bool ValidLogin(Login login) { UserStore<IdentityUser> userStore = new UserStore<IdentityUser>(); UserManager<IdentityUser> userManager = new UserManager<IdentityUser>(userStore) { UserLockoutEnabledByDefault = true, DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0), MaxFailedAccessAttemptsBeforeLockout = 3 }; var user = userManager.FindByName(login.UserName); if (user == null) return false; // User is locked out. if (userManager.SupportsUserLockout && userManager.IsLockedOut(user.Id)) { return false; } // Validated user was locked out but now can be reset. if (userManager.CheckPassword(user, login.Password)) { if (userManager.SupportsUserLockout && userManager.GetAccessFailedCount(user.Id) > 0) { userManager.ResetAccessFailedCount(user.Id); } } // Login is invalid so increment failed attempts. else { bool lockoutEnabled = userManager.GetLockoutEnabled(user.Id); if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(user.Id)) { userManager.AccessFailed(user.Id); return false; } CaptchaHelper captchaHelper = new CaptchaHelper(); string captchaResponse = captchaHelper.CheckRecaptcha(); if (captchaResponse != "Valid") { ViewBag.ErrorResponse = "The captcha must be valid"; } } return true; }
string GetUserRole(Login login) { FoodSaleAuthEntities context = new FoodSaleAuthEntities(); var user = context.AspNetUsers.Where(u => u.UserName == login.UserName).FirstOrDefault(); IQueryable<string> roleQuery = from u in context.AspNetUsers from r in u.AspNetRoles where u.UserName == login.UserName select r.Name; string[] roles = roleQuery.ToArray(); if (roles != null) { return roles[0]; } else { return null; } }
bool ValidLogin(Login login) { UserStore<IdentityUser> userStore = new UserStore<IdentityUser>(); UserManager<IdentityUser> userManager = new UserManager<IdentityUser>(userStore) { UserLockoutEnabledByDefault = true, DefaultAccountLockoutTimeSpan = new TimeSpan(0, 10, 0), MaxFailedAccessAttemptsBeforeLockout = 3 }; var user = userManager.FindByName(login.UserName); if (user == null) return false; // User is locked out. if (userManager.SupportsUserLockout && userManager.IsLockedOut(user.Id)) return false; // Validated user was locked out but now can be reset. if (userManager.CheckPassword(user, login.Password) && userManager.IsEmailConfirmed(user.Id)) { if (userManager.SupportsUserLockout && userManager.GetAccessFailedCount(user.Id) > 0) { userManager.ResetAccessFailedCount(user.Id); } } // Login is invalid so increment failed attempts. else { bool lockoutEnabled = userManager.GetLockoutEnabled(user.Id); if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(user.Id)) { userManager.AccessFailed(user.Id); return false; } } return true; }
public ActionResult Login(Login login) { // UserStore and UserManager manages data retreival. UserStore<IdentityUser> userStore = new UserStore<IdentityUser>(); UserManager<IdentityUser> manager = new UserManager<IdentityUser>(userStore); IdentityUser identityUser = manager.Find(login.UserName, login.Password); //DisableLockout(manager, identityUser); //LockoutUntilYear3015(manager, identityUser); System.Threading.Thread.Sleep(1000); if (ModelState.IsValid) { if ((ValidLogin(login) && identityUser.EmailConfirmed)) { // if(identityUser.) IAuthenticationManager authenticationManager = HttpContext.GetOwinContext().Authentication; authenticationManager .SignOut(DefaultAuthenticationTypes.ExternalCookie); var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, login.UserName), }, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role); // SignIn() accepts ClaimsIdentity and issues logged in cookie. authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = false }, identity); // A redirect based on the user type to forward the user to the correct controller homepage string userRole = GetUserRole(login); if (userRole != null) { Session["UserType"] = userRole; if (userRole.Equals("Admin")) { return RedirectToAction("Index", "Admin"); } else if (userRole.Equals("Buyer")) { return RedirectToAction("Index", "Buyer"); } else if (userRole.Equals("Farm")) { return RedirectToAction("Index", "Farm"); } } return RedirectToAction("Index", "Home"); } } ViewBag.errorMsg = "Invalid Username or Password"; return View(); }
public ActionResult IndexSecurity(Login login) { // UserStore and UserManager manages data retreival. UserStore<IdentityUser> userStore = new UserStore<IdentityUser>(); UserManager<IdentityUser> manager = new UserManager<IdentityUser>(userStore); try { IdentityUser identityUser = manager.Find(login.UserName, login.Password); if (ModelState.IsValid) { if (ValidLogin(login)) { IAuthenticationManager authenticationManager = HttpContext.GetOwinContext().Authentication; authenticationManager .SignOut(DefaultAuthenticationTypes.ExternalCookie); var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, login.UserName), }, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role); // SignIn() accepts ClaimsIdentity and issues logged in cookie. authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = false }, identity); return RedirectToAction("SecureArea", "Home"); } } } catch { ViewBag.Error = "Username and Password fields cannot be empty."; return View(); } ViewBag.Error = "Invalid Username or Password."; return View(); }