/// <summary>
/// 取得員工登入用資料
/// </summary>
public EmployeeToLogin GetEmployeeDataToLogin(string empAccount)
{
EmployeeToLogin entity = null;
using (EmployeeAuthorityDataAccess empAuthDao = new EmployeeAuthorityDataAccess())
{
entity = empAuthDao.GetEmployeeDataToLogin(empAccount);
dbErrMsg = empAuthDao.GetErrMsg();
}
return(entity);
}
public async Task <IActionResult> LoginEmployee([FromBody] EmployeeToLogin employeeToLogin)
{
var response = await _employeeRepository.AuthenticateEmployee(employeeToLogin.EmployeeEmail, employeeToLogin.EmployeePassword);
if (response == null || !response.Succeeded)
{
return(Unauthorized("Employee not found or password is invalid"));
}
var authResult = await MapToAuthorizationResult(employeeToLogin.EmployeeEmail);
return(Ok(authResult));
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
Master.ShowErrorMsg("");
txtCheckCode.Text = "";
if (!IsValid)
{
return;
}
txtAccount.Text = txtAccount.Text.Trim();
txtPassword.Text = txtPassword.Text.Trim();
txtNewPsw.Text = txtNewPsw.Text.Trim();
if (string.IsNullOrEmpty(hidEmpAccountOfToken.Text))
{
//登入驗證
EmployeeToLogin empVerify = empAuth.GetEmployeeDataToLogin(txtAccount.Text);
if (empVerify == null && empAuth.GetDbErrMsg() != "")
{
//異常錯誤
Master.ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".變更密碼驗證時發生異常錯誤,帳號[{0}] .An exception error occurred during change password verification! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
return;
}
//判斷是否有資料
if (empVerify == null)
{
//沒資料
Master.ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".(變更密碼)帳號不存在,輸入帳號[{0}] .(change password)Account doesn't exist! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
return;
}
//有資料
//擋 role-guest
if (empVerify.RoleName == "guest")
{
Master.ShowErrorMsg(Resources.Lang.ErrMsg_RoleGuestIsNotAllowedToUse);
return;
}
//檢查密碼
string passwordHash = HashUtility.GetPasswordHash(txtPassword.Text);
string empPassword = empVerify.EmpPassword;
bool isPasswordCorrect = false;
if (empVerify.PasswordHashed)
{
isPasswordCorrect = (passwordHash == empPassword);
}
else
{
isPasswordCorrect = (txtPassword.Text == empPassword);
}
if (!isPasswordCorrect)
{
Master.ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".(變更密碼)密碼錯誤,帳號[{0}] .(change password)Password is incorrect! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
return;
}
//檢查是否停權
if (empVerify.IsAccessDenied)
{
Master.ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".(變更密碼)帳號停用,帳號[{0}] .(change password)Account is denied! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
return;
}
//檢查上架日期
if (string.Compare(txtAccount.Text, "admin", true) != 0) // 不檢查帳號 admin
{
DateTime startDate = empVerify.StartDate.Value.Date;
DateTime endDate = empVerify.EndDate.Value.Date;
DateTime today = DateTime.Today;
if (today < startDate || endDate < today)
{
Master.ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".(變更密碼)帳號超出有效範圍,帳號[{0}] .(change password)Account validation date is out of range! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
return;
}
}
}
else if (string.Compare(txtAccount.Text, hidEmpAccountOfToken.Text.Trim(), true) != 0)
{
Master.ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
string description = string.Format(".(變更密碼)來自[{0}]重置密碼連結但是輸入錯誤帳號,輸入值[{1}] .(change password)From [{0}] reset password link but enter the wrong account! Input[{1}]",
hidEmpAccountOfToken.Text, txtAccount.Text);
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = description,
IP = c.GetClientIP()
});
return;
}
//記錄登入時間與IP
empAuth.UpdateEmployeeLoginInfo(txtAccount.Text, c.GetClientIP());
//確認可登入後,取得員工資料
EmployeeForBackend emp = empAuth.GetEmployeeData(txtAccount.Text);
if (emp == null && empAuth.GetDbErrMsg() != "")
{
//異常錯誤
Master.ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".(變更密碼)帳號登入取得使用者資料時發生異常錯誤,帳號[{0}] .(change password)An exception error occurred during obtaining user profile! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
return;
}
string empAccount = emp.EmpAccount;
string empName = emp.EmpName;
string email = emp.Email;
bool result = empAuth.UpdateEmployeePassword(empAccount, HashUtility.GetPasswordHash(txtNewPsw.Text));
if (result)
{
if (!string.IsNullOrEmpty(hidEmpAccountOfToken.Text))
{
//清除Email驗證用唯一值
empAuth.UpdateEmployeePasswordResetKey(hidEmpAccountOfToken.Text, "");
}
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = empAccount,
Description = ".變更密碼 .Change password",
IP = c.GetClientIP()
});
