示例#1
0
        public ActionResult ValidateLogin(LoginModel login)
        {
            try
            {
                if (ModelState.IsValid)
                {
                    var user = SecurityServices.ValidateUser(login.Name, login.Password);
                    if (user == null)
                    {
                        SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid credentials: {0} - {1}", login.Name, login.Password));
                        ModelState.AddModelError(String.Empty, "The login name or password is invalid.");
                    }
                    if (user != null && !user.CanLogin)
                    {
                        SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "User login disabled");
                        ModelState.AddModelError(String.Empty, "Access denied.");
                    }
                    if (user != null && !IsIpValid(user.RoleName, login.LocationId))
                    {
                        SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "Invalid IP address");
                        ModelState.AddModelError(String.Empty, "Access denied.");
                    }

                    if (ModelState.IsValid)
                    {
                        if (login.DowngradeRole)
                        {
                            user.RoleName = "Employee";
                            SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, "Downgraded to Employee role");
                        }
                        else if (user.RoleName == "Manager" && login.LocationId != user.LocationId)
                        {
                            user.RoleName = "Employee";
                            var message = string.Format("Manager downgraded to Employee role");
                            SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, message);
                        }
                        else
                        {
                            SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress);
                        }

                        var token = CreateToken(user.Id, user.RoleName, login.LocationId);
                        var auth  = TokenSerializer.GetCookieFromToken(token);
                        if (HttpContext.Request.IsLocal) //local development overrides
                        {
                            auth.Domain = null;
                            auth.Secure = false;
                        }
                        HttpContext.Response.Cookies.Add(auth);

                        if (Url.IsLocalUrl(login.ReturnUrl) && user.RoleName == "Administrator")
                        {
                            return(Redirect(login.ReturnUrl));
                        }
                        else
                        {
                            return(RedirectToAction("Index", "ShopFloor"));
                        }
                    }
                }
                else
                {
                    SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid model state: {0}", ModelState.ToString()));
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString());
                ModelState.AddModelError(String.Empty, Constants.ServerError);
            }

            // Invalid - redisplay with errors
            ViewBag.Locations = LocationServices.GetLocationLookup();
            return(View("Index", login));
        }