Beispiel #1
0
        /// <summary>
        /// Store the user's roles in a cookie to cut down on database calls
        /// </summary>
        /// <param name="userid">The user id</param>
        /// <param name="roles">list of roles delimited by |</param>
        private void CreateRoleCookie(string userid, string roles)
        {
            HttpCookie rolecookie = new HttpCookie(RoleCookieName);

            rolecookie.Values["roles"]   = PortalUtility.Encrypt(userid, roles);
            rolecookie.Values["userid"]  = userid;
            rolecookie.Values["created"] = DateTime.Now.ToString();
            HttpContext.Current.Response.Cookies.Add(rolecookie);
        }
        public static string GetSiteSetting(string _settingcode)
        {
            string returnval = String.Empty;

            using (MySqlConnection conn = new MySqlConnection(PortalUtility.GetConnectionString("default")))
            {
                conn.Open();
                returnval = GetSiteSetting(_settingcode, conn);
                conn.Close();
            }
            return(returnval);
        }
        public static string SendEmail(string _subject, string _body, string _mailto, string _mailfrom, string _fromdisplayname)
        {
            string error    = String.Empty;
            string smtpuser = String.Empty;
            string smtppass = String.Empty;

            try
            {
                using (MySqlConnection conn = new MySqlConnection(PortalUtility.GetConnectionString("default")))
                {
                    conn.Open();

                    smtpuser = GetSiteSetting("ContactUsername", conn);
                    smtppass = GetSiteSetting("ContactPassword", conn);

                    if (String.IsNullOrEmpty(_mailfrom))
                    {
                        _mailfrom = GetSiteSetting("ContactFrom", conn);
                    }

                    if (String.IsNullOrEmpty(_mailto))
                    {
                        _mailto = GetSiteSetting("ContactTo", conn);
                    }

                    conn.Close();
                }
                MailMessage mailmsg = new MailMessage();
                mailmsg.To.Add(_mailto);

                mailmsg.Subject = _subject;
                mailmsg.Body    = _body;
                mailmsg.From    = new MailAddress(_mailfrom, _fromdisplayname);

                if (HttpContext.Current.Request.ServerVariables["SERVER_NAME"] == "localhost")
                {
                    return(String.Empty);
                    //mailmsg.To.Clear();
                    //mailmsg.To.Add("alternate email to");
                }

                SmtpClient client = new SmtpClient();
                client.Credentials = new System.Net.NetworkCredential(smtpuser, smtppass);
                client.Send(mailmsg);
            }
            catch (Exception ex)
            {
                error = ex.Message;
            }
            return(error);
        }
Beispiel #4
0
        /// <summary>
        /// Get the user's role from the database
        /// </summary>
        /// <param name="userid">User id to look up</param>
        /// <returns>string of roles delimited by |</returns>
        /// <remarks>This method is only called if the roles are not found in a cookie</remarks>
        private string GetUserRoles(string userid)
        {
            string rolelist = string.Empty;

            //build a delimited string of the roles
            using (MySqlConnection conn = new MySqlConnection(PortalUtility.GetConnectionString("default")))
            {
                conn.Open();
                MySqlCommand cmd = new MySqlCommand("Security_Select_UserRoles", conn);
                cmd.CommandType = System.Data.CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@pUsername", userid);
                using (MySqlDataReader dr = cmd.ExecuteReader())
                {
                    while (dr.Read())
                    {
                        rolelist += dr["RoleName"].ToString() + "|";
                    }
                }
                conn.Close();
            }
            rolelist = rolelist.TrimEnd('|');

            return(rolelist);
        }
Beispiel #5
0
        protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {
            // Extract the forms authentication cookie
            string     cookieName = FormsAuthentication.FormsCookieName;
            HttpCookie authCookie = Context.Request.Cookies[cookieName];

            if (null == authCookie)
            {
                // There is no authentication cookie.
                return;
            }

            //Extract and ecrypt authentication ticket
            FormsAuthenticationTicket authTicket = null;

            try
            {
                authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            }
            catch
            {
                // Log exception details (omitted for simplicity)
                return;
            }

            if (null == authTicket)
            {
                // Cookie failed to decrypt.
                return;
            }

            // Create an Identity object
            GenericIdentity id         = new GenericIdentity(authTicket.Name, "LdapAuthentication");
            string          rolestring = string.Empty;

            string[] roles;

            //Get the users roles
            if (RoleCookieIsValid(id.Name))
            {
                //get roles from the cookie
                HttpCookie rolecookie = HttpContext.Current.Request.Cookies[RoleCookieName];
                rolestring = PortalUtility.Decrypt(rolecookie.Values["userid"], rolecookie.Values["roles"]);
            }

            //Either the cookie doesn't exist, or the user has no roles so we check again
            //This is done so new users won't have to restart their browser windows (user has no roles, gets access, refreshes the page and now they have access)
            if (string.IsNullOrEmpty(rolestring))
            {
                rolestring = GetUserRoles(id.Name);
                CreateRoleCookie(id.Name, rolestring);
            }

            //Get the users security rights for the site
            roles = rolestring.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);

            //This principal will flow throughout the request.
            GenericPrincipal principal = new GenericPrincipal(id, roles);

            // Attach the new principal object to the current HttpContext object
            Context.User = principal;

            //For some reason User.IsInRole quit working, manually setting Claims with the security roles seems to fix it
            foreach (string role in roles)
            {
                ((ClaimsIdentity)User.Identity).AddClaim(new Claim(ClaimTypes.Role, role));
            }
        }