// Email notice
if (empName.Trim() == "")
{
empName = empAccount;
}
UserInfo userInfo = new UserInfo()
{
EmpAccount = empAccount,
EmpName = empName,
Email = email
};
bool sentResult = false;
if (LangManager.Instance.GetCultureName(c.qsLangNo.ToString()) == LangManager.CultureNameZHTW)
{
sentResult = SendNoticeMailToUserZhTw(userInfo);
}
else
{
sentResult = SendNoticeMailToUserEn(userInfo);
}
if (!sentResult)
{
c.LoggerOfUI.Error(string.Format("Account[{0}] Email[{1}] send notice mail to user failed.", empAccount, email));
}
StringBuilder sbScript = new StringBuilder(200);
sbScript.AppendFormat("window.alert('{0}!');", Resources.Lang.PswChange_Success).AppendLine();
sbScript.AppendFormat("window.location='{0}?l={1}';", FormsAuthentication.LoginUrl, c.qsLangNo).AppendLine();
ClientScript.RegisterStartupScript(GetType(), "", sbScript.ToString(), true);
}
else
{
Master.ShowErrorMsg(Resources.Lang.ErrMsg_ChangePasswordException);
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
txtCheckCode.Text = "";
if (!IsValid)
{
return;
}
txtAccount.Text = txtAccount.Text.Trim();
txtPassword.Text = txtPassword.Text.Trim();
//登入驗證
EmployeeToLogin empVerify = empAuth.GetEmployeeDataToLogin(txtAccount.Text);
if (empVerify == null && empAuth.GetDbErrMsg() != "")
{
//異常錯誤
ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號登入驗證時發生異常錯誤,帳號[{0}] .An exception error occurred during login verification! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//判斷是否有資料
if (empVerify == null)
{
//沒資料
ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號不存在,輸入帳號[{0}] .Account doesn't exist! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//有資料
//檢查密碼
string passwordHash = HashUtility.GetPasswordHash(txtPassword.Text);
string empPassword = empVerify.EmpPassword;
bool isPasswordCorrect = false;
if (empVerify.PasswordHashed)
{
isPasswordCorrect = (passwordHash == empPassword);
}
else
{
isPasswordCorrect = (txtPassword.Text == empPassword);
}
if (!isPasswordCorrect)
{
ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".密碼錯誤,帳號[{0}] .Password is incorrect! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//檢查是否停權
if (empVerify.IsAccessDenied)
{
ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號停用,帳號[{0}] .Account is denied! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//檢查上架日期
if (string.Compare(txtAccount.Text, "admin", true) != 0) // 不檢查帳號 admin
{
DateTime startDate = empVerify.StartDate.Value.Date;
DateTime endDate = empVerify.EndDate.Value.Date;
DateTime today = DateTime.Today;
if (today < startDate || endDate < today)
{
ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號超出有效範圍,帳號[{0}] .Account validation date is out of range! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
}
//記錄登入時間與IP
empAuth.UpdateEmployeeLoginInfo(txtAccount.Text, c.GetClientIP());
//確認可登入後,取得員工資料
EmployeeForBackend emp = empAuth.GetEmployeeData(txtAccount.Text);
if (emp == null && empAuth.GetDbErrMsg() != "")
{
//異常錯誤
ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號登入取得使用者資料時發生異常錯誤,帳號[{0}] .An exception error occurred during obtaining user profile! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//清除登入失敗次數
c.seLoginFailedCount = 0;
DateTime
thisLoginTime = DateTime.MinValue,
lastLoginTime = DateTime.MinValue;
if (emp.ThisLoginTime.HasValue)
{
thisLoginTime = emp.ThisLoginTime.Value;
}
if (emp.LastLoginTime.HasValue)
{
lastLoginTime = emp.LastLoginTime.Value;
}
LoginEmployeeData loginEmpData = new LoginEmployeeData()
{
EmpId = emp.EmpId,
EmpName = emp.EmpName,
Email = emp.Email,
DeptId = emp.DeptId,
DeptName = emp.DeptName,
RoleId = emp.RoleId,
RoleName = emp.RoleName,
RoleDisplayName = emp.RoleDisplayName,
StartDate = emp.StartDate.Value,
EndDate = emp.EndDate.Value,
EmpAccount = emp.EmpAccount,
ThisLoginTime = thisLoginTime,
ThisLoginIP = emp.ThisLoginIP,
LastLoginTime = lastLoginTime,
LastLoginIP = emp.LastLoginIP
};
c.SaveLoginEmployeeDataIntoSession(loginEmpData);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = c.GetEmpAccount(),
Description = ".登入系統! .Logged in!",
IP = c.GetClientIP()
});
//記錄指定語系
c.seLangNoOfBackend = c.qsLangNo;
//設定已登入
FormsAuthentication.RedirectFromLoginPage(c.seLoginEmpData.EmpAccount, false);
/* 需要帶入額外參數時使用
* if (string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
* {
* FormsAuthentication.SetAuthCookie(c.seLoginEmpData.EmpAccount, false);
* Response.Redirect(FormsAuthentication.DefaultUrl + "?l=" + c.qsLangNo.ToString());
* }
*/
}
