private void Btn_LogIn_Click(object sender, RoutedEventArgs e) { List <Employee> list = db.Employee.Where(i => i.Login != null && i.Password != null).ToList(); list = list.Where(i => i.Login.Equals(Tb_Login.Text)).ToList(); if (list.Count() == 1) { list = list.Where(i => i.Password.Equals(Tb_Password.Password)).ToList(); if (list.Count() == 1) { var user = list.FirstOrDefault(); FirstPage firstPage = new FirstPage(this, user); this.Visibility = Visibility.Hidden; Tb_Login.Clear(); Tb_Password.Clear(); firstPage.ShowDialog(); } else { MessageBox.Show("Пароль неверный, попробуйте ещё раз.", "Error", MessageBoxButton.OK, MessageBoxImage.Error); } } else { MessageBox.Show("Логин неверный, попробуйте ещё раз.", "Error", MessageBoxButton.OK, MessageBoxImage.Error); } }
protected override void OnActionExecuting(ActionExecutingContext filterContext) { var userReq = System.Web.HttpContext.Current.User as CustomPrincipal; int userid = userReq != null ? userReq.UserID : 0; string controller = System.Web.HttpContext.Current.Request.RequestContext.RouteData.Values["controller"].ToString().ToLower(); string action = System.Web.HttpContext.Current.Request.RequestContext.RouteData.Values["action"].ToString().ToLower(); var actionlist = new string[] { "login", "loginload", "registersave", "acs", "sls", "redirectsso" }; if (!actionlist.Contains(action)) { using (var db = new Student_AttendanceEntities()) { UserLogon = db.Tb_User.Where(r => r.UserID == userid).FirstOrDefault(); UserIsLogin = db.Tb_Login.Where(r => r.UserID == userid).FirstOrDefault(); } Session.Timeout = 20; Session["sessionID"] = HttpContext.Session.SessionID; var sessionid = Session["sessionID"].ToString(); if (UserLogon == null || UserIsLogin.sessionID != sessionid) { //string urlLogout = "http://cpe.rmuti.ac.th/project/StudentAttendance/Login/Logout"; //filterContext.Result = new RedirectResult("~/Login/Login"); filterContext.Result = new RedirectResult(MainUrl); } else { if (UserLogon.Role == "user" && controller.ToLower() == "admin") { filterContext.Result = new RedirectResult(MainUrl + "/Home/index"); } } } base.OnActionExecuting(filterContext); }
public JsonResult LoginLoad(string username, string password) // เช็ค email password ในการ Login { var jsonReturn = new JsonResponse(); //var sessionid = string.Empty; using (var db = new Student_AttendanceEntities()) { var data = db.Tb_User.Where(r => r.Email == username && r.Password == password).SingleOrDefault(); if (data != null) { Session.Timeout = 20; Session["sessionID"] = HttpContext.Session.SessionID; var sessionid = Session["sessionID"].ToString(); var userLogin = db.Tb_Login.Where(r => r.UserID == data.UserID).FirstOrDefault(); if (userLogin == null) { var addUser = new Tb_Login() { UserID = data.UserID, sessionID = sessionid, LoginTime = DateTime.Now }; db.Tb_Login.Add(addUser); } else { var user = db.Tb_Login.Where(r => r.UserID == data.UserID).FirstOrDefault(); if (user != null) { db.Tb_Login.Where(r => r.LoginID == user.LoginID).ForEach(r => { r.sessionID = sessionid; // ให้คนมาทีหลัง เข้าใช้ คนเก่า ดีดออก r.LoginTime = DateTime.Now; }); } } jsonReturn = new JsonResponse { status = true, data = "success" }; db.SaveChanges(); System.Web.Security.FormsAuthentication.SetAuthCookie(data.UserID.ToString(), false); } else { jsonReturn = new JsonResponse { status = false, data = "fail" }; } } return(Json(jsonReturn)); }
