//This method set session variable i.e.current login user, permissions for current login public void SetSessionVariable(RbacUser currentValidUser) { try { //set currentuser HttpContext.Session.Set <RbacUser>("currentuser", currentValidUser); RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); if (currentUser != null) { //Get all valid permission for input user List <RbacPermission> validPermissionList = RBAC.GetUserAllPermissions(currentUser.UserId).ToList(); //List<RbacRole> validRoles = //Set permission session variable value for logged in user HttpContext.Session.Set <List <RbacPermission> >("validpermissionlist", validPermissionList); //Get all valid permission for input user List <RbacRole> validUsrRoles = RBAC.GetUserAllRoles(currentUser.UserId); //List<RbacRole> validRoles = //Set permission session variable value for logged in user HttpContext.Session.Set <List <RbacRole> >("user-roles", validUsrRoles); } } catch (Exception ex) { throw ex; } }
public IActionResult Login(LoginViewModel model, string returnUrl = null) { if (ModelState.IsValid) { SystemAdminDbContext adminDbContext = new SystemAdminDbContext(connStringAdmin); RbacUser validUser = RBAC.GetUser(model.UserName, model.Password); LoginInformationModel LoginInfo = new LoginInformationModel(); //seting session for current valid user if (validUser != null) { //Check user status is Active or not, If user is InActive then return to login page if (validUser.IsActive == false) { ViewData["status"] = "user-inactive"; return(View(model)); } validUser.Password = ""; LoginInfo.EmployeeId = validUser.EmployeeId; LoginInfo.ActionName = "login"; LoginInfo.CreatedOn = System.DateTime.Now; LoginInfo.UserName = validUser.UserName; adminDbContext.LoginInformation.Add(LoginInfo); adminDbContext.SaveChanges(); SetSessionVariable(validUser); if (model.RememberMe) { DateTime centuryBegin = new DateTime(2001, 1, 1); DateTime currentDate = DateTime.Now; //Generate unique tick to make it a selector long ticksElapsed = currentDate.Ticks - centuryBegin.Ticks; SetRememberMeCookieVariable(ticksElapsed, validUser.UserId); } return(RedirectToAction("Index", "Home")); } else { LoginInfo.ActionName = "invalid-login-attempt"; LoginInfo.EmployeeId = null; LoginInfo.CreatedOn = System.DateTime.Now; LoginInfo.UserName = model.UserName; adminDbContext.LoginInformation.Add(LoginInfo); adminDbContext.SaveChanges(); } ViewData["status"] = "login-failed"; return(View(model)); } //If we got this far, something failed, redisplay form return(View(model)); }
public QueryDetailsForm(QueryResult InputQR, RBAC SourceRBAC) : this() { thisFormResult = InputQR; thisBindingSourceGroups = new BindingSource(); parentReference = SourceRBAC; if (InputQR.GetType() == typeof(RBACS.UserQueryResult)) { UserQueryResult UQR = (UserQueryResult)InputQR; qRName = UQR.AccountName; string QRScrip = UQR.Description; string QRTitle = UQR.Title; Text = $"{qRName} Query Details"; titlingRichTextBox.Text = $"Name:\t{qRName}\r\nTitle:\t{QRTitle}\r\nDescription:\t{QRScrip}"; thisGroupsReport = new GroupReport(HelperFunctions.QueryResultToGroupResults(UQR, parentReference.GroupNamesAndDescriptionsAll), Ordering.Ascending); GroupReport GR2 = (GroupReport)thisGroupsReport; thisBindingSourceGroups.DataSource = GR2.QRList; groupsDataGridView.DataSource = thisBindingSourceGroups; //summaryTextBox.Text = FileHelperFuctions.ReturnFormattedPersonInfo((UserQueryResult)InputQR, SourceRBAC.GroupNamesAndDescriptionsAll, SourceRBAC.ByTitle); } else if (InputQR.GetType() == typeof(RBACS.GroupingQueryResult)) { GroupingQueryResult GQR = (GroupingQueryResult)InputQR; qRName = GQR.GroupingName; Text = $"{qRName} Query Details"; titlingRichTextBox.Text = $"{GQR.GroupingType}:\t{GQR.GroupingName}\r\nMember Count:\t{GQR.MemberCount}"; List <UserQueryResult> TempUQRList = new List <UserQueryResult>(); foreach (string Mem in GQR.Members.Split(',')) { if (Mem != null) { string MemTrim = Mem.Trim(); Parallel.ForEach(parentReference.UserQueryResults, UQR => { if (UQR.AccountName == MemTrim) { TempUQRList.Add(UQR); } }); } } thisGroupsReport = new GroupRepresentationTFIDFReport(HelperFunctions.QueryListToGroupRepresentationTFIDFList(GQR, parentReference.GroupingQueryResults, parentReference.GroupNamesAndDescriptionsAll), Ordering.Ascending); GroupRepresentationTFIDFReport GRR2 = (GroupRepresentationTFIDFReport)thisGroupsReport; thisBindingSourceGroups.DataSource = GRR2.QRList; groupsDataGridView.DataSource = thisBindingSourceGroups; //summaryTextBox.Text = FileHelperFuctions.ReturnFormattedGroupSummary((GroupingQueryResult)InputQR, SourceRBAC.GroupNamesAndDescriptionsAll); } else { } thisFormResultType = InputQR.GetType(); thisBindingSource = new BindingSource(); parentReference = SourceRBAC; //InitializeComponent(); }
//move it out of patientcontroller to Maincontroller or something.. public IActionResult AppMain() { try { RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); ViewData["currentuser"] = currentUser; //getting only the root level routes for this view.//set getHierarchy = true for AppMain (special condition.) ViewData["validroutes"] = RBAC.GetRoutesForUser(currentUser.UserId, getHiearrchy: true); return(View()); } catch (Exception ex) { //throw ex; //Redirect to Login page If user is not login return(RedirectToAction("Login", "Account")); } }
public IActionResult ChangePassword() { //RbacUser validUser = RBAC.GetUser(chmodel.UserName, chmodel.Password); //string str = Request.Form.Keys.First<string>(); Stream req = Request.Body; req.Seek(0, System.IO.SeekOrigin.Begin); string str = new StreamReader(req).ReadToEnd(); ChangePasswordViewModel chmodel = JsonConvert.DeserializeObject <ChangePasswordViewModel>(str); RbacUser updatepass = RBAC.UpdateDefaultPasswordOfUser(chmodel.UserName, chmodel.Password, chmodel.ConfirmPassword); if (updatepass != null) { updatepass.NeedsPasswordUpdate = false; //Update property for Current Session as well. RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); currentUser.NeedsPasswordUpdate = false; HttpContext.Session.Set <RbacUser>("currentuser", currentUser); RemoveRememberMeCookie(); RemoveSessionValues(); responseData.Status = "OK"; responseData.Results = null; ////Assigning Result to NULL because we Don't have to Show Password of User in Client side (i.e Client Debugging Side) var s = Json(DanpheJSONConvert.SerializeObject(responseData, true)); return(s); } else { responseData.Status = "Failed"; responseData.ErrorMessage = "Current Password is Wrong"; var s = Json(DanpheJSONConvert.SerializeObject(responseData, true)); return(s); } }
public IActionResult Login(string returnUrl = null) { DateTime centuryBegin = new DateTime(2001, 1, 1); DateTime currentDate = DateTime.Now; //Generate unique tick to make it a selector long ticksElapsed = currentDate.Ticks - centuryBegin.Ticks; //Generate unique string associated with selector --called Validator Guid gd = Guid.NewGuid(); string GuidString = Convert.ToBase64String(gd.ToByteArray()); GuidString = GuidString.Replace("=", ""); GuidString = GuidString.Replace("+", ""); //tick is also used as a salt GuidString = GuidString + ticksElapsed.ToString(); //generate Hash of the Validator, that can be used as a token string msgDigest = ComputeSha256Hash(GuidString); //start: sud:16Jul'19-- If One user is already logged in - (check from session) - Load home index page directly. RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); if (currentUser != null && currentUser.UserId != 0) { return(RedirectToAction("Index", "Home")); } //end: sud:16Jul'19-- If One user is already logged in - (check from session) - Load home index page directly. if (!string.IsNullOrEmpty(Request.Cookies["uRef"])) { SystemAdminDbContext adminDbContext = new SystemAdminDbContext(connStringAdmin); var selector = Convert.ToInt64(Request.Cookies["uRef"]); var validatorWithSalt = Request.Cookies["uData"] + Request.Cookies["uRef"]; var hashedValidator = ComputeSha256Hash(validatorWithSalt); //To make sure that only one UserId will be selected at a time var userIdList = (from sysAuthInfo in adminDbContext.CookieInformation where sysAuthInfo.Selector == selector && sysAuthInfo.HashedToken == hashedValidator select sysAuthInfo.UserId).ToList(); if (userIdList.Count == 1) { RbacUser validUser = RBAC.GetUser(userIdList[0]); LoginViewModel model = new LoginViewModel(); model.UserName = validUser.UserName; //seting session for current valid user if (validUser != null) { //Check user status is Active or not, If user is InActive then return to login page if (validUser.IsActive == false) { RemoveRememberMeCookie(); RemoveSessionValues(); ViewData["status"] = "user-inactive"; return(View(model)); } validUser.Password = ""; UpdateRememberMeCookie(selector); SetSessionVariable(validUser); return(RedirectToAction("Index", "Home")); } } else { RemoveRememberMeCookie(); RemoveSessionValues(); return(View()); } } CoreDbContext coreDbContext = new CoreDbContext(connString); ParameterModel licenseParam = coreDbContext.Parameters.Where(p => p.ParameterGroupName == "TenantMgnt" && p.ParameterName == "SoftwareLicense") .FirstOrDefault(); string paramValue = licenseParam != null ? licenseParam.ParameterValue : null; if (paramValue != null) { // var paramValueJson = Newtonsoft.Json.Linq.JObject.Parse(paramValue); //format of parameter:softwarelicense is as below var definition = new { StartDate = "", EndDate = "", ExpiryNoticeDays = "", LicenseType = "" }; var license = JsonConvert.DeserializeAnonymousType(paramValue, definition); DateTime startDate = Convert.ToDateTime(RBAC.DecryptPassword(license.StartDate)); DateTime endDate = Convert.ToDateTime(RBAC.DecryptPassword(license.EndDate)); int expiryNoticeDays = Convert.ToInt32(RBAC.DecryptPassword(license.ExpiryNoticeDays)); double remainingDays = (endDate - DateTime.Now).TotalDays; if (remainingDays < 0) { TempData["LicenseMessage"] = "License expired on: " + endDate.ToString("yyyy-MMM-dd"); return(RedirectToAction("LicenseExpired", "Account")); } if (expiryNoticeDays > remainingDays) { ViewData["ExpiryNotice"] = "Notice ! Your Software License is expiring in " + Convert.ToInt32(remainingDays) + " days."; //display remaining days through viewdata. } } else { TempData["LicenseMessage"] = "License Information not found.."; return(RedirectToAction("LicenseExpired", "Account")); } ViewData["ReturnUrl"] = returnUrl; return(View()); }
public string Get(int userId, string reqType) { DanpheHTTPResponse <object> responseData = new DanpheHTTPResponse <object>(); try { if (reqType == "loggedInUser") { RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); MasterDbContext masterDbContext = new MasterDbContext(connString); string userImgName = (from x in masterDbContext.Employees where x.EmployeeId == currentUser.EmployeeId select x.ImageName).FirstOrDefault(); EmployeeModel employee = (from x in masterDbContext.Employees where x.EmployeeId == currentUser.EmployeeId select x).FirstOrDefault(); string imgLocation = string.IsNullOrEmpty(userImgName) ? "" : fileUploadLocation + "UserProfile\\" + userImgName; //start: to get default route for current user. List <RbacRole> usrAllRoles = RBAC.GetUserAllRoles(currentUser.UserId); RbacRole defRole = usrAllRoles != null && usrAllRoles.Count > 0 ? usrAllRoles.OrderBy(r => r.RolePriority).FirstOrDefault() : null; int? defRouteId = defRole != null ? defRole.DefaultRouteId : 0; string defaultRoutePath = null; if (defRouteId.HasValue) { List <DanpheRoute> allRoutes = RBAC.GetAllRoutes(); DanpheRoute defRoute = allRoutes.Where(r => r.RouteId == defRouteId.Value).FirstOrDefault(); if (defRoute != null) { defaultRoutePath = defRoute.UrlFullPath; } } //end: to get default route for current user. //Ajay 07 Aug 2019 //getting LandingPageRouteId var landingPageRouteId = (new RbacDbContext(connString)).Users .Where(a => a.UserId == currentUser.UserId) .Select(a => a.LandingPageRouteId).FirstOrDefault(); responseData.Results = new { UserId = currentUser.UserId, UserName = currentUser.UserName, EmployeeId = currentUser.EmployeeId, Profile = new { ImageLocation = imgLocation }, NeedsPasswordUpdate = currentUser.NeedsPasswordUpdate, DefaultPagePath = defaultRoutePath, Employee = employee, LandingPageRouteId = landingPageRouteId }; responseData.Status = "OK"; } else if (reqType != null && reqType.ToLower() == "routelist") { RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); if (currentUser != null) { var currentUserId = currentUser.UserId; List <DanpheRoute> routeList = new List <DanpheRoute>(); //we need to get routes with defaultshow=false and no need of hierarchy. routeList = RBAC.GetRoutesForUser(currentUser.UserId, getHiearrchy: false); responseData.Results = routeList; responseData.Status = "OK"; //set session of Valid routeList for loggedin user HttpContext.Session.Set <List <DanpheRoute> >("validRouteList", routeList); } else { responseData.Status = "Failed"; responseData.ErrorMessage = "User is Not valid"; } } else if (reqType != null && reqType == "validallrouteList") { RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); if (currentUser != null) { var currentUserId = currentUser.UserId; List <DanpheRoute> routeList = new List <DanpheRoute>(); routeList = RBAC.GetRoutesForUser(currentUser.UserId, getHiearrchy: true); var filteredRoutes = routeList.Where(r => r.DefaultShow != false && r.IsActive == true).ToList(); filteredRoutes.ForEach(r => { if (r.ChildRoutes != null) { r.ChildRoutesDefaultShowCount = r.ChildRoutes.Where(c => c.DefaultShow == true).Count(); } else { r.ChildRoutesDefaultShowCount = 0; } }); responseData.Results = filteredRoutes; responseData.Status = "OK"; HttpContext.Session.Set <List <DanpheRoute> >("validallrouteList", filteredRoutes); } else { responseData.Status = "Failed"; responseData.ErrorMessage = "User is Not valid"; } } else if (reqType != null && reqType == "userPermissionList") { RbacUser currentUser = HttpContext.Session.Get <RbacUser>("currentuser"); List <RbacPermission> userPermissions = new List <RbacPermission>(); if (currentUser != null) { int currentUserId = currentUser.UserId; //get permissions of user userPermissions = RBAC.GetUserAllPermissions(currentUserId); //set session of valid user permission HttpContext.Session.Set <List <RbacPermission> >("userAllPermissions", userPermissions); responseData.Status = "OK"; } else { responseData.Status = "Failed"; responseData.ErrorMessage = "Invalid User."; } responseData.Results = userPermissions; } else if (reqType == "activeBillingCounter") { string activeCounterId = HttpContext.Session.Get <string>("activeBillingCounter"); int actCounterId; int.TryParse(activeCounterId, out actCounterId); responseData.Results = actCounterId; responseData.Status = "OK"; } else if (reqType == "activePharmacyCounter") { string activeCounterId = HttpContext.Session.Get <string>("activePharmacyCounter"); int