protected override bool AuthorizeCore(HttpContextBase httpContext) { bool authorize = false; string UserID = ""; // Wrote If User Is Already Logged In --Arsal; if (httpContext.Session["UserID"] != null) { UserID = httpContext.Session["UserID"].ToString() ?? ""; string ValidSession = System.Web.HttpContext.Current.Cache["_LoginUsersID" + UserID].ToString() ?? ""; if ((ValidSession ?? "") != httpContext.Session.SessionID) { SerssionExpired = true; isLoggedIn = true; return(authorize = false); } } if (httpContext.Session.Keys.Count > 0) { isLoggedIn = true; var routeData = ((MvcHandler)httpContext.CurrentHandler).RequestContext.RouteData; var actionName = routeData.Values["action"].ToString(); var controllerName = routeData.Values["controller"].ToString(); try { ServiceRepository serviceObj = new ServiceRepository(); HttpResponseMessage response = serviceObj.PostResponse("/api/BlotterLogin/GetAllBlotterLoginById?id=" + UserID, null); response.EnsureSuccessStatusCode(); List <Models.SP_SBPGetLoginInfo_Result> s = response.Content.ReadAsAsync <List <Models.SP_SBPGetLoginInfo_Result> >().Result; foreach (var item in s) { if (item.UserExists == "Success") { httpContext.Session["UserID"] = item.ID; httpContext.Session["UserName"] = item.UserName; httpContext.Session["UserEmail"] = item.Email; httpContext.Session["UserRole"] = item.RoleName; httpContext.Session["BranchID"] = item.BranchID; httpContext.Session["BranchName"] = item.BranchName; httpContext.Session["Currencies"] = item.CurrencyID; httpContext.Session["Pages"] = item.Pages; httpContext.Session["ActiveController"] = controllerName; if (item.ChangePassword) { CHangePassword = item.ChangePassword; authorize = false; return(authorize); } List <UserPageAccess> UPA = new List <UserPageAccess>(); foreach (var pg in item.Pages.Split(',')) { UserPageAccess upaobj = new UserPageAccess(); var val = pg.Split('~'); upaobj.DisplayName = val[0]; upaobj.PageName = val[1]; upaobj.ControllerName = val[2]; upaobj.DateChaneAccess = (val[3] == "1") ? true : false; upaobj.EditAccess = (val[4] == "1") ? true : false; upaobj.DeleteAccess = (val[5] == "1") ? true : false; UPA.Add(upaobj); } httpContext.Session["PagesAccess"] = UPA; #region Added By Shakir if (httpContext.Session["Currencies"] != null) { Models.SP_GetAllBlotterCurrencyById_Result objc = new SP_GetAllBlotterCurrencyById_Result(); objc = UtilityClass.GetCurrencies(Convert.ToInt32(httpContext.Session["UserID"])); httpContext.Session["Currencies"] = objc.Currencies; } #endregion } } } catch (Exception ex) { } List <UserPageAccess> permissionList = (List <UserPageAccess>)httpContext.Session["PagesAccess"]; foreach (UserPageAccess item in permissionList) { if (item.PageName == actionName) { httpContext.Session["CurrentPagesAccess"] = item.PageName + "~" + item.ControllerName + "~" + item.DateChaneAccess + "~" + item.EditAccess + "~" + item.DeleteAccess; break; } } if (actionName == "Default" || actionName == "Edit" || actionName == "Create" || actionName == "_Create" || actionName == "Update" || actionName == "Delete" || actionName == "Reset" || actionName == "FillBlotterManualData" || actionName == "FillSBPBlotterCRRReport" || actionName == "AddOpeningBalanceByBID" || actionName == "CreateOpnBal" || actionName == "EditOpeningBalance" || actionName == "UpdateOpeningBalance" || actionName == "UpdateUserPageRelation" || actionName == "GetAllBlotterbydate") { authorize = true; } else { authorize = permissionList.Any(item => item.PageName == actionName); } } else { isLoggedIn = false; } return(authorize); }