//acs /// <summary> /// Response form SSO after login successful /// </summary> /// <returns></returns> public ActionResult acs() { AppSettings appSettings = new AppSettings(); OneLogin.Auth auth = new Auth(appSettings); var listData = new List <DataLogin>(); auth.ProcessResponse(); var res = string.Empty; var name = string.Empty; var ssoValue = string.Empty; var valid = false; var username = string.Empty; var gidNumber = string.Empty; var firstname = string.Empty; var lastname = string.Empty; var deptName = string.Empty; var nameENFull = string.Empty; var email = string.Empty; var personalId = string.Empty; if (auth.Response.IsValid()) { // Login successful // Save SSO Name ID HttpContext.Session["ssoNameID"] = auth.Response.GetNameID(); // Save SSO Session Index HttpContext.Session["ssoSessionIndex"] = auth.Response.GetSessionIndex(); // Save Text of XML of local User Data to Session HttpContext.Session["ssoUserData"] = auth.Response.GetAttributes(); // Redirect to requested <URL> -- /?sso&redirect=<URL> if (Request.Form["RelayState"] != null) { res = Request.Form["RelayState"].ToString(); } if (HttpContext.Session["ssoUserData"] != null) { XmlDocument userXmlDoc = new XmlDocument(); userXmlDoc.PreserveWhitespace = true; userXmlDoc.XmlResolver = null; userXmlDoc.LoadXml((string)HttpContext.Session["ssoUserData"]); foreach (XmlNode node in userXmlDoc.FirstChild.ChildNodes) { name = node.Attributes["Name"].Value; ssoValue = node.FirstChild.InnerText; listData.Add(new DataLogin { Name = name, Value = ssoValue }); switch (name) { case "uid": username = ssoValue; break; case "gidNumber": gidNumber = ssoValue; break; case "firstNameThai": firstname = ssoValue; break; case "lastNameThai": lastname = ssoValue; break; case "personalId": personalId = ssoValue; break; case "program": deptName = ssoValue; break; case "gecos": nameENFull = ssoValue; break; case "mail": email = ssoValue; break; } } } } else { // Login success but got invalid SAML information res = "SAML information is invalid!"; valid = false; } string identityId = HttpContext.Request.Url.Host + HttpContext.Request.Url.AbsolutePath; identityId = identityId.Substring(0, identityId.Length - 10); string url = Request.Url.Scheme + "://" + HttpContext.Request.Url.Host + HttpContext.Request.Url.AbsolutePath; url = url.Substring(0, url.Length - 4); ViewBag.DataLogin = listData.ToList(); ViewBag.Res = res; ViewBag.identityId = identityId; ViewBag.url = url; ViewBag.ssoValid = valid; //gidNumber = "2500"; //username = "******";// //firstname = "สมสิน"; //lastname = "วางขุนทด"; //deptName = ""; if (gidNumber == "2500") { // insert to user table & login table var nameth = firstname + " " + lastname; using (var db = new Student_AttendanceEntities()) { var datauser = db.Tb_User.Where(r => r.Username == username).FirstOrDefault(); var dataname = db.Tb_User.Where(r => r.Name == nameth).FirstOrDefault(); var deptcode = db.Tb_Department.Where(r => r.DeptName == deptName).Select(r => r.DeptCode).SingleOrDefault(); if (datauser == null) { if (dataname != null) { db.Tb_User.Where(r => r.UserID == dataname.UserID).ForEach(r => { r.Username = username; if (deptcode != 0) { r.DeptCode = deptcode; r.Email = email; } }); } else { if (deptcode != 0) { var user = new Tb_User() { Username = username, Name = nameth, DeptCode = deptcode, Password = personalId, Role = "user", Email = email }; db.Tb_User.Add(user); } else { var user = new Tb_User() { Username = username, Name = nameth, Password = personalId, Role = "user", Email = email }; db.Tb_User.Add(user); } } db.SaveChanges(); } var data = db.Tb_User.Where(r => r.Username == username).FirstOrDefault(); if (data != null) { Session.Timeout = 20; Session["sessionID"] = HttpContext.Session.SessionID; var sessionid = Session["sessionID"].ToString(); var userLogin = db.Tb_Login.Where(r => r.UserID == data.UserID).FirstOrDefault(); if (userLogin == null) { var addUser = new Tb_Login() { UserID = data.UserID, sessionID = sessionid, LoginTime = DateTime.Now }; db.Tb_Login.Add(addUser); } else { db.Tb_Login.Where(r => r.LoginID == userLogin.LoginID).ForEach(r => { r.sessionID = sessionid; // ให้คนมาทีหลัง เข้าใช้ คนเก่า ดีดออก r.LoginTime = DateTime.Now; }); } db.SaveChanges(); System.Web.Security.FormsAuthentication.SetAuthCookie(data.UserID.ToString(), false); } } return(RedirectToAction("redirectIndex", "Login")); //return RedirectToAction("Index", "Home"); } else { ViewBag.notUse = "ขออภัยบัญชีผู้ใช้ " + username + " นี้ไม่สามารถใช้งานระบบนี้ได้"; return(View()); } //return View(); }