/// <summary>
///
/// </summary>
/// <param name="role"></param>
/// <param name="procedura"></param>
/// <returns></returns>
protected bool IsPageEditable(string role, string procedura)
{
bool fResult = false;
//test sul diritto di lavorare su questa procedura
if (!MySecurityProvider.CheckAccessRight(procedura))
{
System.Web.Security.FormsAuthentication.SignOut();
Session.Abandon();
//TODO:aggiungere il log
//Response.Redirect("~/Login.aspx", true);
Redirect("LoginPage", null);
}
else
{
fResult = !string.IsNullOrEmpty(role) && MySecurityProvider.CheckAccessRight(role);
}
return(fResult);
}
protected void CreateUser_Click(object sender, EventArgs e)
{
// Default UserStore constructor uses the default connection string named: DefaultConnection
var userStore = new UserStore();
var user = new IdentityUser()
{
UserName = UserName.Text
};
user.PasswordHash = MySecurityProvider.PlainToSHA256(Password.Text);
user.SecurityStamp = System.DateTime.Now.Ticks.ToString();
string result = userStore.CreateAsync(user).Result;
if (result == "OK")
{
StatusMessage.Text = string.Format("Utente {0} è stato correttamente creato!", user.UserName);
}
else
{
StatusMessage.Text = "Utente non creato";
}
}
public HttpResponseMessage UpdateOwnProfile(FormDataCollection formsValues)
{
UsersMailModel model = new UsersMailModel();
var userName = formsValues["UserName"];
var password = formsValues["Password"];
var cognome = formsValues["Cognome"];
var nome = formsValues["Nome"];
var domain = formsValues["Domain"];
var codicefiscale = formsValues["CodiceFiscale"];
var userStore = new UserStore();
string result = "OK";
try
{
var user = userStore.FindByNameAsync(userName).Result;
if (!(string.IsNullOrEmpty(password)))
{
user.PasswordHash = MySecurityProvider.PlainToSHA256(password);
user.SecurityStamp = System.DateTime.Now.Ticks.ToString();
result = userStore.UpdateAsync(user).Result;
}
if (result == "OK")
{
BackendUserService bus = new BackendUserService();
BackendUser userBackend = new BackendUser();
userBackend.Cognome = cognome.Trim().ToUpper();
userBackend.Nome = nome.Trim().ToUpper();
userBackend.UserName = userName.Trim().ToUpper();
userBackend.Domain = domain;
userBackend.CodiceFiscale = codicefiscale.Trim().ToUpper();
userBackend.UserId = long.Parse(user.Id);
bus.Update(userBackend);
model.success = "true";
}
else
{
model.success = "false";
model.message = "Utente non aggiornato";
return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model));
}
}
catch (Exception ex)
{
if (ex.GetType() != typeof(ManagedException))
{
ManagedException mEx = new ManagedException("Errore aggiornamento utente. Dettaglio: " + ex.Message +
"StackTrace: " + ((ex.StackTrace != null) ? ex.StackTrace.ToString() : " vuoto "),
"ERR322",
string.Empty,
string.Empty,
ex.InnerException);
ErrorLogInfo err = new ErrorLogInfo(mEx);
log.Error(err);
model.success = "false";
model.message = string.Format("Utente {0} non correttamente aggiornato", userName);
return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model));
}
model.success = "false";
model.message = ex.Message;
return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model));
}
return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model));
}
public HttpResponseMessage RegisterUser(FormDataCollection formsValues)
{
var userStore = new UserStore();
UsersModel model = new UsersModel();
var userName = formsValues["UserName"];
var password = formsValues["Password"];
var cognome = formsValues["Cognome"];
var nome = formsValues["Nome"];
var role = formsValues["Role"];
var codicefiscale = formsValues["CodiceFiscale"];
var user = new IdentityUser()
{
UserName = userName.ToUpper()
};
user.PasswordHash = MySecurityProvider.PlainToSHA256(password);
user.SecurityStamp = System.DateTime.Now.Ticks.ToString();
try
{
string result = userStore.CreateAsync(user).Result;
user.Id = userStore.FindByNameAsync(userName.ToUpper()).Result.Id;
if (result == "OK")
{
BackendUserService bus = new BackendUserService();
BackendUser userBackend = new BackendUser();
userBackend.Cognome = cognome.Trim().ToUpper();
userBackend.Nome = nome.Trim().ToUpper();
userBackend.UserName = userName.Trim().ToUpper();
