protected void Page_Load(object sender, EventArgs e) { if (!Request.Url.AbsoluteUri.Contains("localhost") && !Request.IsSecureConnection) { string absoluteUri = Request.Url.AbsoluteUri; Response.Redirect(absoluteUri.Replace("http://", "https://")); } if (Request.QueryString["action"] == "logout") { AuthAdmin authAdmin = new AuthAdmin(db); authAdmin.Logout(); } if (!Page.IsPostBack) { if (!String.IsNullOrEmpty(Request.QueryString["verify"])) { CRM.Code.Models.Admin admin = db.Admins.FirstOrDefault(a => a.ResetLink.Contains(Request.RawUrl) && a.ResetLink != String.Empty); if (admin != null) { if (((DateTime)admin.LastReset).AddMinutes(5) < UKTime.Now) { mvLogin.SetActiveView(viewLogin); } mvLogin.SetActiveView(viewReset); } } lnkForgotten.Visible = true; } }
protected void btnReset_Click(object sender, EventArgs e) { CRM.Code.Models.Admin admin = db.Admins.First(a => a.ResetLink.Contains(Request.RawUrl)); admin.Password = AuthAdmin.GetHashedString(txtNewPassword.Text); db.SubmitChanges(); mvLogin.SetActiveView(viewDone); }
protected void Page_PreInit(object sender, EventArgs e) { AuthAdmin authAdmin = new AuthAdmin(db); AdminUser = authAdmin.Authorise(); if (AdminUser == null) { Session.Remove("IsAuthorized"); Response.Redirect("/admin/login.aspx?redirect=" + Request.RawUrl); } else { string currentURL = GetCurrentURL(); if (currentURL.StartsWith("\\admin")) { int adminLength = "\\admin".Length; currentURL = currentURL.Substring(adminLength, currentURL.Length - adminLength); } AdminPermission = AdminUser.CRM_SystemAccessAdmins.SingleOrDefault(s => s.CRM_SystemAccess != null && s.CRM_SystemAccess.Path.ToLower() == currentURL.ToLower()); bool CanView = true; if (!Request.RawUrl.StartsWith("/admin/default.aspx")) { if (AdminPermission == null || !AdminPermission.IsRead) { CanView = false; AdminPermission = AdminUser.CRM_SystemAccessAdmins.SingleOrDefault(s => s.CRM_SystemAccess == null && ((string)s.BespokeURL).ToLower() == Request.RawUrl); if (AdminPermission == null || !AdminPermission.IsRead) { CanView = false; } else if (AdminPermission != null) { CanView = true; } } } if (!CanView) { NoticeManager.SetMessage("You do not have permission to view this page, please contact a Master Admin", "/admin"); } IsAuthorised = true; Session["IsAuthorized"] = true; } }
public void Initialize() { db = new MainDataContext(); if (HttpContext.Current.CurrentHandler is AdminPage) { AdminPage adminPage = (AdminPage)HttpContext.Current.CurrentHandler; CurrentAdmin = adminPage.AdminUser; } else { AuthAdmin AuthAdmin = new AuthAdmin(db); CurrentAdmin = AuthAdmin.Authorise(); } }
private void reorderHeader(ImageButton button, bool increase) { int admin = 1; if (ViewID == -1) { admin = new AuthAdmin(db).Authorise().ID; } var entities = DQManager.GetDataTable()._DataTableColumns.Where(d => d.AdminID == admin); _DataTableColumn record = DQManager.GetDataTable()._DataTableColumns.SingleOrDefault(a => a.ID == Int32.Parse(button.CommandArgument)); Ordering.ChangeOrder(entities, record, increase); DQManager.db.SubmitChanges(); LoadView(); }
protected void btnLogin_Click(object sender, EventArgs e) { AuthAdmin authAdmin = new AuthAdmin(db); if (authAdmin.Login(txtUsername.Text, txtPassword.Text)) { if (Request.QueryString["redirect"] != null) { Response.Redirect(Request.QueryString["redirect"]); } Response.Redirect("default.aspx"); } else { lblMessage.Text = "Invalid Username or Password. Please try again."; lblMessage.Visible = true; } }
