private void Btn_LogIn_Click(object sender, RoutedEventArgs e)
{
List <Employee> list = db.Employee.Where(i => i.Login != null && i.Password != null).ToList();
list = list.Where(i => i.Login.Equals(Tb_Login.Text)).ToList();
if (list.Count() == 1)
{
list = list.Where(i => i.Password.Equals(Tb_Password.Password)).ToList();
if (list.Count() == 1)
{
var user = list.FirstOrDefault();
FirstPage firstPage = new FirstPage(this, user);
this.Visibility = Visibility.Hidden;
Tb_Login.Clear();
Tb_Password.Clear();
firstPage.ShowDialog();
}
else
{
MessageBox.Show("Пароль неверный, попробуйте ещё раз.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
else
{
MessageBox.Show("Логин неверный, попробуйте ещё раз.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
var userReq = System.Web.HttpContext.Current.User as CustomPrincipal;
int userid = userReq != null ? userReq.UserID : 0;
string controller = System.Web.HttpContext.Current.Request.RequestContext.RouteData.Values["controller"].ToString().ToLower();
string action = System.Web.HttpContext.Current.Request.RequestContext.RouteData.Values["action"].ToString().ToLower();
var actionlist = new string[] { "login", "loginload", "registersave", "acs", "sls", "redirectsso" };
if (!actionlist.Contains(action))
{
using (var db = new Student_AttendanceEntities())
{
UserLogon = db.Tb_User.Where(r => r.UserID == userid).FirstOrDefault();
UserIsLogin = db.Tb_Login.Where(r => r.UserID == userid).FirstOrDefault();
}
Session.Timeout = 20;
Session["sessionID"] = HttpContext.Session.SessionID;
var sessionid = Session["sessionID"].ToString();
if (UserLogon == null || UserIsLogin.sessionID != sessionid)
{
//string urlLogout = "http://cpe.rmuti.ac.th/project/StudentAttendance/Login/Logout";
//filterContext.Result = new RedirectResult("~/Login/Login");
filterContext.Result = new RedirectResult(MainUrl);
}
else
{
if (UserLogon.Role == "user" && controller.ToLower() == "admin")
{
filterContext.Result = new RedirectResult(MainUrl + "/Home/index");
}
}
}
base.OnActionExecuting(filterContext);
}
public JsonResult LoginLoad(string username, string password) // เช็ค email password ในการ Login
{
var jsonReturn = new JsonResponse();
//var sessionid = string.Empty;
using (var db = new Student_AttendanceEntities())
{
var data = db.Tb_User.Where(r => r.Email == username && r.Password == password).SingleOrDefault();
if (data != null)
{
Session.Timeout = 20;
Session["sessionID"] = HttpContext.Session.SessionID;
var sessionid = Session["sessionID"].ToString();
var userLogin = db.Tb_Login.Where(r => r.UserID == data.UserID).FirstOrDefault();
if (userLogin == null)
{
var addUser = new Tb_Login()
{
UserID = data.UserID,
sessionID = sessionid,
LoginTime = DateTime.Now
};
db.Tb_Login.Add(addUser);
}
else
{
var user = db.Tb_Login.Where(r => r.UserID == data.UserID).FirstOrDefault();
if (user != null)
{
db.Tb_Login.Where(r => r.LoginID == user.LoginID).ForEach(r =>
{
r.sessionID = sessionid; // ให้คนมาทีหลัง เข้าใช้ คนเก่า ดีดออก
r.LoginTime = DateTime.Now;
});
}
}
jsonReturn = new JsonResponse {
status = true, data = "success"
};
db.SaveChanges();
System.Web.Security.FormsAuthentication.SetAuthCookie(data.UserID.ToString(), false);
}
else
{
jsonReturn = new JsonResponse {
status = false, data = "fail"
};
}
}
return(Json(jsonReturn));
}
//acs
/// <summary>
/// Response form SSO after login successful
/// </summary>
/// <returns></returns>
public ActionResult acs()
{
AppSettings appSettings = new AppSettings();
OneLogin.Auth auth = new Auth(appSettings);
var listData = new List <DataLogin>();
auth.ProcessResponse();
var res = string.Empty;
var name = string.Empty;
var ssoValue = string.Empty;
var valid = false;
var username = string.Empty;
var gidNumber = string.Empty;
var firstname = string.Empty;
var lastname = string.Empty;
var deptName = string.Empty;
var nameENFull = string.Empty;
var email = string.Empty;
var personalId = string.Empty;
