protected void UserGridView_SelectedIndexChanged(object sender, EventArgs e) { string[] RolesForUser = null; try { MembershipUser theUser; EmployeeRolePanel.Visible = true; RolesForUser = Roles.GetRolesForUser(UserGridView.SelectedValue.ToString()); FillCheckBoxesForRoles(RolesForUser); theUser = Membership.GetUser(UserGridView.SelectedValue.ToString()); UserLabel.Text = theUser.UserName.ToString(); UserEmailLabel.Text = theUser.Email.ToString(); if (theUser.UserName.Equals(HttpContext.Current.User.Identity.Name)) { foreach (ListItem item in UserRoleCheckBoxList.Items) { item.Enabled = false; } SaveRolesButton.Visible = false; ResetRolesButton.Visible = false; } else { SaveRolesButton.Visible = true; ResetRolesButton.Visible = (!LoginSecurity.IsUserAuthorizedPermission("RESET_USER_ACCOUNT")); } } catch (Exception exc) { log.Error("Function InRoleListBox_SelectedIndexChanged from AssingRolesByUser page", exc); SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageErrorGetRoles); } }
private void button1_Click(object sender, EventArgs e) { try { if (textBox1.Text.Trim() == "") { return; } if (LoginSecurity.checkPassword(textBox1.Text.Trim())) { //密码校验成功 Form1 mainForm = new Form1(); mainForm.setLoginVisableFalse(this); mainForm.Show(); } else { //密码校验失败 MessageBox.Show("密钥无效,或已经过时,请重新输入"); } } catch { //密码校验失败 MessageBox.Show("密钥无效输入错误,请重试"); } }
protected void Page_Load(object sender, EventArgs e) { string id = string.Format("Id: {0} Uri: {1}", Guid.NewGuid(), HttpContext.Current.Request.Url); using (Utils utility = new Utils()) { utility.MethodStart(id, System.Reflection.MethodBase.GetCurrentMethod()); } this._loginSecurity = new LoginSecurity(); try { this.UserLogin(); } catch (Exception ex) { Elmah.ErrorSignal.FromCurrentContext().Raise(ex); using (Utils utility = new Utils()) { utility.MethodEnd(id, System.Reflection.MethodBase.GetCurrentMethod()); } string str2 = "Error Request=" + id + ".Please share with Technical support."; base.Response.Redirect("Bill_Sys_ErrorPage.aspx?ErrMsg=" + str2); } //Method End using (Utils utility = new Utils()) { utility.MethodEnd(id, System.Reflection.MethodBase.GetCurrentMethod()); } }
public LoginSecurity GetLoginSecurityRecord(string recid, string UserID, string UserSNo) { LoginSecurity loginsecurity = new LoginSecurity(); try { DataSet ds = new DataSet(); SqlParameter[] Parameters = { new SqlParameter("@UserID", Convert.ToInt32(UserSNo)) }; string[] tableNames = null; SqlHelper.FillDataset(ReadConnectionString.WebConfigConnectionString, CommandType.StoredProcedure, "GetListSystemSettings", ds, tableNames, Parameters); if (ds.Tables[0].Rows.Count > 0) { loginsecurity.CountMaximumDayNoActivity = Convert.ToString(ds.Tables[0].Rows[0]["CountMaximumDayNoActivity"]); loginsecurity.NoOfBadAttemps = Convert.ToString(ds.Tables[0].Rows[0]["NoOfBadAttemps"]); loginsecurity.CountPasswoedExpiryDate = Convert.ToString(ds.Tables[0].Rows[0]["CountPasswoedExpiryDate"]); loginsecurity.ISCaptcha = Convert.ToString(ds.Tables[0].Rows[0]["ISCaptcha"]); loginsecurity.LogoURL = Convert.ToString(ds.Tables[0].Rows[0]["LogoURL"]); loginsecurity.FooterHTML = Convert.ToString(ds.Tables[0].Rows[0]["FooterHTML"]); } } catch (Exception ex)// (Exception ex) { } return(loginsecurity); }