/// <summary> /// Evaluates admin authorization privileges to provide to AuthZFactory /// </summary> /// <param name="auth">Enumeration of admin authorization privileges.</param> /// <returns></returns> public bool[] GetAdminAuthZ(AuthAdmin auth) { switch (auth) { case AuthAdmin.admin: return(new bool[2] { false, true }); case AuthAdmin.sysadmin: return(new bool[2] { true, true }); default: return(new bool[2] { false, false }); } }
public List <_DataTableColumn> GetSchema() { if (GetDataTable() == null) { _DataTable datatable = new _DataTable(); datatable.TableReference = Type.Name; datatable.FriendlyName = Type.Name; datatable.IsAllowCustom = false; db._DataTables.InsertOnSubmit(datatable); db.SubmitChanges(); } int viewID = ViewID; if (viewID == -1) { AuthAdmin auth = new AuthAdmin(db); viewID = auth.Authorise().ID; } List <_DataTableColumn> dtc = (from p in GetDataTable()._DataTableColumns where p.AdminID == viewID orderby p.OrderNo select p).ToList(); if (IncludeDataReference) { var fields = GetAllFields(); _DataTableColumn tempDTC = new _DataTableColumn(); tempDTC.AdminID = 0; tempDTC._DataTableID = 0; tempDTC._DataFieldName = "Reference"; tempDTC._DataFieldFriendly = "Reference"; tempDTC.OrderNo = 999; dtc.Add(tempDTC); } return(dtc); }
public void ProcessRequest(HttpContext context) { byte route = Convert.ToByte(HttpContext.Current.Request.QueryString["route"]); string recordid = HttpContext.Current.Request.QueryString["recordid"]; string returnurl = HttpContext.Current.Request.QueryString["returnURL"]; string message = "Done"; using (MainDataContext db = new MainDataContext()) { AuthAdmin auth = new AuthAdmin(db); if (auth.Authorise() == null) { context.Response.Write("Admin Auth Error"); context.Response.End(); } db.Dispose(); } DateTime timekey = DateTime.Parse(HttpUtility.UrlDecode(HttpContext.Current.Request.QueryString["timekey"])); if (UKTime.Now > timekey.AddMinutes(62)) { NoticeManager.SetMessage("This action has expired for security reasons - did you use your browser back button?", HttpUtility.UrlDecode(returnurl)); } else { bool disableNoticeManager = false; using (MainDataContext db = new MainDataContext()) { switch (route) { case (byte)ActionLink.Route.RemoveAdminFromCalendarItem: { CRM_CalendarAdmin calendarAdmin = db.CRM_CalendarAdmins.Single(c => c.ID.ToString() == recordid); message = calendarAdmin.AdminName + " removed from " + calendarAdmin.CRM_Calendar.DisplayName; db.CRM_CalendarAdmins.DeleteOnSubmit(calendarAdmin); db.SubmitChanges(); } break; case (byte)ActionLink.Route.RemoveFamilyPerson: { CRM_FamilyPerson familyPerson = db.CRM_FamilyPersons.Single(f => f.ID.ToString() == recordid); message = familyPerson.CRM_Person.Fullname + " removed from the " + familyPerson.CRM_Family.Name + " family"; db.CRM_FamilyPersons.DeleteOnSubmit(familyPerson); db.SubmitChanges(); } break; case (byte)ActionLink.Route.ArchiveTaskParticipant: { CRM_TaskParticipant participant = db.CRM_TaskParticipants.Single(t => t.ID.ToString() == recordid); participant.IsArchived = true; db.SubmitChanges(); message = participant.Name + " archived."; } break; case (byte)ActionLink.Route.ReinstateTaskParticipant: { CRM_TaskParticipant participant = db.CRM_TaskParticipants.Single(t => t.ID.ToString() == recordid); participant.IsArchived = false; db.SubmitChanges(); message = participant.Name + " reinstated."; } break; case (byte)ActionLink.Route.ArchivePassPerson: { CRM_AnnualPassPerson person = db.CRM_AnnualPassPersons.Single(t => t.ID.ToString() == recordid); person.IsArchived = true; db.SubmitChanges(); message = person.DisplayName + " archived."; } break; case (byte)ActionLink.Route.ReinstatePassPerson: { CRM_AnnualPassPerson person = db.CRM_AnnualPassPersons.Single(t => t.ID.ToString() == recordid); person.IsArchived = false; db.SubmitChanges(); message = person.DisplayName + " reinstanted."; } break; case (byte)ActionLink.Route.ToggleReadStatus: { NoteManager manager = new NoteManager(); bool IsRead = manager.IsRead(Convert.ToInt32(recordid)); disableNoticeManager = true; if (IsRead) { MarkAsUnread(recordid); message = "Marked as unread."; } else { MarkAsRead(recordid); message = "Marked as read."; } } break; case (byte)ActionLink.Route.MarkNoteAsRead: { MarkAsRead(recordid); db.SubmitChanges(); message = "Marked as read."; } break; case (byte)ActionLink.Route.MarkNoteAsUnread: { MarkAsUnread(recordid); db.SubmitChanges(); message = "Marked as unread."; } break; case (byte)ActionLink.Route.DeleteOrganisationSchool: { CRM_OrganisationSchool orgSchool = db.CRM_OrganisationSchools.FirstOrDefault(s => s.ID.ToString() == recordid); if (orgSchool != null) { db.CRM_OrganisationSchools.DeleteOnSubmit(orgSchool); db.SubmitChanges(); message = "Link removed"; } } break; case (byte)ActionLink.Route.ToggleInviteIsAttended: { CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid); if (invite != null) { invite.IsAttended = !invite.IsAttended; db.SubmitChanges(); message = "Invite Attendance Toggled"; } } break; case (byte)ActionLink.Route.ToggleInviteIsBooked: { CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid); if (invite != null) { invite.IsBooked = !invite.IsBooked; db.SubmitChanges(); message = "Invite Booked Toggled"; } } break; case (byte)ActionLink.Route.ToggleInviteIsCancelled: { CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid); if (invite != null) { invite.IsCancelled = !invite.IsCancelled; db.SubmitChanges(); message = "Invite Cancellation Toggled"; } } break; case (byte)ActionLink.Route.ToggleInviteIsInvited: { CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid); if (invite != null) { invite.IsInvited = !invite.IsInvited; db.SubmitChanges(); message = "Invite Toggled"; } } break; case (byte)ActionLink.Route.DeleteInvite: { CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid); if (invite != null) { db.CRM_CalendarInvites.DeleteOnSubmit(invite); db.SubmitChanges(); message = "Invite Removed"; } } break; case (byte)ActionLink.Route.ToggleGiftAidRecord: { CRM_FundraisingGiftProfileLog log = db.CRM_FundraisingGiftProfileLogs.FirstOrDefault(f => f.ID.ToString() == recordid); if (log != null) { if (!log.IsConfirmed) { log.TimestampConfirmed = UKTime.Now; log.IsConfirmed = true; } else { log.TimestampConfirmed = null; log.IsConfirmed = false; } db.SubmitChanges(); message = "Gift aid record toggled"; } } break; case (byte)ActionLink.Route.DeleteGiftAidRecord: { CRM_FundraisingGiftProfileLog log = db.CRM_FundraisingGiftProfileLogs.FirstOrDefault(f => f.ID.ToString() == recordid); if (log != null) { db.CRM_FundraisingGiftProfileLogs.DeleteOnSubmit(log); db.SubmitChanges(); message = "Gift aid record deleted"; } } break; } db.Dispose(); if (!disableNoticeManager) { NoticeManager.SetMessage(message, HttpUtility.UrlDecode(returnurl)); } else { HttpContext.Current.Response.Redirect(returnurl); } } } }
