using System; using System.Linq; using System.Web.Mvc; using System.Web.Security; using ApacKernel; using ApacKernel.Authentication; using ApacKernel.Extensions; using ApacKernel.Web; using ApacKernel.Web.MVC; using ApacSale.Web.MVC; using Now.Entities; using Now.Web.Services; namespace Now.Web.Controllers { [Compress] [ServerStamp] [HttpsRequired] [RoutePrefix("auth")] public class AuthenticationController : BaseController { private readonly ILoginService _loginService; private readonly IPermissionProvider _permissionProvider; public AuthenticationController(ILoginService loginService, IPermissionProvider userPermissionService) { this._loginService = loginService; this._permissionProvider = userPermissionService; } // // GET: /Authentication?returnUrl=presorting [AllowAnonymous] [Route("~/login")] public ActionResult Index(string returnUrl) { // Log out if we hit the page directly. if (User.Identity.IsAuthenticated) { FormsAuthentication.SignOut(); return RedirectToAction("Index", "Authentication"); } // Store a return URL for postback. ViewBag.ReturnUrl = returnUrl; return View(); } [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] [Route("~/login")] public ActionResult FormLogin(FormCollection collection) { ActionResult result; try { var username = collection["txtUsername"]; var password = collection["txtPassword"]; var returnUrl = collection["returnUrl"]; var status = _loginService.Login(username, password); if (status.Success) { var now = DateTime.Now; FormsAuthentication.SetAuthCookie(username, true); var cookie = FormsAuthentication.GetAuthCookie(username, true); cookie.Expires = now.AddMonths(1); var ticket = FormsAuthentication.Decrypt(cookie.Value); var userId = status.UserID.ToString("D"); var userLoginData = new DashboardsUserLoginData { Fullname = status.FullName, Login = username, LoggedTime = now, ExpiredTime = cookie.Expires, UserID = userId, Permissions = ((DashboardsPermissionService)_permissionProvider).LoadPermissions(new Guid(userId)).Cast().ToArray() }; var userLoginJson = userLoginData.SerializeToJson(); if (ticket != null) { var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userLoginJson, ticket.CookiePath); var encTicket = FormsAuthentication.Encrypt(newTicket); cookie.Value = encTicket; System.Web.HttpContext.Current.Response.Cookies.Add(cookie); } result = Url.IsLocalUrl(returnUrl) ? Redirect(returnUrl) : RedirectToActionWithProtocol(MvcHelper.LandingPage, MvcHelper.LandingController, "http" + (ApacConfig.AppSettings.UseHttps() ? "s":"")); } else { var msg = status.Message; ViewBag.Error = msg.Contains("Only staff login allowed") ? "Only staff login allowed" : msg.Contains("Invalid username or password") ? "Invalid username or password" : "Login failed"; result = View("Index"); } } catch (Exception) { ViewBag.Error = "Exception occured"; result = View("Index"); } return result; } // Get: /Authentication/LogOff [Route("~/logout")] public ActionResult LogOff() { if (User.Identity.IsAuthenticated) FormsAuthentication.SignOut(); return RedirectToAction("Index", "Authentication"); } private ActionResult RedirectToActionWithProtocol(string action, string controller, string protocol) { var u = new UrlHelper(this.ControllerContext.RequestContext); return Redirect(u.Action(action, controller, null, protocol)); } } }