public HttpResponseMessage Login(string UserName, string Password, string NewPassword = "", string IpAddress = "") { //string clientIp = GetIPAddress(); var sessionDto = new SessionInfo(); UserName = System.Uri.UnescapeDataString(UserName); Password = System.Uri.UnescapeDataString(Password); NewPassword = System.Uri.UnescapeDataString(NewPassword); var userInfo = ErpContext.UserInfos.FirstOrDefault(u => u.User_Name == UserName); if (userInfo != null) { //{ if (userInfo.HasUserFlexibility != null && userInfo.HasUserFlexibility == 0) { LoginSecurity(userName, clientIp); } } LogoutByNewUser(userInfo.Id, userInfo.Password); if (NewPassword != "" && NewPassword != "undefined") { if (GetDuplicateByHistryOfChangePassword(Password, NewPassword)) { return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You can't use any of your last 5 passwords.Please try another to continue...")); } } var userPassIsreset = ErpContext.UserInfos.FirstOrDefault(u => u.User_Id == UserName); //if (userPassIsreset.IsReset == 1 && newpassword == "") { SendPasswordPolicy(); } //checking empty username and password if (string.IsNullOrWhiteSpace(UserName)) { //securityLogger.Log(EnumLogLevel.Debug, string.Format(ApplicationErrorMessages.EmptyCredentials, userName, pass)); return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Password worng")); } } else { return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "User Id is not correct.")); } try { // if (newpassword == "" || newpassword == "undefined") CheckPasswordValidy(userInfo); var userSession = SecurityServices.CreateSession(UserName, Password); sessionDto = CreateSessionInfo(userSession); if (sessionDto != null) { if (NewPassword != "" && NewPassword != "undefined") { updateExpirepassword(UserName, Password, NewPassword); } storeSessionManagement(userInfo, IpAddress, sessionDto.SessionId); //securityLogger.Log(EnumLogLevel.Info, "Login successful for user:"******"Session creation faild"); } catch (InactiveUser) { return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Inactive user")); } catch (wrongPasswordFailure) { return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Password worng")); } return(Request.CreateResponse(HttpStatusCode.OK, sessionDto)); }