Update authorization

anhnmt · Aug 26, 2021 · b137a22 · b137a22
1 parent 56dbad8
commit b137a22
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 4 deletions.
diff --git a/Backend/Areas/Admin/Data/BaseController.cs b/Backend/Areas/Admin/Data/BaseController.cs
@@ -65,6 +65,16 @@ protected override void OnAuthorization(AuthorizationContext filterContext)
                 };
             }
 
+            if (obj != null && (obj.RoleId == 2 || obj.RoleId == 1) && (string)currentArea == "" && currentController == "Transactions" && !Request.IsAjaxRequest())
+            {
+                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new RouteValueDictionary(new
+                {
+                    action = "Index",
+                    controller = "Home",
+                    area = "Admin"
+                }
+                )));
+            }
 
             string[] AllowedController = { "Logout" };
             if (obj != null && (obj.RoleId == 2 || obj.RoleId == 1) && (string)currentArea == "" && !AllowedController.Contains(currentAction) && currentController != "Transactions")

diff --git a/Backend/Controllers/HomeController.cs b/Backend/Controllers/HomeController.cs
@@ -281,7 +281,7 @@ public ActionResult CheckLogin(string email, string password)
             {
                 obj.AttemptLogin++;
                 accounts.Update(obj);
-                errors.Add("Password", "Your password is wrong!" + obj.AttemptLogin);
+                errors.Add("Password", "Your password is wrong!");
 
                 return Json(new
                 {

diff --git a/Backend/Web.config b/Backend/Web.config
@@ -63,8 +63,8 @@
 		</assemblyBinding>
 	</runtime>
 	<connectionStrings>
-		<add name="DBConnectionString" connectionString="server=.;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />
-		<!--<add name="DBConnectionString" connectionString="server=14.231.185.26;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />-->
+		<!--<add name="DBConnectionString" connectionString="server=.;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />-->
+		<add name="DBConnectionString" connectionString="server=14.231.185.26;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />
 	</connectionStrings>
 	<entityFramework>
 		<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />

diff --git a/OnlineBanking.DAL/Common/Utils.cs b/OnlineBanking.DAL/Common/Utils.cs
@@ -45,7 +45,15 @@ public static string HashPassword(string password)
 
         public static bool ValidatePassword(string password, string correctHash)
         {
-            return BCrypt.Net.BCrypt.Verify(password, correctHash);
+            try
+            {
+                return BCrypt.Net.BCrypt.Verify(password, correctHash);
+            }
+            catch (Exception)
+            {
+                return false;
+            }
+
         }
     }
 }