actCounterId; int.TryParse(activeCounterId, out actCounterId); string activeCounterName = HttpContext.Session.Get <string>("activePharmacyCounterName"); PHRMCounter counter = new PHRMCounter(); counter.CounterId = actCounterId; counter.CounterName = activeCounterName; responseData.Results = counter; responseData.Status = "OK"; } } catch (Exception ex) { responseData.Status = "Failed"; responseData.ErrorMessage = ex.Message + " exception details:" + ex.ToString(); } var routelist = DanpheJSONConvert.SerializeObject(responseData, true); return(DanpheJSONConvert.SerializeObject(responseData, true)); }
public ClusteringOutput(List <QueryResult> QRList, RBAC RBACRef) { thisFormResultType = QRList[0].GetType(); parentReference = RBACRef; ConcurrentBag <Tuple <string, DenseVector> > InputList = new ConcurrentBag <Tuple <string, DenseVector> >(); if (QRList[0].GetType() == typeof(UserQueryResult)) { Parallel.ForEach <QueryResult>(QRList, QR => { UserQueryResult UQR = (UserQueryResult)QR; Tuple <string, DenseVector> TupleIn = new Tuple <string, DenseVector>(UQR.AccountName, (DenseVector)UQR.ReturnAccessVector()); InputList.Add(TupleIn); }); } else if (QRList[0].GetType() == typeof(GroupingQueryResult)) { Parallel.ForEach <QueryResult>(QRList, QR => { GroupingQueryResult GQR = (GroupingQueryResult)QR; DenseVector VectorA; if (parentReference.ClusterByRelativeCount) { VectorA = (DenseVector)GQR.ReturnAccessVector(); } else { VectorA = (DenseVector)GQR.ReturnTF_IDFVector(); } Tuple <string, DenseVector> TupleIn = new Tuple <string, DenseVector>(GQR.GroupingName, VectorA); InputList.Add(TupleIn); }); } else { } //add options on algo configtab on main form later if (parentReference.ClusteringAlgoType == typeof(HACAlgo)) { thisAlgo = new HACAlgo(InputList.OrderBy(o => o.Item1).ToList(), parentReference.PreferredDistanceStyle, parentReference.HACStoppingMetric, parentReference.PreferredStoppingStyle); } else { thisAlgo = new KMeansPlusPlus(InputList.OrderBy(o => o.Item1).ToList(), parentReference.KMeansValue, parentReference.PreferredKMeansStoppingStyle, parentReference.KMeansMaxIter); } parentReference.statusLabelChanger($"Initialising {thisAlgo.GetType().ToString().Split('.')[1]}, please be patient"); thisAlgo.InitialiseClusters(); while (!thisAlgo.Stopped) { thisAlgo.IterateOnce(); if (!thisAlgo.Stopped) { parentReference.statusLabelChanger($"Running {thisAlgo.GetType().ToString().Split('.')[1]}, iteration {thisAlgo.Iterator}"); } } //set all centroids as means in case mapping of clusters is required further //down the line: if (QRList[0].ReturnAccessVector().Count > 500) { thisAlgo.SetCentroidsAsMeansHighDimensionality(); } else { thisAlgo.SetCentroidsAsMeans(); } parentReference.statusLabelChanger("Creating Data View"); ConcurrentBag <QueryResult> ResultsBag = new ConcurrentBag <QueryResult>(); if (thisFormResultType == typeof(UserQueryResult)) { foreach (Cluster Clust in thisAlgo.Clusters) { Parallel.ForEach <Tuple <string, DenseVector> >(Clust.MemberList, Member => { UserQueryResult Target = (UserQueryResult)(from UQR in QRList.Cast <UserQueryResult>() where UQR.AccountName == Member.Item1 select UQR).ToList()[0]; ResultsBag.Add(new UserClusteringResult(Target, Clust.ClusterID, Clust.ListPosition)); }); } clusteringResultList = ResultsBag.Cast <UserClusteringResult>().OrderBy(o => o.ClusterIndex).ToList <QueryResult>(); } else if (thisFormResultType == typeof(GroupingQueryResult)) { foreach (Cluster Clust in thisAlgo.Clusters) { Parallel.ForEach <Tuple <string, DenseVector> >(Clust.MemberList, Member => { GroupingQueryResult Target = (GroupingQueryResult)(from GQR in QRList.Cast <GroupingQueryResult>().ToList() where GQR.GroupingName == Member.Item1 select GQR).ToList <GroupingQueryResult>()[0]; ResultsBag.Add(new GroupingClusteringResult(Target, Clust.ClusterID, Clust.ListPosition)); }); } clusteringResultList = ResultsBag.Cast <GroupingClusteringResult>().OrderBy(o => o.ClusterIndex).ToList <QueryResult>(); } else { } parentReference.statusLabelChanger("Idle"); InitializeComponent(); this.Text = $"Clustering Results from {thisAlgo.Iterator} Iterations, using {thisAlgo.GetType().ToString().Split('.')