private void btnLogin_Click(object sender, RoutedEventArgs e) { if (!(txtPW.Password.ToString().Equals(""))) { try { if (LoginSecurity.checkPassword(txtPW.Password.ToString(), 2) == true) { GestionCommandeCaissier gcmd = new GestionCommandeCaissier(); this.Visibility = Visibility.Hidden; gcmd.Show(); } else { MessageBox.Show("MDP ERRRONE"); j++; txtNotice.Text = "Il vous reste " + j + " /5 tentatives"; } } catch (Exception exc) { MessageBox.Show(exc.Message); } } if (txtPW.Password.ToString().Equals("")) { MessageBox.Show("mot de passe requis"); return; } if (j == 5) { DateTime now = DateTime.Now; try { //check password txtPW.IsEnabled = false; btnLogin.IsEnabled = false; txtNotice.Text = "CONNEXION BLOQUEE"; txtNotice.Foreground = Brushes.Red; if ((txtPW.IsEnabled == false) && (now == DateTime.Now.AddMinutes(3))) { txtPW.IsEnabled = true; btnLogin.IsEnabled = true; } //updating pw int i = UserDAO.editUserPWAutomatically(1); if (LoginSecurity.notifyAdminByEmail(2, "*****@*****.**", "Yassine Ben Hamida") == 1) { MessageBox.Show("Le mot de passe a été changé automatiquement veuillez consulter votre mail"); } } catch (Exception exe) { MessageBox.Show("ERR " + exe.Message); } return; } }
private void Form1_Load(object sender, EventArgs e) { if (LoginSecurity.checkBossComputer()) { //是管理员用的电脑 button1.Visible = true; } }
private void btnValider_Click(object sender, RoutedEventArgs e) { try { if (txtNPW.Password.ToString() == "" || txtConfi.Password.ToString() == "") { MessageBox.Show("les deux champs sont requis !"); return; } if (txtNPW.Password.ToString().Contains(" ") || txtConfi.Password.ToString().Contains(" ")) { MessageBox.Show("Pas d'espaces dans votre mot de passe !"); return; } if (txtNPW.Password.Length < 8 || txtConfi.Password.Length < 8) { MessageBox.Show("Le mdp doit etre au moins de 8 caractéres"); return; } if (txtNPW.Password.ToString() == txtConfi.Password.ToString()) { string finalpw = txtConfi.Password.ToString(); try { if (!(LoginSecurity.checkPassword(finalpw, idOfFetchedUser))) { if (UserDAO.editUserPWWrequested(idOfFetchedUser, finalpw) == 1) { MessageBox.Show("Le mot de passe a été changé avec succés"); this.Close(); } } } catch (Exception ex) { MessageBox.Show(ex.Message); } finally { Connexion.closeConnection(); } } else { MessageBox.Show("Les deux mot de passe ne sont pas identique !"); MessageBox.Show("Veuillez entre un nouveau mot de passe !"); } } catch (Exception n) { MessageBox.Show(n.Message); } }
private void button1_Click(object sender, EventArgs e) { try { if ("".Equals(comboBox1.Text) || null == comboBox1.Text) { return; } string macStr = macDict[comboBox1.Text]; string pwd = LoginSecurity.createPassword(macStr); textBox1.Text = pwd; } catch { } }
protected void OutRoleListBox_SelectedIndexChanged(object sender, EventArgs e) { try { InRoleListBox.ClearSelection(); if (VerifyIfIsOnlyOneUserSelected(OutRoleListBox)) { MembershipUser theUser; EmployeeRolePanel.Visible = true; gRolesForUser = Roles.GetRolesForUser(OutRoleListBox.SelectedValue); FillCheckBoxesForRoles(gRolesForUser); theUser = Membership.GetUser(OutRoleListBox.SelectedValue.ToString()); UserLabel.Text = theUser.UserName.ToString(); UserEmailLabel.Text = theUser.Email.ToString(); if (theUser.UserName.Equals(HttpContext.Current.User.Identity.Name)) { foreach (ListItem item in UserRoleCheckBoxList.Items) { item.Enabled = false; } SaveRolesButton.Visible = false; ResetRolesButton.Visible = false; AddInImageButton.Enabled = false; AddOutImageButton.Enabled = false; } else { SaveRolesButton.Visible = true; ResetRolesButton.Visible = (!LoginSecurity.IsUserAuthorizedPermission("RESET_USER_ACCOUNT")); AddInImageButton.Enabled = true; AddOutImageButton.Enabled = true; } } else { EmployeeRolePanel.Visible = false; } } catch (Exception q) { log.Error("Function OutRoleListBox_SelectedIndexChanged from AssigRole page", q); SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageErrorGetRoles); } }
