public PasswordConfigDTO GetData(string pwc_Id) { log.MethodStart(); PasswordConfigDTO objModel = new PasswordConfigDTO(); using (var trans = _db.Database.BeginTransaction()) { try { var objReturn1 = _db.TCPasswordConfigs.FirstOrDefault(x => x.pwc_id == 1); objModel = _mapper.Map <PasswordConfigDTO>(objReturn1); trans.Commit(); } catch (Exception ex) { // TODO: Handle failure trans.Rollback(); } finally { trans.Dispose(); } } log.MethodFinish(); return(objModel); }
public async Task <PasswordConfigDTO> GetDataAsync() { PasswordConfigDTO menu = new PasswordConfigDTO(); menu = await _apiHelper.GetDataByIdAsync <PasswordConfigDTO>("passwordconfig_api/Get_Data", "1"); return(menu); }
public PasswordConfigDTO Post_SaveData([FromBody] PasswordConfigDTO model) { var objReturn1 = _service.SaveData(model); var objReturn = _service.GetData("1"); return(objReturn); }
public ActionResult SavePasswordConfiguration(int acid, PasswordConfigModel objPassConfigModel) { if (objPassConfigModel.MinLength < 4) { ModelState.AddModelError("MinLength", Common.Common.getResource("pc_msg_50572")); } if (objPassConfigModel.MinLength > objPassConfigModel.MaxLength) { ModelState.AddModelError("MaxLength", Common.Common.getResource("pc_msg_50573")); } if (objPassConfigModel.LoginAttempts == 0) { ModelState.AddModelError("LoginAttempts", Common.Common.getResource("pc_msg_50574")); } if (objPassConfigModel.MinAlphabets == 0 && objPassConfigModel.MinNumbers == 0 && objPassConfigModel.MinSplChar == 0 && objPassConfigModel.MinUppercaseChar == 0) { ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50575")); } int sum = objPassConfigModel.MinAlphabets + objPassConfigModel.MinNumbers + objPassConfigModel.MinSplChar + objPassConfigModel.MinUppercaseChar; if (sum > objPassConfigModel.MaxLength) { ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50575")); } if (objPassConfigModel.ExpiryReminder > objPassConfigModel.PassValidity) { ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50596")); } if (objPassConfigModel.PassValidity == 0) { ModelState.AddModelError(" ", Common.Common.getResource("pc_msg_50626")); } if (objPassConfigModel.MaxLength == 0) { objPassConfigModel.MaxLength = 20; } if (objPassConfigModel.PassValidity == 0) { objPassConfigModel.PassValidity = 45; } if (ModelState.IsValid) { LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); PasswordConfigSL objPassConfigSL = new PasswordConfigSL(); PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO(); objPassConfigModel.LastUpdatedBy = objLoginUserDetails.LoggedInUserID.ToString(); InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigModel, objPassConfigDTO); objPassConfigSL.SavePasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString, objPassConfigDTO); string AlertMessage = Common.Common.getResource("pc_msg_50571"); return(View("Index", objPassConfigModel).Success(HttpUtility.UrlEncode(AlertMessage))); } return(View("Index", objPassConfigModel));; }
public ActionResult Index(int acid) { LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); PasswordConfigSL objPassConfigSL = new PasswordConfigSL(); PasswordConfigModel objPassConfigModel = new PasswordConfigModel(); PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO(); objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString); InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel); ViewBag.Acid = acid; return(View(objPassConfigModel)); }
public PasswordConfigModel GetPasswordConfigDetails() { LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); PasswordConfigSL objPassConfigSL = new PasswordConfigSL(); PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO(); objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString); PasswordConfigModel objPassConfigModel = new PasswordConfigModel(); InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel); return(objPassConfigModel); }
public async Task <PasswordConfigDTO> SaveDataAsync(PasswordConfigDTO model) { //MenuDTO menu = new MenuDTO() //{ // mnu_id = "2", // mnu_name = "TEST_name", // mnu_area = "TEST_area", // mnu_controller = "TEST_controller" //}; var menua = await _apiHelper.PostDataAsync <PasswordConfigDTO>("passwordconfig_api/Post_SaveData", model); return(menua); }