public void RefreshPageAccess(string UserName) { #region For Page Access List <UserPageAccess> MasterPageList = new List <UserPageAccess>(); List <UserPageAccess> TransactionPageList = new List <UserPageAccess>(); SqlCommand cmdSql = new SqlCommand(); #region Masters Page Access cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandType = CommandType.StoredProcedure; cmdSql.CommandText = @"dbo.M_SP_PageandAccess"; cmdSql.Parameters.Clear(); cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = UserName; cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Master"; cmdSql.CommandTimeout = 0; conn.Open(); cmdSql.ExecuteNonQuery(); using (SqlDataReader rdr = cmdSql.ExecuteReader()) { while (rdr.Read()) { UserPageAccess getter = new UserPageAccess(); getter.PageIndex = rdr["PageIndex"].ToString(); getter.PageName = rdr["PageName"].ToString(); getter.PageModule = rdr["PageModule"].ToString(); getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false; MasterPageList.Add(getter); } } conn.Close(); #endregion #region Transaction Page Access cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandType = CommandType.StoredProcedure; cmdSql.CommandText = @"dbo.M_SP_PageandAccess"; cmdSql.Parameters.Clear(); cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = UserName; cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Transaction"; cmdSql.CommandTimeout = 0; conn.Open(); cmdSql.ExecuteNonQuery(); using (SqlDataReader rdr = cmdSql.ExecuteReader()) { while (rdr.Read()) { UserPageAccess getter = new UserPageAccess(); getter.PageIndex = rdr["PageIndex"].ToString(); getter.PageName = rdr["PageName"].ToString(); getter.PageModule = rdr["PageModule"].ToString(); getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false; TransactionPageList.Add(getter); } } conn.Close(); #endregion System.Web.HttpContext.Current.Session["MasterPageList"] = MasterPageList; System.Web.HttpContext.Current.Session["WorkOrderApproval"] = TransactionPageList.Where(x => x.PageIndex == "WorkOrderApproval").ToList(); System.Web.HttpContext.Current.Session["WorkOrderRequest"] = TransactionPageList.Where(x => x.PageIndex == "Request").ToList(); #endregion try { Response.Redirect("/Home/Index"); } catch (Exception err) { } }
public ActionResult Login(Classes.UserProfile collection) { try { if (ModelState.IsValid) { ServiceRepository serviceObj = new ServiceRepository(); HttpResponseMessage response = serviceObj.PostResponse("/api/BlotterLogin/GetAllBlotterLogin", collection); response.EnsureSuccessStatusCode(); List <Models.SP_SBPGetLoginInfo_Result> s = response.Content.ReadAsAsync <List <Models.SP_SBPGetLoginInfo_Result> >().Result; //var item = s.FirstOrDefault().ToString(); foreach (var item in s) { if (item.UserExists == "Success") { Session["UserID"] = item.ID; Session["UserName"] = item.UserName; Session["UserEmail"] = item.Email; Session["UserRole"] = item.RoleName; Session["BranchID"] = item.BranchID; Session["BranchName"] = item.BranchName; Session["BlotterType"] = item.BlotterType; Session["Currencies"] = item.CurrencyID; Session["BR"] = (item.isConventional)?"01":(item.isislamic)?"02":"00"; Session["Pages"] = item.Pages; Session["ActiveController"] = "Login"; List <UserPageAccess> UPA = new List <UserPageAccess>(); foreach (var pg in item.Pages.Split(',')) { UserPageAccess upaobj = new UserPageAccess(); var val = pg.Split('~'); upaobj.DisplayName = val[0]; upaobj.PageName = val[1]; upaobj.ControllerName = val[2]; upaobj.DateChaneAccess = (val[3] == "1")?true:false; upaobj.EditAccess = (val[4] == "1") ? true : false; upaobj.DeleteAccess = (val[5] == "1") ? true : false; UPA.Add(upaobj); } Session["PagesAccess"] = UPA; #region Added By Shakir if (Session["Currencies"] != null) { if (Session["Currencies"].ToString().Contains(',')) { Session["SelectedCurrency"] = (Session["Currencies"].ToString().Split(',')[0]).Split('~')[0]; } else { Session["SelectedCurrency"] = Session["Currencies"].ToString().Split('~')[0]; } } #endregion int timeout = 525600; //objLogin.RememberMe ? 