protected override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); string actionName = filterContext.ActionDescriptor.ActionName; HttpCookie cookie = Request.Cookies["Session"]; if (cookie != null) { string cookieValue = cookie.Value; PartnerSessionDTO session = null; try { byte[] sessionId = FormatHelper.FromHexStringToArray(cookieValue); PartnerSessionBLL sessionBLL = new PartnerSessionBLL(WebApp.Connector); session = sessionBLL.ReadById(sessionId); } catch { } DateTime?expiresOn = session?.ExpiresOn; if (session != null && ((expiresOn != null && expiresOn > DateTime.UtcNow) || expiresOn == null) && session.IsActive && session.Partner.HasEmailAddressBeenVerified) { if (actionName != "Logout") { filterContext.Result = RedirectToAction("Home", "Management"); } } else if (actionName == "Logout") { filterContext.Result = RedirectToAction("Login"); } } TempData.Clear(); }
protected override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); HttpCookie cookie = Request.Cookies["Session"]; if (cookie != null) { string cookieValue = cookie.Value; if (!string.IsNullOrEmpty(cookieValue)) { try { byte[] sessionId = FormatHelper.FromHexStringToArray(cookieValue); PartnerSessionBLL sessionBLL = new PartnerSessionBLL(WebApp.Connector); PartnerSessionDTO session = sessionBLL.ReadById(sessionId); DateTime utcNow = DateTime.UtcNow; if (session?.ExpiresOn > utcNow && session.IsActive) { if (session.Partner.HasEmailAddressBeenVerified) { sessionBLL.UpdateExpiration(sessionId, utcNow.AddMinutes(15)); CurrentSession = session; } else { ReturnToLogin(filterContext, "EmailAddressHasNotBeenVerified"); } } else { ReturnToLogin(filterContext, "YourSessionHasExpired"); } } catch { ReturnToLogin(filterContext, "YouShouldLogInFirst"); } } else { ReturnToLogin(filterContext, "YouShouldLogInFirst"); } } else { ReturnToLogin(filterContext, "YouShouldLogInFirst"); } }
public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session) { Connector.IsTransaction = true; PartnerBLL partnerBLL = new PartnerBLL(Connector); PartnerDTO partner = partnerBLL.ReadByUsername(credential.Username); if (partner != null) { if (!partner.IsLocked) { byte[] credentialPassword = SHA512Hasher.Hash(credential.Password); if (BinaryComparer.AreEqual(credentialPassword, partner.Password)) { if (partner.HasEmailAddressBeenVerified) { DateTime loggedAt = DateTime.UtcNow; session = new PartnerSessionDTO() { Partner = partner, IPAddress = ipAddress, LoggedAt = loggedAt }; if (!keepOpened) { session.ExpiresOn = loggedAt.AddMinutes(16); } Create(session); Connector.CommitTransaction(); return(LoginResult.OK); } else { Connector.RollbackTransaction(); session = null; return(LoginResult.EmailAddressHasNotBeenVerified); } } else { PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector); PartnerLoginAttemptDTO loginAttempt = new PartnerLoginAttemptDTO() { Partner = partner, IPAddress = ipAddress }; loginAttemptBLL.Create(loginAttempt); Guid partnerId = partner.Id; PartnerSessionDTO lastSession = ReadLastByPartner(partnerId); List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList(); if (loginAttempts.Count >= 3) { partnerBLL.Update(partnerId, new Dictionary <string, object>() { { "IsLocked", true } }); } Connector.CommitTransaction(); session = null; return(LoginResult.PasswordDoesntMatch); } } else { Connector.RollbackTransaction(); session = null; return(LoginResult.AccountIsLocked); } } else { Connector.RollbackTransaction(); session = null; return(LoginResult.AccountDoesntExist); } }
public CreateResult Create(PartnerSessionDTO session) { Repository.Insert(session, out byte[] id); session.Id = id; return(CreateResult.OK); }
public static byte[] Generate(PartnerSessionDTO session) => Generate($"Security.PartnerSession|Partner={session.Partner.Id};IPAddress={session.IPAddress}");