public PasswordConfigDTO SaveData(PasswordConfigDTO model) { log.MethodStart(); var currentDateTime = DateTime.Now; var currentUser = ""; PasswordConfigDTO objReturn = new PasswordConfigDTO(); using (var trans = _db.Database.BeginTransaction()) { try { var objModel = new TCPasswordConfig(); objModel = _db.TCPasswordConfigs.FirstOrDefault(); objModel.pwc_user_min_char = model.pwc_user_min_char; objModel.pwc_user_max_char = model.pwc_user_max_char; objModel.pwc_min_char = model.pwc_min_char; objModel.pwc_max_char = model.pwc_max_char; objModel.pwc_lowwer_letter = model.pwc_lowwer_letter; objModel.pwc_upper_letter = model.pwc_upper_letter; objModel.pwc_number = model.pwc_number; objModel.pwc_special_char = model.pwc_special_char; objModel.pwc_max_invalid = model.pwc_max_invalid; objModel.pwc_force_reset = model.pwc_force_reset; objModel.pwc_session_timeout = model.pwc_session_timeout; objModel.pwc_default_password = model.pwc_default_password; objModel.pwc_updateuser = model.pwc_updateuser; objModel.pwc_updatedate = currentDateTime; currentUser = objModel.pwc_updateuser; //_db.TCMenus.Update(objModel); #region Save Log Process ... _db.LogProcesss.Add(new LogProcess() { log_usr_id = currentUser, log_mnu_id = _MenuCode, log_mnu_name = "PasswordConfig", log_tran_id = "", log_action = "Update", log_desc = "Update PasswordConfig", log_createuser = currentUser, log_createdate = currentDateTime }); #endregion _db.SaveChanges(); trans.Commit(); } catch (Exception ex) { // TODO: Handle failure trans.Rollback(); } finally { trans.Dispose(); } } log.MethodFinish(); return(objReturn); }
public ActionResult SetPassword(PasswordManagementModel objPwdMgmtModel) { bool bErrorOccurred = false; string i_ErrorMessage = ""; string NewPassword = null; InsiderTradingDAL.CompanyDTO objSelectedCompany = new CompanyDTO(); UserInfoDTO objUserInfoDTO = new UserInfoDTO(); LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); try { if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } if (objPwdMgmtModel.CompanyID == null || objPwdMgmtModel.CompanyID == "") { i_ErrorMessage = "Company is required field."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "") { i_ErrorMessage = "Please enter new password and confirm password."; bErrorOccurred = true; } else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword) { i_ErrorMessage = "New password and Confirm password are not matching."; bErrorOccurred = true; } if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox") { Dictionary <string, string> objCompaniesDictionary = null; objCompaniesDictionary = new Dictionary <string, string>(); using (CompaniesSL objCompanySL = new CompaniesSL()) { foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString())) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower()); } } if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower())) { objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower() select entry.Key).FirstOrDefault(); } else { objLoginUserDetails.ErrorMessage = "Invalid Company Name"; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue })); } } //hashed password to check password history InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity(); string saltValue = string.Empty; if (objPwdMgmtModel.NewPassword != null) { //NewPassword = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword); string sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword); NewPassword = sPasswordHashWithSalt.Split('~')[0].ToString(); saltValue = sPasswordHashWithSalt.Split('~')[1].ToString(); } using (CompaniesSL objCompanySL = new CompaniesSL()) { objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID); } //Check if the new password follows Password policy if (!bErrorOccurred) { Common.Common objCommon = new Common.Common(); PasswordManagementDTO objPasswordManagementUserFromHashCodeDTO = new PasswordManagementDTO(); using (UserInfoSL objUserInfoSL = new UserInfoSL()) { objPasswordManagementUserFromHashCodeDTO = objUserInfoSL.GetUserFromHashCode(objSelectedCompany.CompanyConnectionString, objPwdMgmtModel.HashValue); objUserInfoDTO = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPasswordManagementUserFromHashCodeDTO.UserInfoID); } bool isPasswordValid = objCommon.ValidatePassword(objSelectedCompany.CompanyConnectionString, objUserInfoDTO.LoginID, objPwdMgmtModel.NewPassword, NewPassword, objUserInfoDTO.UserInfoId, out i_ErrorMessage); if (!isPasswordValid) { bErrorOccurred = true; } } if (bErrorOccurred) { //ModelState.AddModelError("Error", i_ErrorMessage); if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } objLoginUserDetails.ErrorMessage = i_ErrorMessage; objLoginUserDetails.CompanyName = objPwdMgmtModel.CompanyID; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); PasswordConfigSL objPassConfigSL = new PasswordConfigSL(); PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO(); objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString); PasswordConfigModel objPassConfigModel = new PasswordConfigModel(); InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel); TempData["PasswordConfigModel"] = objPassConfigModel; return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue })); //return View("SetPassword", objPwdMgmtModel); } PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO(); if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } if (objSelectedCompany == null) { objLoginUserDetails.ErrorMessage = "Entered company is incorrect, please enter correct company and try again."; } else { objPwdMgmtModel.NewPassword = NewPassword; objPwdMgmtModel.ConfirmNewPassword = NewPassword; objPwdMgmtModel.SaltValue = saltValue; InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO); using (UserInfoSL objUserInfoSL = new UserInfoSL()) { objPwdMgmtDTO.UserInfoID = objUserInfoDTO.UserInfoId; objUserInfoSL.ChangePassword(objSelectedCompany.CompanyConnectionString, ref objPwdMgmtDTO); } //InsiderTradingDAL.UserInfoDTO objUserInfo = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO.UserInfoID); objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11271", objSelectedCompany.sCompanyDatabaseName); } Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("Login", "Account")); //return RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) }); } catch (Exception exp) { string sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objSelectedCompany.sCompanyDatabaseName); if (objLoginUserDetails == null) { objLoginUserDetails = new LoginUserDetails(); } objLoginUserDetails.ErrorMessage = sErrMessage; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); return(RedirectToAction("Login", "Account")); //ModelState.AddModelError("Error", sErrMessage); //return View("SetPassword", objPwdMgmtModel); } finally { objLoginUserDetails = null; } }
public ActionResult Login() { LoginUserDetails objLoginUserDetails = null; CompaniesSL objCompaniesSL = null; List <InsiderTradingDAL.CompanyDTO> lstCompanies = null; Dictionary <string, string> objCompaniesDictionary = null; PasswordConfigDTO objPasswordConfig = null; int loginCount = 0; Session["TwoFactor"] = 0; Session["IsOTPAuthPage"] = null; try { //Clear browser cache //Response.Cache.SetNoStore(); //Response.Cache.SetCacheability(HttpCacheability.NoCache); //Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1)); //For company specific url.. auto fill company name string ClientName = ""; string currentURL = HttpContext.Request.Url.AbsoluteUri; int index = currentURL.IndexOf("//"); string RemoveProtocol = ""; RemoveProtocol = currentURL.Substring(index + 2); ClientName = RemoveProtocol.Split('.')