525600 : 525600; // 525600 min = 1 year var ticket = new FormsAuthenticationTicket(item.UserName, true, timeout); string encrypted = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted); cookie.Expires = DateTime.Now.AddMinutes(timeout); cookie.HttpOnly = true; Response.Cookies.Add(cookie); (new AuthAccessAttribute()).SetSessionStart(item.ID, Session.SessionID, Request.UserHostAddress, new Guid().ToString(), DateTime.Now, cookie.Expires); HttpContext.Cache["_LoginUsersID" + item.ID] = Session.SessionID; if (item.ChangePassword) { Response.Redirect(new Uri(Request.Url, Url.Action("ChangePassword", "ChangePassword")).ToString(), false); } else { if (item.DefaultPage != null) { Response.Redirect(new Uri(Request.Url, Url.Action(item.DefaultPage.Split('/')[1], item.DefaultPage.Split('/')[0])).ToString(), false); } else { Response.Redirect(new Uri(Request.Url, Url.Action("Default", "Home")).ToString(), false); } } } else if (item.UserExists == "User Does not Exists") { ViewBag.ErrorMessage = item.UserExists; } else { ViewBag.ErrorMessage = item.UserExists; } } ViewData["SysCurrentDt"] = GetCurrentDT().ToString("dd-MMM-yyyy"); return(View("Login")); } } catch (Exception ex) { //throw; } return(View(collection)); }
public ActionResult GetPageAccess(string EmployeeNo) { List <UserPageAccess> MasterPageList = new List <UserPageAccess>(); List <UserPageAccess> TransactionPageList = new List <UserPageAccess>(); SqlCommand cmdSql = new SqlCommand(); #region Master Page cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandType = CommandType.StoredProcedure; cmdSql.CommandText = @"dbo.M_SP_PageandAccess"; cmdSql.Parameters.Clear(); cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = EmployeeNo; cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Master"; cmdSql.CommandTimeout = 0; conn.Open(); //cmdSql.ExecuteNonQuery(); using (SqlDataReader rdr = cmdSql.ExecuteReader()) { while (rdr.Read()) { UserPageAccess getter = new UserPageAccess(); getter.ID = Convert.ToInt64(rdr["ID"]); getter.PageIndex = rdr["PageIndex"].ToString(); getter.PageName = rdr["PageName"].ToString(); getter.PageModule = rdr["PageModule"].ToString(); getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false; MasterPageList.Add(getter); } } conn.Close(); #endregion #region Transaction Page cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandType = CommandType.StoredProcedure; cmdSql.CommandText = @"dbo.M_SP_PageandAccess"; cmdSql.Parameters.Clear(); cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = EmployeeNo; cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Transaction"; cmdSql.CommandTimeout = 0; conn.Open(); //cmdSql.ExecuteNonQuery(); using (SqlDataReader rdr = cmdSql.ExecuteReader()) { while (rdr.Read()) { UserPageAccess getter = new UserPageAccess(); getter.ID = Convert.ToInt64(rdr["ID"]); getter.PageIndex = rdr["PageIndex"].ToString(); getter.PageName = rdr["PageName"].ToString(); getter.PageModule = rdr["PageModule"].ToString(); getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false; TransactionPageList.Add(getter); } } conn.Close(); #endregion int MasterGoodcount = MasterPageList.Where(x => x.AccessType == true).Count(); int TransactionGoodcount = TransactionPageList.Where(x => x.AccessType == true).Count(); return(Json(new { MasterPageList = MasterPageList, TransactionPageList = TransactionPageList }, JsonRequestBehavior.AllowGet)); }