public ActionResult AdminLogOn(LogOnModel model)
{
if (!bool.Parse(ConfigurationManager.AppSettings["UnderwriterEnabled"]))
{
return(RedirectToAction("LogOn", "Account"));
}
if (ModelState.IsValid)
{
if (this.userRepo.ExternalUserCount(model.UserName) > 0)
{
log.Alert("External user '{0}' tried to log in as an underwriter!", model.UserName);
ModelState.AddModelError("LoginError", "Wrong user name/password.");
return(View(model));
} // if
string loginError;
var membershipCreateStatus = ValidateUser(
null,
model.UserName,
model.Password,
null,
null,
out loginError
);
if (MembershipCreateStatus.Success == membershipCreateStatus)
{
model.SetCookie(LogOnModel.Roles.Underwriter);
this.context.SetSessionOrigin(null);
bool bRedirectToUrl =
Url.IsLocalUrl(model.ReturnUrl) &&
(model.ReturnUrl.Length > 1) &&
model.ReturnUrl.StartsWith("/") &&
!model.ReturnUrl.StartsWith("//") &&
!model.ReturnUrl.StartsWith("/\\");
if (bRedirectToUrl)
{
return(Redirect(model.ReturnUrl));
}
if (this.context.UserPermissions.Any(x => x.Name == "UnderwriterDashboard"))
{
return(RedirectToAction("Index", "Customers", new { Area = "Underwriter" }));
}
else
{
return(RedirectToAction("Main", "SalesForce", new { Area = "Underwriter" }));
}
} // if
loginError = string.IsNullOrEmpty(loginError) ? "Wrong user name/password." : loginError;
ModelState.AddModelError("LoginError", loginError);
} // if
return(View(model));
} // AdminLogOn
public JsonResult CustomerLogOn(LogOnModel model)
{
string customerIp = RemoteIp();
CustomerOriginEnum origin = UiCustomerOrigin.Get().GetOrigin();
if (!ModelState.IsValid)
{
log.Debug(
"Customer log on attempt from remote IP {0} to origin '{1}': model state is invalid, list of errors:",
customerIp,
origin
);
foreach (var val in ModelState.Values)
{
if (val.Errors.Count < 1)
{
continue;
}
foreach (var err in val.Errors)
{
log.Debug("Model value '{0}' with error '{1}'.", val.Value, err.ErrorMessage);
}
} // for each value
log.Debug("End of list of errors.");
return(Json(new {
success = false,
errorMessage = "User not found or incorrect password."
}, JsonRequestBehavior.AllowGet));
} // if
var pu = new PasswordUtility(CurrentValues.Instance.PasswordHashCycleCount);
log.Debug(
"Customer log on attempt from remote IP {0} received " +
"with user name '{1}' and hash '{2}' (promotion: {3})...",
customerIp,
model.UserName,
pu.Generate(model.UserName, model.Password),
model.PromotionDisplayData
);
try {
if (this.brokerHelper.IsBroker(model.UserName))
{
BrokerProperties bp = this.brokerHelper.TryLogin(
model.UserName,
model.Password,
model.PromotionName,
model.PromotionPageVisitTime
);
if ((bp != null) && (bp.CurrentTermsID != bp.SignedTermsID))
{
Session[Constant.Broker.Terms] = bp.CurrentTerms;
Session[Constant.Broker.TermsID] = bp.CurrentTermsID;
} // if
return(Json(new {
success = (bp != null),
errorMessage = (bp == null) ? "User not found or incorrect password." : string.Empty,
broker = true,
}));
} // if is broker
} catch (Exception e) {
log.Warn(
e,
"Failed to check whether '{0}' is a broker login at origin '{1}', continuing as a customer.",
model.UserName,
origin
);
} // try
var loginModel = new LoginCustomerMultiOriginModel {
UserName = model.UserName,
Origin = origin,
Password = new DasKennwort(model.Password),
PromotionName = model.PromotionName,
PromotionPageVisitTime = model.PromotionPageVisitTime,
RemoteIp = customerIp,
};
UserLoginActionResult ular = this.serviceClient.Instance.LoginCustomerMutliOrigin(loginModel);
if (MembershipCreateStatus.Success.ToString() == ular.Status)
{
model.SetCookie(LogOnModel.Roles.Customer);
this.context.SetSessionOrigin(origin);
return(Json(new { success = true, model, }, JsonRequestBehavior.AllowGet));
} // if
// If we got this far, something failed, redisplay form
return(Json(new { success = false, errorMessage = ular.ErrorMessage }, JsonRequestBehavior.AllowGet));
} // CustomerLogOn