[0].ToLower(); if (ClientName == "axisbank") { ClientName = "axis bank"; } Random random = new Random(); int num = random.Next(); Session["randomNumber"] = num; if (ConfigurationManager.AppSettings["ActivateWaterMark"].ToString() == "true") { string DomainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName; if (DomainName == ConfigurationManager.AppSettings["DomainName"]) { ViewData["WaterMarkCompanyName"] = ConfigurationManager.AppSettings["WaterMarkTextForCompanyName"]; ViewData["WaterMarkLoginId"] = ConfigurationManager.AppSettings["WaterMarkTextForLoginId"]; ViewData["WaterMarkPassword"] = "******"; } } //set session validation value Common.Common.SetSessionAndCookiesValidationValue(ConstEnum.SessionAndCookiesKeyBeforeLogin); //create new cookies for login page string cookies_value = Common.Common.GetSessionValue(ConstEnum.SessionValue.CookiesValidationKey).ToString(); //Response.Cookies.Add(new HttpCookie(ConstEnum.CookiesValue.ValidationCookies, cookies_value) { Path = Request.ApplicationPath /*, Expires = DateTime.Now.AddDays(1)*/ }); objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); //set session key to null Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, null); using (objCompaniesSL = new CompaniesSL()) { lstCompanies = objCompaniesSL.getAllCompanies(Common.Common.getSystemConnectionString()); objCompaniesDictionary = new Dictionary <string, string>(); //List<SelectListItem> lstCompaniesListBox = new List<SelectListItem>(); //commented unused variable objCompaniesDictionary.Add("", "Select Company"); foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in lstCompanies) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName); } if (objCompaniesDictionary.ContainsValue(ClientName.ToLower())) { ViewBag.URLCompanyName = ClientName; } else { ViewBag.URLCompanyName = "IgnoreCompanyName"; } } ViewBag.JavascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; ViewBag.CompaniesDropDown = objCompaniesDictionary; if (objLoginUserDetails != null) { ViewBag.LoginError = objLoginUserDetails.ErrorMessage; ViewBag.SuccessMessage = objLoginUserDetails.SuccessMessage; } else { ViewBag.LoginError = ""; } } catch (Exception exp) { Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); } finally { objLoginUserDetails = null; lstCompanies = null; } return(View()); }
public async Task <ActionResult> Login(UserDetailsModel model) { LoginUserDetails objLoginUserDetails = null; InsiderTradingEncryption.DataSecurity objPwdHash = null; CompanyDTO objSelectedCompany = null; DataSecurity objDataSecurity = new DataSecurity(); PasswordConfigDTO objPasswordConfig = null; int loginCount = 0; Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod()); bool IsEmailOTPActive = false; try { Session["UserCaptchaText"] = (model.sCaptchaText == null) ? string.Empty : model.sCaptchaText; TempData["ShowDupTransPopUp"] = 1; objLoginUserDetails = new LoginUserDetails(); string formUsername = string.Empty; string formPassword = string.Empty; string formEncryptedUsername = string.Empty; string formEncryptedPassword = string.Empty; string sPasswordHash = string.Empty; string javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key; string userPasswordHashSalt = Common.ConstEnum.User_Password_Encryption_Key; string EncryptedRandomNo = string.Empty; if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt)) { objPwdHash = new InsiderTradingEncryption.DataSecurity(); formEncryptedUsername = model.sUserName; formEncryptedPassword = model.sPassword; formEncryptedUsername = DecryptStringAES(formEncryptedUsername, javascriptEncryptionKey, javascriptEncryptionKey); formEncryptedPassword = DecryptStringAES(formEncryptedPassword, javascriptEncryptionKey, javascriptEncryptionKey); EncryptedRandomNo = formEncryptedUsername.Split('~')[1].ToString(); if (EncryptedRandomNo != Convert.ToString(Session["randomNumber"])) { throw new System.Web.HttpException(401, "Unauthorized access"); } formUsername = formEncryptedUsername.Split('~')[0].ToString(); formPassword = formEncryptedPassword.Split('~')[0].ToString(); } else { Session["IsSSOActivated"] = "1"; formUsername = model.sUserName; sPasswordHash = string.IsNullOrEmpty(model.sPassword) ? "" : model.sPassword; } using (CompaniesSL objCompanySL = new CompaniesSL()) { if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox") { Dictionary <string, string> objCompaniesDictionary = null; objCompaniesDictionary = new Dictionary <string, string>(); foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString())) { objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName); } if (objCompaniesDictionary.ContainsValue(model.sCompanyName.ToLower())) { model.sCompanyName = (from entry in objCompaniesDictionary where entry.Value.ToLower() == model.sCompanyName.ToLower() select entry.Key).FirstOrDefault(); } else { objLoginUserDetails.ErrorMessage = "Invalid company name"; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Invalid company name"); Session["IsSSOActivated"] = null; return(RedirectToAction("Login", "Account")); } } objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), model.sCompanyName); if (model.sCalledFrom != objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), userPasswordHashSalt)) { string saltValue = string.Empty; string calledFrom = "Login"; using (UserInfoSL ObjUserInfoSL = new UserInfoSL()) { List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objSelectedCompany.CompanyConnectionString, formUsername, calledFrom); foreach (var UserDetails in lstUserDetails) { saltValue = UserDetails.SaltValue; } } using (TwoFactorAuthSL objIsOTPEnable = new TwoFactorAuthSL()) { IsEmailOTPActive = objIsOTPEnable.CheckIsOTPActived(objSelectedCompany.CompanyConnectionString, formUsername); } string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue; if (saltValue != null && saltValue != "") { sPasswordHash = objPwdHash.CreateHashToVerify(formPassword, usrSaltValue); } else { sPasswordHash = objPwdHash.CreateHash(formPassword, usrSaltValue); } } objLoginUserDetails.UserName = formUsername; objLoginUserDetails.Password = sPasswordHash; objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString; objLoginUserDetails.CompanyName = model.sCompanyName; objLoginUserDetails.IsUserLogin = false; //this flag indicate that user is not yet login sucessfully Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); using (var objPassConfigSL = new PasswordConfigSL()) { objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString); loginCount = (Session["UserLgnCount"] == null) ? 0 : Convert.ToInt32(Session["UserLgnCount"].ToString()); TempData["ShowCaptcha"] = false; if (loginCount >= (objPasswordConfig.LoginAttempts - 1)) { TempData["ShowCaptcha"] = true; Session["DisplayCaptcha"] = true; } if ((loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText == "") || loginCount >= objPasswordConfig.LoginAttempts && model.sCaptchaText != Session["CaptchaValue"].ToString()) { TempData["ShowCaptcha"] = true; TempData["ErrorMessage"] = "Please provide valid text"; } } } } catch (Exception exp) { //If User is trying to login with a loginID which is being logged-in into the system. Then show the message and don't allow to login. string sErrMessage = exp.Message; objLoginUserDetails.ErrorMessage = sErrMessage; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); Session["IsSSOActivated"] = null; ClearAllSessions(); return(RedirectToAction("Login", "Account")); } finally { objLoginUserDetails = null; objPwdHash = null; objSelectedCompany = null; } if (IsEmailOTPActive) { Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); Session["TwoFactor"] = 1; Session["IsOTPAuthPage"] = "TwoFactorAuthentication"; return(RedirectToAction("Index", "TwoFactorAuth", new { acid = Convert.ToString(0), calledFrom = "" })); } else { Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); Session["loginStatus"] = 1; return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(0), calledFrom = "Login" })); } }
public void LoginUser(ActionExecutingContext filterContext) { DeleteCaptcha(filterContext); LoginUserDetails objLoginUserDetails = null; objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); AuthenticationDTO objAuthenticationDTO = new AuthenticationDTO(); objAuthenticationDTO.LoginID = objLoginUserDetails.UserName; objAuthenticationDTO.Password = objLoginUserDetails.Password; UserInfoDTO objUserAfterValidationObject = null; UserInfoDTO objUserAunthentication = null; PasswordConfigDTO objPasswordConfig = null; List <string> lstAuthorizationActionLinks = null; List <int> lstAuthorisedActionId = null; List <ActivityResourceMappingDTO> lstActivityResourceMappingDTO = null; Dictionary <string, List <ActivityResourceMappingDTO> > dicActivityResourceMappingDTO = null; int loginCount = 0; bool lockFlag = false; bool flag = false; objAuthenticationDTO.Password = null; objLoginUserDetails.Password = null; objLoginUserDetails.IsAccountValidated = true; objLoginUserDetails.ErrorMessage = ""; UserInfoSL objUserInfoSL = new UserInfoSL(); //Load the action permissions in the session object for to be used when checking authorization objUserAunthentication = objUserInfoSL.GetUserAuthencticationDetails(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName); filterContext.HttpContext.Session["GUIDSessionID"] = HttpContext.Current.Request.Cookies.Get("v_au").Value + objUserAunthentication.UserInfoId; objLoginUserDetails.LoggedInUserID = objUserAunthentication.UserInfoId; objLoginUserDetails.EmailID = objUserAunthentication.EmailId; objLoginUserDetails.FirstName = objUserAunthentication.FirstName; objLoginUserDetails.LastName = objUserAunthentication.LastName; objUserInfoSL.GetLoginUserApplicableActions(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.LoggedInUserID.ToString(), out lstAuthorizationActionLinks, out lstAuthorisedActionId); objLoginUserDetails.AuthorizedActions = lstAuthorizationActionLinks; lstAuthorisedActionId.Add(0); objLoginUserDetails.AuthorisedActionId = lstAuthorisedActionId; objLoginUserDetails.CompanyLogoURL = objUserAunthentication.CompanyLogoURL; objLoginUserDetails.UserTypeCodeId = Convert.ToInt32(objUserAunthentication.UserTypeCodeId); objLoginUserDetails.LastLoginTime = objUserAunthentication.LastLoginTime; objLoginUserDetails.DateOfBecomingInsider = objUserAunthentication.DateOfBecomingInsider; using (var objActivitySL = new ActivitySL()) { lstActivityResourceMappingDTO = objActivitySL.GetActivityResourceMappingDetails(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.LoggedInUserID); } dicActivityResourceMappingDTO = new Dictionary <string, List <ActivityResourceMappingDTO> >(); foreach (var objActivityResourceDTO in lstActivityResourceMappingDTO) { if (!dicActivityResourceMappingDTO.ContainsKey(objActivityResourceDTO.ColumnName)) { dicActivityResourceMappingDTO.Add(objActivityResourceDTO.ColumnName, new List <ActivityResourceMappingDTO>()); } dicActivityResourceMappingDTO[objActivityResourceDTO.ColumnName].Add(objActivityResourceDTO); } objLoginUserDetails.ActivityResourceMapping = dicActivityResourceMappingDTO; objLoginUserDetails.DocumentDetails = new Dictionary <string, DocumentDetailsDTO>(); //set login user details into session Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); Common.Common.WriteLogToFile("Update session with login user details ", System.Reflection.MethodBase.GetCurrentMethod()); //This will update the login time for the user. So this should be done after setting the Lastlogin time in the session object. objUserInfoSL.UpdateUserLastLoginTime(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName); // user is login sucessfully, set validation value set in session and cookies to indicate user is login Common.Common.SetSessionAndCookiesValidationValue(objLoginUserDetails.UserName);//set session validation keys Common.Common.WriteLogToFile("Set login user name into session and cookies values", System.Reflection.MethodBase.GetCurrentMethod()); //get new cookies value after login //string cookies_value = Common.Common.GetSessionValue(ConstEnum.SessionValue.CookiesValidationKey).ToString(); //set cookies //filterContext.HttpContext.Response.Cookies[ConstEnum.CookiesValue.ValidationCookies].Value = cookies_value; //filterContext.HttpContext.Response.Cookies[ConstEnum.CookiesValue.ValidationCookies].Path = HttpContext.Current.Request.ApplicationPath; using (SessionManagement sessionManagement = new SessionManagement()) { sessionManagement.CheckCookiesSessions(objLoginUserDetails, true, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, string.Empty); sessionManagement.BindCookiesSessions(objLoginUserDetails, true, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, string.Empty); } Common.Common.WriteLogToFile("Set cookies to response to send back to browser ", System.Reflection.MethodBase.GetCurrentMethod()); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { //filterContext.HttpContext.Session["GUIDSessionID"] = HttpContext.Current.Request.Cookies.Get("v_au").Value; if (filterContext.HttpContext.Session["loginStatus"] != null) { loginStatusFlag = filterContext.HttpContext.Session["loginStatus"].ToString(); } if (filterContext.HttpContext.Session["TwoFactor"] != null) { callForTwoFactor = filterContext.HttpContext.Session["TwoFactor"].ToString(); } if (loginStatusFlag == "1") { if (filterContext.HttpContext.Session["CaptchaValue"] != null) { ActualText = filterContext.HttpContext.Session["CaptchaValue"].ToString(); } else { ActualText = string.Empty; } if (filterContext.HttpContext.Session["SerCaptchaPath"] != null) { CaptchaDirServerPath = filterContext.HttpContext.Session["SerCaptchaPath"].ToString(); } else { CaptchaDirServerPath = string.Empty; } } bool bReturn = false; LoginUserDetails objLoginUserDetails = null; AuthenticationDTO objAuthenticationDTO = null; UserInfoDTO objUserAfterValidationObject = null; UserInfoDTO objUserAunthentication = null; PasswordConfigDTO objPasswordConfig = null; List <string> lstAuthorizationActionLinks = null; List <int> lstAuthorisedActionId = null; List <ActivityResourceMappingDTO> lstActivityResourceMappingDTO = null; Dictionary <string, List <ActivityResourceMappingDTO> > dicActivityResourceMappingDTO = null; int loginCount = 0; bool lockFlag = false; bool flag = false; Common.Common.WriteLogToFile("Start Method", System.Reflection.MethodBase.GetCurrentMethod()); try { objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); if (objLoginUserDetails != null) { //If IsAccountValidated is true in session abject then again it is not checked and only activity aauthorization //is checked. if (!objLoginUserDetails.IsAccountValidated) { objAuthenticationDTO = new AuthenticationDTO(); objAuthenticationDTO.LoginID = objLoginUserDetails.UserName; objAuthenticationDTO.Password = objLoginUserDetails.Password; //string sEncryptedPassword = ""; //Common.Common.encryptData(objAuthenticationDTO.Password, out sEncryptedPassword); //objAuthenticationDTO.Password = sEncryptedPassword; objUserAfterValidationObject = new UserInfoDTO(); using (var objUserInfoSL = new UserInfoSL()) { if (objLoginUserDetails.CompanyDBConnectionString != null) { bReturn = objUserInfoSL.ValidateUser(objLoginUserDetails.CompanyDBConnectionString, objAuthenticationDTO, ref objUserAfterValidationObject); Common.Common.WriteLogToFile("Validated User ", System.Reflection.MethodBase.GetCurrentMethod()); } if (bReturn) { lstAuthorizationActionLinks = new List <string>(); lstAuthorisedActionId = new List <int>(); if (objUserAfterValidationObject.StatusCodeId == ConstEnum.UserStatus.Inactive) { string sErrMessage = Common.Common.getResourceForGivenCompany("usr_msg_11274", objLoginUserDetails.CompanyName); if (sErrMessage == null || sErrMessage == "") { sErrMessage = "Your account has been inactivated. Please contact the Administrator."; } objLoginUserDetails = new LoginUserDetails(); objLoginUserDetails.AuthorisedActionId = lstAuthorisedActionId; objLoginUserDetails.AuthorizedActions = lstAuthorizationActionLinks; objLoginUserDetails.ErrorMessage = sErrMessage; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "Login" } }); } else { if (callForTwoFactor != "1") { string UsrCaptchaText = filterContext.HttpContext.Session["UserCaptchaText"].ToString(); if (ActualText == string.Empty || ActualText == UsrCaptchaText) { LoginUser(filterContext); } else { DeleteCaptcha(filterContext); CaptchaValidation(filterContext); } } } } } } if (objLoginUserDetails.IsAccountValidated && !checkActionAuthorization(filterContext, objLoginUserDetails)) { //If the request is from the Renderaction call and there is unauthorised access then dont redirect the request. if (filterContext.HttpContext.PreviousHandler != null && filterContext.HttpContext.PreviousHandler is MvcHandler) { } else { // filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, { "action", "Unauthorised" } }); } } } else { Common.Common.WriteLogToFile("User is not login ", System.Reflection.MethodBase.GetCurrentMethod()); objLoginUserDetails = new LoginUserDetails(); objLoginUserDetails.ErrorMessage = ""; objLoginUserDetails.IsAccountValidated = false; Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "Login" } }); } } catch (Exception exp) { using (var objPassConfigSL = new PasswordConfigSL()) { if (objLoginUserDetails.CompanyDBConnectionString != null) { objPasswordConfig = objPassConfigSL.GetPasswordConfigDetails(objLoginUserDetails.CompanyDBConnectionString); int count = (Convert.ToInt16(Common.Common.GetSessionValue("LoginCount")) == 0) ? loginCount : Convert.ToInt16(Common.Common.GetSessionValue("LoginCount")); if (count < objPasswordConfig.LoginAttempts) { count++; Common.Common.SetSessionValue("LoginCount", count); filterContext.HttpContext.Session["UserLgnCount"] = count; if (count >= objPasswordConfig.LoginAttempts) { DeleteCaptcha(filterContext); CaptchaValidation(filterContext); } } else { DeleteCaptcha(filterContext); CaptchaValidation(filterContext); } } } Common.Common.WriteLogToFile("Exception occurred ", System.Reflection.MethodBase.GetCurrentMethod(), exp); // string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString()); // objLoginUserDetails.ErrorMessage = sErrMessage; string sErrMessage = ""; if (exp.InnerException != null) { sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objLoginUserDetails.CompanyName); } else { sErrMessage = exp.Message; } if (sErrMessage == null || sErrMessage == "") { sErrMessage = "Invalid details entered, please try again with correct details."; } if (Convert.ToBoolean(Common.Common.GetSessionValue("flag")) == true) { sErrMessage = "Your account has been locked. Please contact the Administrator."; } objLoginUserDetails = new LoginUserDetails(); objLoginUserDetails.ErrorMessage = sErrMessage; objLoginUserDetails.IsAccountValidated = false; if (exp.Message != Common.Common.getResource("com_lbl_14027")) { using (SessionManagement sessionManagement = new SessionManagement()) { //sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT"); sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, "LOGOUT"); } Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "Login" } }); } else if (exp.Message.ToString().Equals(Common.Common.getResource("com_lbl_14027")) && HttpContext.Current.Request.Cookies["v_au2"] != null && HttpContext.Current.Request.Cookies["v_au2"].Value != "") { using (SessionManagement sessionManagement = new SessionManagement()) { string decrypteddata = null; Common.Common.dencryptData(HttpContext.Current.Request.Cookies["v_au2"].Value, out decrypteddata); string strCookieName = (false ? string.Empty : decrypteddata + '~' + DateTime.Now.DayOfWeek.ToString().ToUpper()); UserInfoSL objUserInfoSL = new UserInfoSL(); InsiderTradingDAL.SessionDetailsDTO objSessionDetailsDTO = null; LoginUserDetails loginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails); objSessionDetailsDTO = objUserInfoSL.GetCookieStatus(loginUserDetails.CompanyDBConnectionString, loginUserDetails.LoggedInUserID, Convert.ToString(strCookieName), false, false); if (objSessionDetailsDTO != null) { //sessionManagement.CheckCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, ""); sessionManagement.BindCookiesSessions((LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails), false, (System.Web.HttpRequest)System.Web.HttpContext.Current.Request, (System.Web.HttpResponse)System.Web.HttpContext.Current.Response, ""); objLoginUserDetails.ErrorMessage = string.Empty; objLoginUserDetails.IsAccountValidated = true; } else { Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails); filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "Login" } }); } } } } finally { filterContext.HttpContext.Session["loginStatus"] = 0; objLoginUserDetails = null; objAuthenticationDTO = null; objUserAfterValidationObject = null; lstAuthorizationActionLinks = null; lstAuthorisedActionId = null; lstActivityResourceMappingDTO = null; dicActivityResourceMappingDTO = null; objUserAunthentication = null; } Common.Common.WriteLogToFile("End Method", System.Reflection.MethodBase.GetCurrentMethod()); base.OnActionExecuting(filterContext); }