Пример #1
0
        public ActionResult Login(Store.Data.User user)
        {
            using (MyDataEntities db = new MyDataEntities())
            {
                //Check to see that the UserName matches a User and that the Password matches that User
                if (manager.AuthenticateUser(user.UserName, user.Password))
                {
                    //AUTHORIZATION USING COOKIES
                    //--------------------------------------------------------------
                    int timeout = 100;
                    var ticket  = new FormsAuthenticationTicket(1, user.UserID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(20),
                                                                false, user.UserName.ToString(), FormsAuthentication.FormsCookiePath);
                    string encrypt = FormsAuthentication.Encrypt(ticket);

                    FormsAuthentication.SetAuthCookie(user.UserName, false);

                    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypt);
                    cookie.Expires  = DateTime.Now.AddMinutes(timeout);
                    cookie.HttpOnly = true;
                    Response.Cookies.Add(cookie);
                    //--------------------------------------------------------------

                    //Makes sure that the UserNames match and create a variable to hold the user in question
                    var usr = db.Users.Where(U => U.UserName == user.UserName).FirstOrDefault();
                    Session["UserID"]   = usr.UserID.ToString();
                    Session["UserName"] = usr.UserName.ToString();

                    if (usr.IsAdmin == true)
                    {
                        Session["IsAdmin"] = 1;
                    }
                    else
                    {
                        Session["IsAdmin"] = 0;
                    }

                    //Create a list of the user's ShoppingCartProducts in order to find the total quantity of items
                    int temp        = Convert.ToInt32(Session["UserID"].ToString());
                    var productList = db.ShoppingCartProducts.Where(a => a.ShoppingCartID == temp);
                    int quan        = 0;
                    foreach (var item in productList)
                    {
                        quan += item.Quantity;
                    }
                    //Set the Session variable Quantity to the found value.
                    Session["Quantity"] = quan;

                    //Redirect the now logged in user back to the Homepage
                    return(Redirect("~/Home/Index"));
                }
                else
                {
                    ModelState.AddModelError("", "Username or Password is incorrect");
                }
            }
            return(View());
        }
Пример #2
0
        //TEST:  SQLSECURITYMANAGER_AUTHENTICATEUSER_TEST
        //Test the functionality of the SqlSecurityManager AuthenticateUser method using test data.
        public void SqlSecurityManager_AuthenticateUser_Test()
        {
            SqlSecurityManager manager = new SqlSecurityManager();

            //ARRANGE
            //These parameters refer to the test user that we created in SqlSecurityManager_RegisterUser
            string username = "******";
            string password = "******";
            bool   result;

            //ACT
            result = manager.AuthenticateUser(username, password);
            //ASSERT
            Assert.IsNotNull(result);
            Assert.IsTrue(result);
        }
Пример #3
0
        //TEST:  SQLSECURITYMANAGER_AUTHENTICATEUSER_FAILURETEST
        //Test the functionality of the SqlSecurityManager AuthenticateUser method when using unintended test data.
        //Uses a wrong password to show that if the username and/or password are wrong then AuthenticateUser() will return false
        public void SqlSecurityManager_AuthenticateUser_FAILURETest()
        {
            SqlSecurityManager manager = new SqlSecurityManager();

            //ARRANGE
            //Login parameters
            string username = "******";
            //Wrong Password
            string password = "******";
            bool   result;

            //ACT
            result = manager.AuthenticateUser(username, password);
            //ASSERT
            Assert.IsNotNull(result);
            Assert.IsFalse(result);
        }