public static void LogOut()
{
if (HttpContext.Current.Session["UserInfo"] != null)
{
UserInfo uInfo = HttpContext.Current.Session["UserInfo"] as UserInfo;
// if Session is not null then here we will update the logout time for the user who was currently logged in. (Zahir)
int n = DAL.DataAccess.Instance.ExecuteNonQuery(StoredProcedure.spUpdateLogoutTime, System.Data.CommandType.StoredProcedure, new List <ICommanParameter>
{
new CommanParameter {
Name = "@UserName", Type = System.Data.DbType.String, value = uInfo.UserName
},
new CommanParameter {
Name = "@LoginOutTime", Type = System.Data.DbType.DateTime, value = System.DateTime.Now
}
});
}
HttpContext.Current.Session["UserInfo"] = null;
AuthoCookie.ClearAuthoCookie();
SessionHijacking.RegenrateSessionId();
SessionHijacking.ClearSession();
HttpContext.Current.Session.Abandon();
//HttpContext.Current.Response.Redirect("~/Login.aspx?logout=true");
HttpContext.Current.Application["currentUser"] = null;
}
public UserInfo AuthenticateUser(string userName, string password, bool IsPresistent = false)
{
UserInfo uinfo = new UserInfo();
try
{
// Authenticating User with username and encrypted password. (Zahir)
DataSet ds = DataAccess.Instance.ExecuteDataSet(StoredProcedure.spLogin, System.Data.CommandType.StoredProcedure,
new List <ICommanParameter>
{
new CommanParameter {
Name = "@UserName", Type = System.Data.DbType.String, value = userName
},
new CommanParameter {
Name = "@Pwd", Type = System.Data.DbType.String, value = password
}
}
);
if (ds.Tables[0].Rows.Count > 0)
{
DataRow dr = ds.Tables[0].Rows[0];
uinfo.UserName = dr[DataBaseFields.UserName].GetEmptyOrString();
string roleUser = dr[DataBaseFields.RoleName].ToString();
uinfo.Roles.Add(roleUser.ConvertToEnum <Role>());
uinfo.isFirstLogin = Convert.ToBoolean(dr[DataBaseFields.isFirstLogin].ToString());
uinfo.Password = dr[DataBaseFields.Password].ToString();
//if User exists then the login time entry is being inserted in the database. (Zahir)
int n = DAL.DataAccess.Instance.ExecuteNonQuery(StoredProcedure.spInsertLoginTime, System.Data.CommandType.StoredProcedure, new List <ICommanParameter>
{
new CommanParameter {
Name = "@UserName", Type = System.Data.DbType.String, value = uinfo.UserName
},
new CommanParameter {
Name = "@LoginTime", Type = System.Data.DbType.DateTime, value = System.DateTime.Now
}
});
SetLoggedInUser(uinfo); // Calling the function to store current user in session. (Zahir)
AuthoCookie.CreateAuthoCookie();
SessionHijacking.RegenrateSessionId();
SessionHijacking.SetSessionHijachingSession();
return(uinfo);
}
else
{
//if user does not exists then the unsuccessfull login entry in being stored in the database. (Zahir)
int n = DAL.DataAccess.Instance.ExecuteNonQuery(StoredProcedure.spInsertUnsuccessfulLoginDetails, System.Data.CommandType.StoredProcedure, new List <ICommanParameter>
{
new CommanParameter {
Name = "@UserName", Type = System.Data.DbType.String, value = userName
},
new CommanParameter {
Name = "@loginDate", Type = System.Data.DbType.DateTime, value = System.DateTime.Now.ToShortDateString()
},
new CommanParameter {
Name = "@lock_time", Type = System.Data.DbType.DateTime, value = System.DateTime.Now
},
new CommanParameter {
Name = "@isLocked", Type = System.Data.DbType.Byte, value = 0
}
});
return(null);
}
}
catch (Exception e)
{
throw;
}
}