/// <summary> /// Modified by Anjali DT:6-jun-2016. /// To Authenticate User , /// 1, If entered user cretentilas are valid , user will be authenticted. /// 2. If entered user cretentilas are not valid , alert will be displayed. /// After authentication . /// 1. User information needed for further reference will be added in Session such as UserId,Username,role,UserType etc. /// 2. Depend on User type user will be redirected to respective pages. /// eg.Usertype ='SUPPLIER' redirected to 'WebQuotationDetails.aspx' etc. /// 3. If entered password is default password i.e. 1234 ,user will be redirected to change password page. /// 4. If user not updated his/her password more than 180 days , in this case also user will be redirected to change password page. /// Modified By Alok /19/10/2016 /// Session ID store in session variable. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void LoginUser_Authenticate(object sender, AuthenticateEventArgs e) { DataSet ds_ntLan = new DataSet(); DataSet ds_admincheck = new DataSet(); string strUserID = ""; string strUserStyle = ""; string strUserType = ""; string strUserFullName = ""; string strUserCompany = ""; string strUserCompanyID = ""; string UserIP = ""; string ClientBrowser = ""; string userid = LoginUser.UserName.Trim().ToString().ToUpper(); string UserName = LoginUser.UserName.Trim().ToString(); string password = LoginUser.Password.Trim().ToString(); ds_ntLan = objBLL.Get_UserCredentials(userid, DMS.DES_Encrypt_Decrypt.Encrypt(password)); ClientBrowser = Request.UserAgent; UserIP = Request.UserHostAddress; string hostName = Dns.GetHostName(); // Retrive the Name of HOST string MachineIP = Dns.GetHostByName(hostName).AddressList[0].ToString(); if (ds_ntLan.Tables["Login"] != null) { if (ds_ntLan.Tables["Login"].Rows.Count > 0) { strUserID = ds_ntLan.Tables["Login"].Rows[0]["UserId"].ToString(); strUserStyle = ds_ntLan.Tables["Login"].Rows[0]["style"].ToString(); strUserType = ds_ntLan.Tables["Login"].Rows[0]["User_Type"].ToString(); strUserFullName = ds_ntLan.Tables["Login"].Rows[0]["User_FullName"].ToString(); strUserCompany = ds_ntLan.Tables["Login"].Rows[0]["Company_Name"].ToString(); strUserCompanyID = ds_ntLan.Tables["Login"].Rows[0]["COMPANY_ID"].ToString(); int PWD_Last_Updated_InDays = UDFLib.ConvertToInteger(ds_ntLan.Tables["Login"].Rows[0]["PWD_Last_Updated_InDays"]); string Role = objBLL.Get_User_Role(int.Parse(strUserID)); Session["OCAGUID"] = Guid.NewGuid().ToString(); if (!string.IsNullOrEmpty(strUserID) && !string.IsNullOrEmpty(Convert.ToString(Session["OCAGUID"]))) { try { int result = SqlHelper.ExecuteNonQuery(ConfigurationManager.ConnectionStrings["demoasp"].ConnectionString, CommandType.Text, "UPDATE USER_MASTER SET PassKey='" + Convert.ToString(Session["OCAGUID"]) + "' WHERE SMSLOG_User_ID=" + strUserID); } catch (Exception ex) { UDFLib.WriteExceptionLog(ex); } } Session["ACCESSLEVEL"] = ds_ntLan.Tables["Login"].Rows[0]["ACCESSLEVEL"].ToString(); Session["ROLE"] = Role; Session["USERNAME"] = ds_ntLan.Tables["Login"].Rows[0]["User_name"].ToString(); Session["USERID"] = strUserID; Session["USERSTYLE"] = strUserStyle; Session["UTYPE"] = strUserType; Session["USERFULLNAME"] = strUserFullName; Session["USERCOMPANY"] = strUserCompany; Session["USERCOMPANYID"] = strUserCompanyID; Session["SUPPLIER_ID"] = ds_ntLan.Tables["Login"].Rows[0]["SUPPLIER_ID"].ToString(); Session["SUPPNAME"] = ds_ntLan.Tables["Login"].Rows[0]["FULL_NAME"].ToString