static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); if (LoginSecurity.checkBossComputer()) { //是管理员用的电脑 Form1 f1 = new Form1(); Application.Run(f1); } else { Login login = new Login(); Application.Run(login); } }
private void ConstructMenu() { List <Artexacta.App.Menu.Menu> theMenu; List <Artexacta.App.Menu.Menu> theVisibleMenu; theMenu = Artexacta.App.Menu.MenuBLL.MenuBLL.ReadMenuFromXMLConfiguration(); List <string> theClases = new List <string>(); // We have to construct the set of "menu classes" for the user. These will determine what // menus the user has access to. if (!LoginSecurity.IsUserAuthenticated()) { Response.Redirect("~/Authentication/Login.aspx"); } theClases.Add("CHANGEPASS"); if (LoginSecurity.IsUserAuthorizedPermission("MANAGE_SECURITY")) { theClases.Add("SECURITY"); } if (LoginSecurity.IsUserAuthorizedPermission("ADMIN_CLASIFICADORES")) { theClases.Add("CLASIFICADORES"); } if (LoginSecurity.IsUserAuthorizedPermission("ADMIN_TESTS")) { theClases.Add("TESTS"); } if (LoginSecurity.IsUserAuthorizedPermission("MANAGE_CATEGORIES")) { theClases.Add("CATEGORY"); } theVisibleMenu = Artexacta.App.Menu.MenuBLL.MenuBLL.RecursiveConstructionOfVisibleMenus(theMenu, theClases); string visibleXML = Artexacta.App.Menu.MenuBLL.MenuBLL.GetMenuXML(theVisibleMenu, 0); sideMenu.Text = visibleXML; //MainRadMenu.LoadXml(visibleXML); }
private void btnValider_Click(object sender, RoutedEventArgs e) { try { // MessageBox.Show(LoginSecurity.checkSecurityQuestionConformity(id, cmbQues.Text.ToString(), txtRep.Text.ToString())+""); if (LoginSecurity.checkSecurityQuestionConformity(id, cmbQues.Text.ToString(), txtRep.Text.ToString()) == 1) { NewPassword NP = new NewPassword(id); this.Close(); NP.Show(); } else { MessageBox.Show("vérifier la reponse svp ! !!"); } } catch (Exception p) { MessageBox.Show(p.Message); } }
void Application_PostAuthenticateRequest(object sender, EventArgs e) { var ctx = HttpContext.Current; if (ctx.Request.IsAuthenticated) { var incomingIdentity = (ClaimsIdentity)ctx.User.Identity; int?id = new Users().GetUserByIdFromUserName(incomingIdentity.Name); if ((id ?? 0) > 0) { var sec = new LoginSecurity(); var authUser = new Users().GetUserById(id ?? 0); UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId); if (userSettings.UserSettings.Rows.Count > 0) { System.Text.StringBuilder userInfos = new System.Text.StringBuilder(); userInfos.Append(authUser.Users[0].UserName + ","); userInfos.Append(authUser.Users[0].UserId + ","); userInfos.Append(authUser.Users[0].FirstName + ","); userInfos.Append(authUser.Users[0].LastName + ","); userInfos.Append(authUser.Users[0].Email + ","); userInfos.Append(userSettings.UserSettings[0].IsAdmin + ","); userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess); userInfos.Append("|"); int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId); for (int i = 0; i < userRights.Length; i++) { userInfos.Append(userRights[i].ToString()); if (i + 1 < userRights.Length) { userInfos.Append(","); } } incomingIdentity.AddClaim(new Claim(Votations.NSurvey.Constants.Constants.MyCustomClaimType, userInfos.ToString())); } } } }
