private void OnBeginRequest(object sender, EventArgs args) { HttpContext context = HttpContext.Current; string query = context.Request.RawUrl; const string QParamName = "QPARAM"; if (context.Request.Url.OriginalString.Contains(".aspx") && query.Contains("?") && context.Request.Cookies.AllKeys.Contains(".ASPXAUTH")) { var param = query.Split(new char[] { '?' }, 2); if (param.Length == 2) { if (query.Contains(QParamName)) { var encrypted = context.Request.QueryString[QParamName]; context.RewritePath(param[0], string.Empty, SecurityModelCrypto.Decrypt(encrypted)); } else if (0 == string.Compare(context.Request.HttpMethod, "GET", true)) { string newUrl = string.Format("{0}?{1}={2}", param[0], QParamName, SecurityModelCrypto.Encrypt(param[1])); context.Response.Redirect(newUrl); } } } }
public virtual void CreateUser(tbs_User user) { using (SecurityEntities sc = new SecurityEntities()) using (TransactionScope ts = new TransactionScope()) { var mapper = ServiceContainer.GetService <IMapper>(); tbs_User newUser = mapper.Map <tbs_User>(user); newUser.Password = SecurityModelCrypto.HashEncrypt(user.Password); sc.tbs_User.Add(newUser); sc.SaveChanges(); ts.Complete(); } }
public virtual void UpdateUser(tbs_User user) { using (SecurityEntities sc = new SecurityEntities()) using (TransactionScope ts = new TransactionScope()) { var mapper = ServiceContainer.GetService <IMapper>(); var passList = sc.tbs_User.Where(u => u.UserCode == user.UserCode).Select(u => u.Password).ToList(); string pass = passList.Count > 0 ? passList[0] : string.Empty; tbs_User edited = mapper.Map <tbs_User>(user); if (false == edited.Password.Equals(pass) || string.IsNullOrEmpty(pass)) { edited.Password = SecurityModelCrypto.HashEncrypt(edited.Password); } sc.tbs_User.Attach(edited); sc.Entry(edited).State = System.Data.Entity.EntityState.Modified; sc.SaveChanges(); ts.Complete(); } }
public virtual bool ChangePassword(string userCode, string oldPassword, string newPassword) { using (SecurityEntities db = new SecurityEntities()) { string encryptedOld = SecurityModelCrypto.HashEncrypt(oldPassword); var users = db.tbs_User .Where(a => (a.UserCode == userCode) && a.Password == encryptedOld) .ToList(); if (users.Count != 1) { return(false); } string encryptedNew = SecurityModelCrypto.HashEncrypt(newPassword); users[0].Password = encryptedNew; db.Entry(users[0]).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); return(true); } }
public virtual bool Authenticate(string loginName, string password) { string encrypted = SecurityModelCrypto.HashEncrypt(password); return(Repository.TryAuthenticate(loginName, encrypted)); }