[AllowAnonymous] [HttpPost] public ActionResult Login(FormCollection formCollection) { if (IsSameBrowserLogIn()) { AddToastMessage("", $"Already logged in with {Sessions.Name.UserName}, to login with other user please logout from current user.", ToastType.Error); return View(); } var userName = formCollection["UserName"]; var password = formCollection["Password"]; var keepLogin = formCollection["keepLogin"]; bool keepLoginSession; keepLoginSession = keepLogin == "on"; if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password)) { AddToastMessage("", "Please enter valid username and password", ToastType.Error); return View(); } var appUserInfo = _accountService.GetAppUserInfoByUserID(userName); bool passwordMatch = BCrypt.Net.BCrypt.Verify(password, appUserInfo.password); if (appUserInfo != null && passwordMatch) { // Jwt Authentication code if (appUserInfo != null) { string encryptedPwd = password; var userPassword = appUserInfo.password; var username = appUserInfo.user_emp_code; if (encryptedPwd.Equals(userPassword) && username.Equals(userName)) { var role = appUserInfo.user_type_name; var jwtToken = Authentication.GenerateJWTAuthetication(userName, role); var validUserName = Authentication.ValidateToken(jwtToken); if (string.IsNullOrEmpty(validUserName)) { AddToastMessage("", "Unauthorized login attempt ", ToastType.Error); return View(); } } } if (appUserInfo != null && appUserInfo.is_active == true) { InitializeSession(appUserInfo, keepLoginSession); ResetFailedAttempts(appUserInfo); AddToastMessage("", "Login Successfully", ToastType.Success); return RedirectToAction("Index", "DashBoard"); } else if (appUserInfo != null && appUserInfo.is_active == false) { AddToastMessage("", "This user is currently inactive", ToastType.Warning); return View(); } else { var userInfo = _accountService.GetApplicationUserByEmpCode(userName); if (userInfo != null) { IncrementFailedAttempts(userInfo); if (userInfo.FailedAttempt >= 5) { LockUserAccount(userInfo); AddToastMessage("", "Your account has been locked due to too many failed login attempts. Please contact an administrator to reactivate your account.", ToastType.Error); return View(); } } AddToastMessage("", "Invalid User ID or Password", ToastType.Error); return View(); } } else { AddToastMessage("", "Invalid User ID or Password", ToastType.Error); return View(); } } private void InitializeSession(ApplicationUser appUserInfo, bool keepLoginSession) { var httpSession = Session; if (Sessions.Name == null) { Sessions.Name = new SessionInfo(); } Sessions.Name.UserId = appUserInfo.user_emp_code; Sessions.Name.UserName = appUserInfo.user_emp_name; Sessions.Name.UserTypeId = appUserInfo.user_type_id; Sessions.Name.SessionStart = DateTime.Now; Sessions.Name.KeepLogin = keepLoginSession; Sessions.Name.SessionKey = httpSession.SessionID; } private void ResetFailedAttempts(ApplicationUser appUserInfo) { appUserInfo.FailedAttempt = 0; _accountService.UpdateAppUser(appUserInfo); _accountService.SaveAppUser(); } private void IncrementFailedAttempts(ApplicationUser userInfo) { userInfo.FailedAttempt++; _accountService.UpdateAppUser(userInfo); } private void LockUserAccount(ApplicationUser userInfo) { userInfo.is_active = false; _accountService.UpdateAppUser(userInfo); _accountService.SaveAppUser(); } private bool IsSameBrowserLogIn() { var data = Session; if (Session != null && Sessions.Name != null && data.SessionID == Sessions.Name.SessionKey) { return true; } else { return false; } }