public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
//Check to make sure form is valid.
if (!ModelState.IsValid)
{
return(View(model));
}
#region GetUserId
// This entire section is meant to get the UserID. This is done either with the legend or new SHA1 hashing.
//This is for deprecated SHA1 Hash done on SQL Server
//Need to get the userID in order to get the User object. There are two ways. The Deprecated way
//uses the Login_SP_Result stored procedure to send SQL Server model.password, SHA1Hash it there
//and then compare it to what the data base has. UserForAuth, stores the SHA1Hash directly on the DB.
//So C# handles model.password SHA1Hashing and then compares it to whats on the DB.
int userid = 0;
//Check to see if it's an old password.
Login_SP_Result legendUserForAuth = context.Login_SP(model.UserName, model.Password).FirstOrDefault();
if (legendUserForAuth != null)
{
//LegendUser exits and the ID can be queried directly.
userid = legendUserForAuth.ID;
}
//It's either an new SHA1 Hash or its just not a valid username.
else
{
//Checks to see if UserName Exists
var newUserForAuth = db.Users.Where(s => s.UserName == model.UserName).FirstOrDefault();
if (newUserForAuth != null)
{
//UserName exists
if (Hash(model.Password) == newUserForAuth.Password)
{
//Passwords match
userid = newUserForAuth.ID;
}
else
{
HttpCookie cookie = new HttpCookie("Cookie1", "");
cookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie);
//Passwords don't match TODO: Change to "Invalid Login Attempt"
ModelState.AddModelError("", "Invalid Password Attempt.");
return(View(model));
}
}
else
{
HttpCookie cookie = new HttpCookie("Cookie1", "");
cookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie);
//UserName Straight up doesn't exist. TODO: Change to "Invalid Login Attempt"
ModelState.AddModelError("", "Invalid User Name.");
return(View(model));
}
}
#endregion
#region AuthenticateUser
User user = await db.Users.FindAsync(userid);
//User mustchange password, ie it equals Chang3m3
if (user.MustChange == true)
{
return(RedirectToAction("ChangePassword", "Account", new { area = "Identity" }));
}
var licenseclaim = db.Licenses.Where(s => s.UserID == userid).FirstOrDefault();
var ClientID = licenseclaim.ClientID;
var client = db.Clients.Where(s => s.ID == ClientID).FirstOrDefault();
long clientNumber = client.ClientNumber.Value;
string clientName = client.Name;
var userRightsId = licenseclaim.RightsID;
var userRight = db.Rights.Where(s => s.ID == userRightsId).FirstOrDefault();
string userRightName = userRight.Right1;
if (getAuthorizedClientList().Contains(clientNumber))
{
CustomSerializeModel userModel = new Models.CustomSerializeModel()
{
UserId = user.ID,
UserLicenseRight = clientNumber,
RoleName = userRightName,
UserName = user.UserName
};
string userData = JsonConvert.SerializeObject(userModel);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket
(
1, model.UserName, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData
);
string enTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie("Cookie1", enTicket);
Response.Cookies.Add(faCookie);
Debug.WriteLine(clientName);
var relativePath = "../../Areas/" + clientName + "/Views/Home/Index.cshtml";
var absolutePath = HttpContext.Server.MapPath(relativePath);
if (System.IO.File.Exists(absolutePath))
{
return(RedirectToAction("Index", "Home", new { area = clientName }));
}
else
{
LogOut();
ModelState.AddModelError("", "Something went wrong. Please contact customer support.");
return(View(model));
}
}
else
{
ModelState.AddModelError("", "Invalid.");
return(View(model));
}
#endregion
}
public async Task <ActionResult> ChangePassword(ChangePasswordViewModel model)
{
//Check to make sure form is valid.
if (!ModelState.IsValid)
{
return(View(model));
}
#region GetUserId
// This entire section is meant to get the UserID. This is done either with the legend or new SHA1 hashing.
//This is for deprecated SHA1 Hash done on SQL Server
//Need to get the userID in order to get the User object. There are two ways. The Deprecated way
//uses the Login_SP_Result stored procedure to send SQL Server model.password, SHA1Hash it there
//and then compare it to what the data base has. UserForAuth, stores the SHA1Hash directly on the DB.
//So C# handles model.password SHA1Hashing and then compares it to whats on the DB.
int userid = 0;
//Check to see if it's an old password.
Login_SP_Result legendUserForAuth = context.Login_SP(model.UserName, model.CurrentPassword).FirstOrDefault();
if (legendUserForAuth != null)
{
//LegendUser exits and the ID can be queried directly.
userid = legendUserForAuth.ID;
}
//It's either an new SHA1 Hash or its just not a valid username.
else
{
//Checks to see if UserName Exists
var newUserForAuth = db.Users.Where(s => s.UserName == model.UserName).FirstOrDefault();
if (newUserForAuth != null)
{
//UserName exists
if (Hash(model.CurrentPassword) == newUserForAuth.Password)
{
//Passwords match
userid = newUserForAuth.ID;
}
else
{
//Clears out the cookies
HttpCookie cookie = new HttpCookie("Cookie1", "");
cookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie);
//Passwords don't match TODO: Change to "Invalid Login Attempt"
ModelState.AddModelError("", "Invalid Password Attempt.");
return(View(model));
}
}
else
{
//Clears out the cookies
HttpCookie cookie = new HttpCookie("Cookie1", "");
cookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie);
//UserName Straight up doesn't exist. TODO: Change to "Invalid Login Attempt"
ModelState.AddModelError("", "Invalid User Name.");
return(View(model));
}
}
#endregion
#region AuthenticateUser
User user = await db.Users.FindAsync(userid);
user.MustChange = false;
user.Password = Hash(model.NewPassword);
await db.SaveChangesAsync();
return(RedirectToAction("Index", "Home", new { area = "" }));
#endregion
}