userBackend.CodiceFiscale = codicefiscale.Trim().ToUpper();
userBackend.Domain = role.ToUpper();
userBackend.UserId = long.Parse(user.Id);
bus.Save(userBackend);
model.success = "true";
}
else
{
model.success = "false";
model.message = "Utente non creato";
}
var resultRole = (userStore.AddToRoleAsync(user, int.Parse(role.ToUpper()))).Result;
if (resultRole != 1)
{
model.success = "false";
model.message = string.Format("Utente {0} non aggiunto a ruolo {1} è stato correttamente creato!", user.UserName, role);
}
}
catch (Exception ex)
{
if (ex.GetType() != typeof(ManagedException))
{
ManagedException mEx = new ManagedException("Errore creazione utente. Dettaglio: " + ex.Message +
"StackTrace: " + ((ex.StackTrace != null) ? ex.StackTrace.ToString() : " vuoto "),
"ERR317",
string.Empty,
string.Empty,
ex.InnerException);
ErrorLogInfo err = new ErrorLogInfo(mEx);
log.Error(err);
model.success = "false";
model.message = string.Format("Utente {0} non correttamente creato", user.UserName);
}
else
{
model.success = "false";
model.message = "Utene non creato";
}
return(this.Request.CreateResponse <UsersModel>(HttpStatusCode.OK, model));
}
return(this.Request.CreateResponse <UsersModel>(HttpStatusCode.OK, model));
}
public HttpResponseMessage DoLogin(string username, string password)
{
LoginModel loginModel = new LoginModel();
try
{
string user = username.Trim().ToUpper();
string pw = password.Trim();
MyPrincipal upro = null;
bool found = false;
MyIdentity identity = null;
if ((HttpContext.Current.Cache[user] != null))
{
upro = (MyPrincipal)HttpContext.Current.Cache.Get(user);
identity = (MyIdentity)upro.Identity;
HttpContext.Current.User = upro;
found = true;
}
if (!found)
{
try
{
upro = MySecurityProvider.BuildNewIdentity(user, "", pw, "Form").Result;
}
catch (System.Exception ex)
{
ErrorLogInfo error = new ErrorLogInfo();
error.freeTextDetails = ex.Message;
error.logCode = "ERR111";
error.loggingAppCode = "SCA";
error.loggingTime = System.DateTime.Now;
error.uniqueLogID = System.DateTime.Now.Ticks.ToString();
_log.Error(error);
loginModel.Error = ex.Message;
loginModel.success = "false";
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.InternalServerError, loginModel));
}
}
//se l'utente ha fornito username e password corretta
if (upro != null && (((MyIdentity)upro.Identity).checkIdentity(user, pw)))
{
//se l'utente non era in cache carico il profilo utente
if (!found)
{
//upro = MySecurityProvider.BuildPrincipal(identity, "0");
HttpContext.Current.Cache.Add(user, upro, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(CACHEEXPIRATION), System.Web.Caching.CacheItemPriority.AboveNormal, null);
}
//a questo punto ho riunito le due strade
//controllo se l'utente è già loggato
//if (upro.isLoggedIn) errorlabel.Text = "Accesso impossibile.<br /><br /><b>ATTENZIONE: Account già in uso!!</b>";
if (false)
{
}
else
{
MailLogInfo logInfo = new MailLogInfo();
logInfo.logCode = "LON";
logInfo.loggingAppCode = "MAIL";
logInfo.loggingTime = System.DateTime.Now;
logInfo.uniqueLogID = System.DateTime.Now.Ticks.ToString();
logInfo.userID = user;
logInfo.freeTextDetails = string.Empty;
_log.Info(logInfo);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(user, false, 15);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
HttpContext.Current.Response.Cookies.Add(cookie);
//Response.Cookies.Add(cookie);
// upro.isLoggedIn = true;
HttpContext.Current.User = upro;
HttpContext.Current.Cache.Insert(user, upro, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(CACHEEXPIRATION), System.Web.Caching.CacheItemPriority.AboveNormal, null);
loginModel.success = "true";
loginModel.ResponseUrl = "pages/Common/Default.aspx";
}
}
// hanno provato ad inserie uno username giusto ma una password sbagliata(grave)
else
{
loginModel.success = "false";
loginModel.Error = "Attenzione! Credenziali di accesso errate";
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.BadRequest, loginModel));
}
}
catch (System.Exception e0)
{
loginModel.Error = e0.Message;
loginModel.success = "false";
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.InternalServerError, loginModel));
}
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.OK, loginModel));
}