public ActionResult Login(string username, string password, string returnUrl) { using (PeContext db = new PeContext()) { var admin = db.ADMIN.Where(x => x.USER_NAME == username.Trim()).FirstOrDefault(); var a2 = db.ROLE_FUNCTION_RELATION.ToList(); var a3 = db.ROLE_FUNCTIONS.ToList(); var a4 = db.ADMIN_ROLE_RELATION.ToList(); var a = db.ADMIN.ToList(); if (admin == null) { ModelState.AddModelError("Username", "用户不存在"); ViewBag.ReturnUrl = returnUrl; return(View("Index")); } if (password.Trim() != admin.PASSWORD) { ModelState.AddModelError("Password", "密码错误"); ViewBag.ReturnUrl = returnUrl; return(View("Index")); } AuthAdmin authAdmin = new AuthAdmin() { AdminId = admin.UUID, UserName = admin.USER_NAME, RealName = admin.REAL_NAME, Mobile = admin.PHONE, }; //var a = db.ADMIN.ToList(); //var a1 = db.ADMIN_ROLE_RELATION.ToList(); //角色权限,用户与角色有对应关系 if (admin.ADMIN_ROLE_RELATION.Count > 0) { authAdmin.FirstRoleName = admin.ADMIN_ROLE_RELATION.FirstOrDefault().ROLE.NAME; } authAdmin.FunctionsId = new List <int>(); foreach (var adminRole in admin.ADMIN_ROLE_RELATION) {//查询出所有 var funs = adminRole.ROLE.ROLE_FUNCTION_RELATION.Select(x => x.FUNCTION_ID.Value).ToList(); authAdmin.FunctionsId = authAdmin.FunctionsId.Union(funs).ToList(); } //对应方法名就是权限 string json = JsonConvert.SerializeObject(authAdmin); FormsAuthentication.SetAuthCookie(json, false); } //白名单 if (!string.IsNullOrWhiteSpace(returnUrl)) { return(Redirect(returnUrl)); } else { return(Redirect(FormsAuthentication.DefaultUrl)); } }
/// <summary> /// Creates an AuthZAttribute object depending on authorization parameters. /// </summary> /// <param name="displayName">Display name of a user. Cannot be null for non anon AuthZ</param> /// <param name="householdID">HouseholdID of a user. Value is 0 for anon and user AuthZ</param> /// <param name="role">Enumeration of user authorization privileges</param> /// <param name="admin">Enumeration of admin authorization privileges</param> /// <returns></returns> public AuthZAttribute CreateAuthZ(string displayName, int householdID, AuthRole role, AuthAdmin admin) { try { bool[] adminAuthZ = GetAdminAuthZ(admin); switch (role) { case AuthRole.user: if ((displayName == null)) { throw new ArgumentException("User display name is invalid"); } return(_authZFactory.CreateUserAuthZ(displayName, adminAuthZ)); case AuthRole.host: if ((displayName == null) || (householdID == 0)) { throw new ArgumentException("Host display name or householdID is invalid"); } return(_authZFactory.CreateHostAuthZ(displayName, householdID, adminAuthZ)); case AuthRole.cohost: if ((displayName == null) || (householdID == 0)) { throw new ArgumentException("CoHost display name or householdID is invalid"); } return(_authZFactory.CreateCoHostAuthZ(displayName, householdID, adminAuthZ)); case AuthRole.tenant: if ((displayName == null) || (householdID == 0)) { throw new ArgumentException("Host display name or householdID is invalid"); } return(_authZFactory.CreateTenantAuthZ(displayName, householdID, adminAuthZ)); default: return(_authZFactory.CreateAnonAuthZ()); } } catch (ArgumentException) { return(_authZFactory.CreateAnonAuthZ()); } }