public async Task <ActionResult> Login(LoginViewModel model, string returnUrl) { //Check to make sure form is valid. if (!ModelState.IsValid) { return(View(model)); } #region GetUserId // This entire section is meant to get the UserID. This is done either with the legend or new SHA1 hashing. //This is for deprecated SHA1 Hash done on SQL Server //Need to get the userID in order to get the User object. There are two ways. The Deprecated way //uses the Login_SP_Result stored procedure to send SQL Server model.password, SHA1Hash it there //and then compare it to what the data base has. UserForAuth, stores the SHA1Hash directly on the DB. //So C# handles model.password SHA1Hashing and then compares it to whats on the DB. int userid = 0; //Check to see if it's an old password. Login_SP_Result legendUserForAuth = context.Login_SP(model.UserName, model.Password).FirstOrDefault(); if (legendUserForAuth != null) { //LegendUser exits and the ID can be queried directly. userid = legendUserForAuth.ID; } //It's either an new SHA1 Hash or its just not a valid username. else { //Checks to see if UserName Exists var newUserForAuth = db.Users.Where(s => s.UserName == model.UserName).FirstOrDefault(); if (newUserForAuth != null) { //UserName exists if (Hash(model.Password) == newUserForAuth.Password) { //Passwords match userid = newUserForAuth.ID; } else { HttpCookie cookie = new HttpCookie("Cookie1", ""); cookie.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie); //Passwords don't match TODO: Change to "Invalid Login Attempt" ModelState.AddModelError("", "Invalid Password Attempt."); return(View(model)); } } else { HttpCookie cookie = new HttpCookie("Cookie1", ""); cookie.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie); //UserName Straight up doesn't exist. TODO: Change to "Invalid Login Attempt" ModelState.AddModelError("", "Invalid User Name."); return(View(model)); } } #endregion #region AuthenticateUser User user = await db.Users.FindAsync(userid); //User mustchange password, ie it equals Chang3m3 if (user.MustChange == true) { return(RedirectToAction("ChangePassword", "Account", new { area = "Identity" })); } var licenseclaim = db.Licenses.Where(s => s.UserID == userid).FirstOrDefault(); var ClientID = licenseclaim.ClientID; var client = db.Clients.Where(s => s.ID == ClientID).FirstOrDefault(); long clientNumber = client.ClientNumber.Value; string clientName = client.Name; var userRightsId = licenseclaim.RightsID; var userRight = db.Rights.Where(s => s.ID == userRightsId).FirstOrDefault(); string userRightName = userRight.Right1; if (getAuthorizedClientList().Contains(clientNumber)) { CustomSerializeModel userModel = new Models.CustomSerializeModel() { UserId = user.ID, UserLicenseRight = clientNumber, RoleName = userRightName, UserName = user.UserName }; string userData = JsonConvert.SerializeObject(userModel); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket ( 1, model.UserName, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData ); string enTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie faCookie = new HttpCookie("Cookie1", enTicket); Response.Cookies.Add(faCookie); Debug.WriteLine(clientName); var relativePath = "../../Areas/" + clientName + "/Views/Home/Index.cshtml"; var absolutePath = HttpContext.Server.MapPath(relativePath); if (System.IO.File.Exists(absolutePath)) { return(RedirectToAction("Index", "Home", new { area = clientName })); } else { LogOut(); ModelState.AddModelError("", "Something went wrong. Please contact customer support."); return(View(model)); } } else { ModelState.AddModelError("", "Invalid."); return(View(model)); } #endregion }
public async Task <ActionResult> ChangePassword(ChangePasswordViewModel model) { //Check to make sure form is valid. if (!ModelState.IsValid) { return(View(model)); } #region GetUserId // This entire section is meant to get the UserID. This is done either with the legend or new SHA1 hashing. //This is for deprecated SHA1 Hash done on SQL Server //Need to get the userID in order to get the User object. There are two ways. The Deprecated way //uses the Login_SP_Result stored procedure to send SQL Server model.password, SHA1Hash it there //and then compare it to what the data base has. UserForAuth, stores the SHA1Hash directly on the DB. //So C# handles model.password SHA1Hashing and then compares it to whats on the DB. int userid = 0; //Check to see if it's an old password. Login_SP_Result legendUserForAuth = context.Login_SP(model.UserName, model.CurrentPassword).FirstOrDefault(); if (legendUserForAuth != null) { //LegendUser exits and the ID can be queried directly. userid = legendUserForAuth.ID; } //It's either an new SHA1 Hash or its just not a valid username. else { //Checks to see if UserName Exists var newUserForAuth = db.Users.Where(s => s.UserName == model.UserName).FirstOrDefault(); if (newUserForAuth != null) { //UserName exists if (Hash(model.CurrentPassword) == newUserForAuth.Password) { //Passwords match userid = newUserForAuth.ID; } else { //Clears out the cookies HttpCookie cookie = new HttpCookie("Cookie1", ""); cookie.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie); //Passwords don't match TODO: Change to "Invalid Login Attempt" ModelState.AddModelError("", "Invalid Password Attempt."); return(View(model)); } } else { //Clears out the cookies HttpCookie cookie = new HttpCookie("Cookie1", ""); cookie.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie); //UserName Straight up doesn't exist. TODO: Change to "Invalid Login Attempt" ModelState.AddModelError("", "Invalid User Name."); return(View(model)); } } #endregion #region AuthenticateUser User user = await db.Users.FindAsync(userid); user.MustChange = false; user.Password = Hash(model.NewPassword); await db.SaveChangesAsync(); return(RedirectToAction("Index", "Home", new { area = "" })); #endregion }