if (auth.Response.IsValid())
{
// Login successful
// Save SSO Name ID
HttpContext.Session["ssoNameID"] = auth.Response.GetNameID();
// Save SSO Session Index
HttpContext.Session["ssoSessionIndex"] = auth.Response.GetSessionIndex();
// Save Text of XML of local User Data to Session
HttpContext.Session["ssoUserData"] = auth.Response.GetAttributes();
// Redirect to requested <URL> -- /?sso&redirect=<URL>
if (Request.Form["RelayState"] != null)
{
res = Request.Form["RelayState"].ToString();
}
if (HttpContext.Session["ssoUserData"] != null)
{
XmlDocument userXmlDoc = new XmlDocument();
userXmlDoc.PreserveWhitespace = true;
userXmlDoc.XmlResolver = null;
userXmlDoc.LoadXml((string)HttpContext.Session["ssoUserData"]);
foreach (XmlNode node in userXmlDoc.FirstChild.ChildNodes)
{
name = node.Attributes["Name"].Value;
ssoValue = node.FirstChild.InnerText;
listData.Add(new DataLogin
{
Name = name,
Value = ssoValue
});
switch (name)
{
case "uid":
username = ssoValue;
break;
case "gidNumber":
gidNumber = ssoValue;
break;
case "firstNameThai":
firstname = ssoValue;
break;
case "lastNameThai":
lastname = ssoValue;
break;
case "personalId":
personalId = ssoValue;
break;
case "program":
deptName = ssoValue;
break;
case "gecos":
nameENFull = ssoValue;
break;
case "mail":
email = ssoValue;
break;
}
}
}
}
else
{
// Login success but got invalid SAML information
res = "SAML information is invalid!";
valid = false;
}
string identityId = HttpContext.Request.Url.Host + HttpContext.Request.Url.AbsolutePath;
identityId = identityId.Substring(0, identityId.Length - 10);
string url = Request.Url.Scheme + "://" + HttpContext.Request.Url.Host + HttpContext.Request.Url.AbsolutePath;
url = url.Substring(0, url.Length - 4);
ViewBag.DataLogin = listData.ToList();
ViewBag.Res = res;
ViewBag.identityId = identityId;
ViewBag.url = url;
ViewBag.ssoValid = valid;
//gidNumber = "2500";
//username = "******";//
//firstname = "สมสิน";
//lastname = "วางขุนทด";
//deptName = "";
if (gidNumber == "2500")
{
// insert to user table & login table
var nameth = firstname + " " + lastname;
using (var db = new Student_AttendanceEntities())
{
var datauser = db.Tb_User.Where(r => r.Username == username).FirstOrDefault();
var dataname = db.Tb_User.Where(r => r.Name == nameth).FirstOrDefault();
var deptcode = db.Tb_Department.Where(r => r.DeptName == deptName).Select(r => r.DeptCode).SingleOrDefault();
if (datauser == null)
{
if (dataname != null)
{
db.Tb_User.Where(r => r.UserID == dataname.UserID).ForEach(r =>
{
r.Username = username;
if (deptcode != 0)
{
r.DeptCode = deptcode;
r.Email = email;
}
});
}
else
{
if (deptcode != 0)
{
var user = new Tb_User()
{
Username = username,
Name = nameth,
DeptCode = deptcode,
Password = personalId,
Role = "user",
Email = email
};
db.Tb_User.Add(user);
}
else
{
var user = new Tb_User()
{
Username = username,
Name = nameth,
Password = personalId,
Role = "user",
Email = email
};
db.Tb_User.Add(user);
}
}
db.SaveChanges();
}
var data = db.Tb_User.Where(r => r.Username == username).FirstOrDefault();
if (data != null)
{
Session.Timeout = 20;
Session["sessionID"] = HttpContext.Session.SessionID;
var sessionid = Session["sessionID"].ToString();
var userLogin = db.Tb_Login.Where(r => r.UserID == data.UserID).FirstOrDefault();
if (userLogin == null)
{
var addUser = new Tb_Login()
{
UserID = data.UserID,
sessionID = sessionid,
LoginTime = DateTime.Now
};
db.Tb_Login.Add(addUser);
}
else
{
db.Tb_Login.Where(r => r.LoginID == userLogin.LoginID).ForEach(r =>
{
r.sessionID = sessionid; // ให้คนมาทีหลัง เข้าใช้ คนเก่า ดีดออก
r.LoginTime = DateTime.Now;
});
}
db.SaveChanges();
System.Web.Security.FormsAuthentication.SetAuthCookie(data.UserID.ToString(), false);
}
}
return(RedirectToAction("redirectIndex", "Login"));
//return RedirectToAction("Index", "Home");
}
else
{
ViewBag.notUse = "ขออภัยบัญชีผู้ใช้ " + username + " นี้ไม่สามารถใช้งานระบบนี้ได้";
return(View());
}
//return View();
}
