private void btLogin_Click(object sender, System.EventArgs e) { string sUserData; string[] roles; DataTable dtGroups = null; int iReturn; try { user = new clsUsers(); user.sEmail = tbEmail.Text; user.sPass = tbPassword.Text; if (tblLogin.Rows[1].Visible) { user.iOrgId = Convert.ToInt32(ddlOrg.SelectedValue); } iReturn = user.Authenticate(); switch (iReturn) { case 0: lbErr.Visible = false; sUserData = user.iId.Value.ToString() + ":" + user.iOrgId.Value.ToString(); dtGroups = user.GetUserGroupsList(); string roleStr = ""; foreach (DataRow dr in dtGroups.Rows) { roleStr += String.Format("{0};", dr["vchDesc"]); } roleStr = roleStr.Remove(roleStr.Length - 1, 1); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, sUserData, DateTime.Now, DateTime.Now.AddHours(1), false, roleStr ); roles = roleStr.Split(new char[] { ';' }); string cookieStr = FormsAuthentication.Encrypt(ticket); Response.Cookies["bfp_roles"].Value = cookieStr; Response.Cookies["bfp_roles"].Path = "/"; Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddHours(1); FormsAuthentication.SetAuthCookie(sUserData, true); Response.Redirect("main.aspx", false); break; case 1: tblLogin.Rows[1].Visible = true; ddlOrg.DataTextField = "vchName"; ddlOrg.DataValueField = "Id"; ddlOrg.DataSource = new DataView(user.GetOrgListFromUser()); ddlOrg.DataBind(); lbErr.Visible = false; break; case -1: lbErr.Visible = true; break; default: lbErr.Visible = true; break; } } catch (Exception ex) { _functions.Log("Application error: \n" + ex.ToString()); lbErr.Text = ex.Message; } finally { if (user != null) { user.Dispose(); } } }
/// <summary> /// Login /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void btLogin_Click(object sender, System.EventArgs e) { string sUserData; string[] roles; string roleStr = ""; DataTable dtGroups = null; int iReturn; try { lbErr.Visible = false; user = new clsUsers(); user.sEmail = tbEmail.Text; // User authenticating if (user.Authenticate() == -1) { lbErr.Visible = true; } else { if (!user.bActiveStatus.Value) { lbErr.Visible = true; lbErr.Text = _functions.ErrorMessage(202); return; } string dbPasswordHash = user.sPass.Value; string salt = user.sSalt.Value; // Now take the salt and the password entered by the user // and concatenate them together. string passwordAndSalt = String.Concat(tbPassword.Text, salt); // Now hash them string hashedPasswordAndSalt = FormsAuthentication.HashPasswordForStoringInConfigFile( passwordAndSalt, "SHA1"); // Now verify them. Returns true if they are equal if (!hashedPasswordAndSalt.Equals(dbPasswordHash)) { lbErr.Visible = true; } else { // Getting info about user iReturn = user.LoginInfo(); switch (iReturn) { case 0: Response.Cookies["bfp_logo"].Value = user.sLogo.Value; Response.Cookies["bfp_logo"].Path = "/"; Response.Cookies["bfp_logo"].Expires = DateTime.Now.AddYears(1); // The authenticate was done successfully lbErr.Visible = false; // Creating the user's identifying string sUserData = user.iId.Value.ToString() + ":" + user.iOrgId.Value.ToString(); // creating the roles's string for user from groups list dtGroups = user.GetUserGroupsList(); foreach (DataRow dr in dtGroups.Rows) { roleStr += String.Format("{0};", dr["vchDesc"]); } roleStr = roleStr.Remove(roleStr.Length - 1, 1); // creating a ticket for user with his roles FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, sUserData, DateTime.Now, DateTime.Now.AddYears(1), false, roleStr ); roles = roleStr.Split(new char[] { ';' }); // encrypting ticket for setting to cookie string cookieStr = FormsAuthentication.Encrypt(ticket); Response.Cookies["bfp_roles"].Value = cookieStr; Response.Cookies["bfp_roles"].Path = "/"; Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddYears(1); // setting the user's identifying string to cookie FormsAuthentication.SetAuthCookie(sUserData, true); if (Request.QueryString["ReturnUrl"] != null) { Response.Redirect(Request.QueryString["ReturnUrl"], false); } else { Response.Redirect("selectMode.aspx", false); } break; case 1: // if there are many organization for current user then we are showing they on screen for choosing tblLogin.Rows[0].Visible = true; tblLogin.Rows[1].Visible = true; tblLogin.Rows[2].Visible = false; tblLogin.Rows[3].Visible = false; tblLogin.Rows[4].Visible = false; ViewState["UserId"] = user.iId.Value; dgOrgs.DataSource = new DataView(user.GetOrgListFromUser()); dgOrgs.DataBind(); lbErr.Visible = false; break; case -1: lbErr.Visible = true; break; default: lbErr.Visible = true; break; } } } } catch (Exception ex) { _functions.Log(ex, "", SourcePageName); lbErr.Visible = true; lbErr.Text = ex.Message; } finally { if (user != null) { user.Dispose(); } } }