public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var userService = new UserService();
var user = userService.VerifyUser(model.UserName, model.Password);
var result = user != null ? SignInStatus.Success : SignInStatus.Failure;
switch (result)
{
case SignInStatus.Success:
Response.Cookies["User"]["Email"] = user.Email;
//Response.Cookies["User"]["FirstName"] = user.FirstName;
//Response.Cookies["User"]["LastName"] = user.LastName;
Response.Cookies["User"]["Role"] = user.Role != "Admin" ? "Customer" : "Admin";
//Response.Cookies["User"].Expires = DateTime.Now.AddHours(1);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
user.Email,
DateTime.Now,
DateTime.Now.AddMinutes(60),
true,
user.Role.ToString(),
FormsAuthentication.FormsCookiePath);
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
Response.Cookies.Add(cookie);
var sm = new UserSecurityManager();
sm.AuthorizeUser(user);
FormsAuthentication.SetAuthCookie(model.UserName, true);
Session["MyMenu"] = null;
if (Session["Checkout"] != null)
{
if (Session["Checkout"].ToString() == "FromCheckout")
{
return(RedirectToAction("Purchase", "Checkout"));
}
}
return(RedirectToAction("Index", "Admin"));
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return(View(model));
}
}
/// <summary>
/// For different user-types, basic- or super-user, we need to use a different set of authenticator/authorizer. So in the 'UserSecurityManager'-class, we switch on user-types and instantiate the appropriate authenticator and authorizer objects as needed. This works, but has the code-smell to it... New user-type permutations will have us open up this code again and then some.
/// </summary>
public static void Main()
{
var basicUser = User.CreateUser("Arnold Schwarzenegger", "IllBeBack", UserTypeEnum.BasicUser);
UserSecurityManager userSecurityManager = new UserSecurityManager(basicUser.UserType);
userSecurityManager.PerformUserSecurityOperations(basicUser);
var superUser = User.CreateUser("Clint Eastwood", "MakeMyDayPunk", UserTypeEnum.SuperUser);
userSecurityManager = new UserSecurityManager(superUser.UserType);
userSecurityManager.PerformUserSecurityOperations(superUser);
// Lab1: Implement the design pattern-solution; create an abstract factory that facilitates the instantiational logic.
}
public static void Main()
{
var basicUser = User.CreateUser("Arnold Schwarzenegger", "IllBeBack", UserTypeEnum.BasicUser);
UserSecurityManager userSecurityManager = new UserSecurityManager(basicUser.UserType);
userSecurityManager.PerformUserSecurityOperations(basicUser);
var superUser = User.CreateUser("Clint Eastwood", "MakeMyDayPunk", UserTypeEnum.SuperUser);
userSecurityManager = new UserSecurityManager(superUser.UserType);
userSecurityManager.PerformUserSecurityOperations(superUser);
// Lab1: Implement the design pattern-solution, instead of the below code-smelly one.
}
private void IsStaffUserCheck()
{
bool isStaffUser = IsStaffUserRadioButtonList.SelectedValue == "1";
//Set the visibility of the controls.
CompanyNameTextBox.Visible = !isStaffUser;
CompanyDropDownList.Visible = isStaffUser;
if (!isStaffUser)
{
CompanyNameTextBox.Enabled = true;
Company ac = UserSecurityManager.GetCompanyByDomain(EmailTextBox.Text.Trim());
CompanyNameTextBox.Text = ac.Name;
}
}
public IdentityUnitOfWork(string connectionString)
{
_db = new IdentityContext(connectionString);
_userManager = new UserSecurityManager(new UserStore <UserSecurity>(_db));
_roleManager = new ApplicationRoleManager(new RoleStore <ApplicationRole>(_db));
}
