public ActionResult Login(Store.Data.User user) { using (MyDataEntities db = new MyDataEntities()) { //Check to see that the UserName matches a User and that the Password matches that User if (manager.AuthenticateUser(user.UserName, user.Password)) { //AUTHORIZATION USING COOKIES //-------------------------------------------------------------- int timeout = 100; var ticket = new FormsAuthenticationTicket(1, user.UserID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(20), false, user.UserName.ToString(), FormsAuthentication.FormsCookiePath); string encrypt = FormsAuthentication.Encrypt(ticket); FormsAuthentication.SetAuthCookie(user.UserName, false); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypt); cookie.Expires = DateTime.Now.AddMinutes(timeout); cookie.HttpOnly = true; Response.Cookies.Add(cookie); //-------------------------------------------------------------- //Makes sure that the UserNames match and create a variable to hold the user in question var usr = db.Users.Where(U => U.UserName == user.UserName).FirstOrDefault(); Session["UserID"] = usr.UserID.ToString(); Session["UserName"] = usr.UserName.ToString(); if (usr.IsAdmin == true) { Session["IsAdmin"] = 1; } else { Session["IsAdmin"] = 0; } //Create a list of the user's ShoppingCartProducts in order to find the total quantity of items int temp = Convert.ToInt32(Session["UserID"].ToString()); var productList = db.ShoppingCartProducts.Where(a => a.ShoppingCartID == temp); int quan = 0; foreach (var item in productList) { quan += item.Quantity; } //Set the Session variable Quantity to the found value. Session["Quantity"] = quan; //Redirect the now logged in user back to the Homepage return(Redirect("~/Home/Index")); } else { ModelState.AddModelError("", "Username or Password is incorrect"); } } return(View()); }
//TEST: SQLSECURITYMANAGER_AUTHENTICATEUSER_TEST //Test the functionality of the SqlSecurityManager AuthenticateUser method using test data. public void SqlSecurityManager_AuthenticateUser_Test() { SqlSecurityManager manager = new SqlSecurityManager(); //ARRANGE //These parameters refer to the test user that we created in SqlSecurityManager_RegisterUser string username = "******"; string password = "******"; bool result; //ACT result = manager.AuthenticateUser(username, password); //ASSERT Assert.IsNotNull(result); Assert.IsTrue(result); }
//TEST: SQLSECURITYMANAGER_AUTHENTICATEUSER_FAILURETEST //Test the functionality of the SqlSecurityManager AuthenticateUser method when using unintended test data. //Uses a wrong password to show that if the username and/or password are wrong then AuthenticateUser() will return false public void SqlSecurityManager_AuthenticateUser_FAILURETest() { SqlSecurityManager manager = new SqlSecurityManager(); //ARRANGE //Login parameters string username = "******"; //Wrong Password string password = "******"; bool result; //ACT result = manager.AuthenticateUser(username, password); //ASSERT Assert.IsNotNull(result); Assert.IsFalse(result); }