[1]}, {thisAlgo.Clusters.Count} Clusters"; thisBindingSource = new BindingSource(); if (thisFormResultType == typeof(UserQueryResult)) { //needs a bit of casting to allow datagridview to access type-specific public properties thisQR = new UserClusteringReport(clusteringResultList.Cast <UserClusteringResult>().ToList(), Ordering.Ascending); UserClusteringReport ReportReference = (UserClusteringReport)thisQR; thisBindingSource.DataSource = ReportReference.QRList; clustersDataGridView.DataSource = thisBindingSource; } else { thisQR = new GroupingClusteringReport(clusteringResultList.Cast <GroupingClusteringResult>().ToList(), Ordering.Ascending); GroupingClusteringReport ReportReference = (GroupingClusteringReport)thisQR; thisBindingSource.DataSource = ReportReference.QRList; clustersDataGridView.DataSource = thisBindingSource; } }
public override void OnActionExecuting(ActionExecutingContext context) { base.OnActionExecuting(context); try { var req = context.HttpContext.Request; try { //this check only for dicom file posting //this condition is used for checking datas of listener.exe if (req.Method.ToUpper() == "POST" && req.Path.Value.ToString() == "/api/Dicom") { string bodyData = ReadBodyAsString(context.HttpContext.Request); var obj = JObject.Parse(bodyData); RbacUser currUser = DanpheJSONConvert.DeserializeObject <RbacUser>(obj["currentuser"].ToString()); var flag = RBAC.IsValidUser(currUser.UserName, currUser.Password); if (flag == false) { context.Result = new JsonResult(new DanpheHTTPResponse <object> { Status = "Failed", ErrorMessage = "Unauthorized Access", Results = "" }); } } else { //Checking user is logged in or not RbacUser currentUser = context.HttpContext.Session.Get <RbacUser>("currentuser"); if (currentUser == null) { //Return unauthorized response to browser context.Result = new JsonResult(new DanpheHTTPResponse <object> { Status = "Failed", ErrorMessage = "Unauthorized Access", Results = "" }); } } } catch (Exception ex) { //Return unauthorized response to browser context.Result = new JsonResult(new DanpheHTTPResponse <object> { Status = "Failed", ErrorMessage = "Unauthorized Access", Results = "" }); } ////Nagesh- 29 Aug 2017- Commented because we are not checking permission level for api call, only checking is Authenticated user or not //else // { ////Get all valid permissions for logged in user from session variable //List<RbacPermission> validPermissionList = context.HttpContext.Session.Get<List<RbacPermission>>("validpermissionlist"); //if (validPermissionList.Count > 0) //{ // RbacPermission currentPermission = validPermissionList.Find(a => a.PermissionName == apiPermissionName); // //Check is currentPermission has value or not // //if (currentPermission == null || currentPermission.PermissionName == null) // if ("sssss" != apiPermissionName) // { // //Return unauthorized response to browser // context.Result = new JsonResult(new DanpheHTTPResponse<object>{ Status = "Failed", ErrorMessage = "Unauthorized Access", Results = "" }); // } //} //else //{ // //Return unauthorized response to browser // context.Result = new JsonResult(new { HttpStatusCode.Unauthorized }); //} // } } catch (Exception ex) { //Write exception handling logic here throw ex; } }