
login.PasswordSalt = strSaltTemp;
login.LastModifiedBy = login.UserId;
login.LastModifiedOn = DateTime.Now;
login.IsSecurityApplied = false;
context.SaveChanges();
isSuccess = true;
message = newPassword;
}
else
{
message = "Incorrect answer.";
}
}
else
{
message = "Security answer does not exists.";
}
}
else
{
message = "UserName does not exists.";
}
}
catch (Exception ex)
{
throw ex;
}
return(Json(new { isSuccess = isSuccess, message = message }, JsonRequestBehavior.AllowGet));
}