();; Session["PASSSTRING"] = ds_ntLan.Tables["Login"].Rows[0]["PASSSTRING"].ToString(); Session["SUPPCODE"] = ds_ntLan.Tables["Login"].Rows[0]["SUPPLIER"].ToString(); Session["pwd"] = password; Session["APPCOMPANYID"] = ConfigurationManager.AppSettings["Company_ID"]; Session["COMPANYTYPE"] = ds_ntLan.Tables["Login"].Rows[0]["Company_Type"].ToString(); Session["USERDEPARTMENTID"] = ds_ntLan.Tables["Login"].Rows[0]["Dep_Code"].ToString(); Session["USERFLEETID"] = ds_ntLan.Tables["Login"].Rows[0]["Tech_Manager"].ToString() != "" ? ds_ntLan.Tables["Login"].Rows[0]["Tech_Manager"].ToString() : "0"; Session["USERMAILID"] = ds_ntLan.Tables["Login"].Rows[0]["MailID"].ToString(); Session["Company_Name_GL"] = ds_ntLan.Tables["Login"].Rows[0]["Company_Name"].ToString(); Session["Company_Address_GL"] = ds_ntLan.Tables["Login"].Rows[0]["Company_Address"].ToString(); Session["PWD_Last_Updated_InDays"] = PWD_Last_Updated_InDays; //Added by Anjali DT:6-Jun-2016 JIT:9490 || To enforce Office user to change password ,when Office user not updated his/her password more than 180 days or password is default password i.e 1234 for all users. //Added a new session variable to store date format for logged in user. //Dateformat will be fetched from Lib_User table, if Lib_User doesn't have value then dateformat will be fetched from Lib_Company. //Session["User_DateFormat"] = ds_ntLan.Tables["Login"].Rows[0]["User_dateFormat"].ToString(); Session["User_DateFormat"] = "dd-MM-yyyy"; if (Convert.ToString(ds_ntLan.Tables["Login"].Rows[0]["Date_Format"]) != "") { Session["User_DateFormat"] = ds_ntLan.Tables["Login"].Rows[0]["Date_Format"].ToString(); } //string UserIP = ""; //string ClientBrowser = ""; //UserIP = Request.UserHostAddress; if (UserIP == null) { UserIP = Request.ServerVariables["REMOTE_ADDR"]; } objBLL.Start_Session(int.Parse(strUserID), Session.SessionID, UserIP, ClientBrowser); Session["Session"] = Session.SessionID; if (strUserType.ToUpper() == "SUPPLIER".ToUpper()) { FormsAuthentication.SetAuthCookie(strUserID, false); Response.Redirect("~/webqtn/WebQuotationDetails.aspx"); } else if (strUserType.ToUpper() == "TRAVEL AGENT".ToUpper()) { FormsAuthentication.SetAuthCookie(strUserID, false); Response.Redirect("~/travel/RequestListAgent.aspx"); } else { //-- Default Password should be changed-- if (password == "1234" || password == Convert.ToString((1234 + Convert.ToInt32(Session["USERID"])))) { Response.Redirect("~/Account/ChangePassword.aspx?msg=YOUR DEFAULT PASSWORD IS EXPIRED!"); } else if (strUserType == "OFFICE USER" && PWD_Last_Updated_InDays > 180) { FormsAuthentication.SetAuthCookie(strUserID, false); Response.Redirect("~/Account/ChangePassword.aspx?msg=YOUR CURRENT PASSWORD IS EXPIRED! PLEASE CHANGE YOUR PASSWORD."); } else { FormsAuthentication.RedirectFromLoginPage(strUserID, false); } UserAccessLog(Session["USERNAME"].ToString(), Session["USERID"].ToString(), Session["Session"].ToString(), DateTime.Now, MachineIP, "Success", ClientBrowser, null); } } else { Session.Abandon(); LoginUser.FailureText = "Log-In ID or Password is incorrect."; UserAccessLog(UserName, "NULL", "NULL", DateTime.Now, MachineIP, "Failure", ClientBrowser, ds_ntLan.Tables[1].Rows[0][0].ToString()); } } else { Session.Abandon(); LoginUser.FailureText = "Log-In ID or Password is incorrect."; UserAccessLog(UserName, "NULL", "NULL", DateTime.Now, MachineIP, "Failure", ClientBrowser, ds_ntLan.Tables[1].Rows[0][0].ToString()); } }