private void CreateUserButton_Click(object sender, System.EventArgs e) { if (ValidateFieldOptions()) { NSurveyUserData userData = new NSurveyUserData(); NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow(); if (_userProvider is INSurveyUserProvider) { //if (PasswordTextBox.Text.Length == 0) if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$")) { MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("PasswordRequiredMessage")); return; } newUser.UserName = UserNameTextBox.Text; var sec = new LoginSecurity(); newUser.PasswordSalt = sec.CreateSaltKey(5); newUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text, newUser.PasswordSalt); newUser.Email = EmailTextBox.Text; newUser.FirstName = FirstNameTextBox.Text; newUser.LastName = LastNameTextBox.Text; userData.Users.Rows.Add(newUser); ((INSurveyUserProvider)_userProvider).AddUser(userData); } if (userData.Users.Rows.Count > 0) { UserSettingData userSettings = new UserSettingData(); UserSettingData.UserSettingsRow newUserSettings = userSettings.UserSettings.NewUserSettingsRow(); newUserSettings.UserId = userData.Users[0].UserId; newUserSettings.IsAdmin = IsAdminCheckBox.Checked; newUserSettings.GlobalSurveyAccess = HasSurveyAccessCheckBox.Checked; userSettings.UserSettings.Rows.Add(newUserSettings); new User().AddUserSettings(userSettings); } UINavigator.NavigateToUserManager(((PageBase)Page).getSurveyId(), ((PageBase)Page).MenuIndex); } }
protected void Page_Load(object sender, EventArgs e) { if (IsPostBack) { return; } int userId = 0; if (LoginSecurity.IsUserAuthenticated()) { try { userId = UserBLL.GetUserIdByUsername(HttpContext.Current.User.Identity.Name); } catch (Exception) { } } UserIdHiddenLabel.Text = userId.ToString(); }
private void ImportUsersButton_Click(object sender, System.EventArgs e) { Regex re = new Regex(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" + @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" + @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"); string[] users = ImportUsersTextBox.Text.Split('\n'); int importCount = 0; var sec = new LoginSecurity(); for (int i = 0; i < users.Length; i++) { string[] user = users[i].Split(','); if (user.Length > 4 && user[0].Trim().Length > 0 && user[1].Trim().Length > 0) { // Check if user already exists in the db if (new Users().GetUserByIdFromUserName(user[0]) == -1) { NSurveyUserData userData = new NSurveyUserData(); NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow(); newUser.UserName = user[0].Trim(); string password = user[1].Trim(); newUser.PasswordSalt = sec.CreateSaltKey(5); newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt); newUser.Email = user[4].Length > 0 && re.IsMatch(user[4].Trim()) ? user[4].Trim() : null; newUser.FirstName = user[3].Length > 0 ? user[3].Trim() : null; newUser.LastName = user[2].Length > 0 ? user[2].Trim() : null; userData.Users.Rows.Add(newUser); ((INSurveyUserProvider)_userProvider).AddUser(userData); if (userData.Users[0].UserId > 0) { importCount++; } AddUserSettings(userData.Users[0].UserId); AddUserRoles(userData.Users[0].UserId); if (!HasSurveyAccessCheckBox.Checked) { AddUserSurveys(userData.Users[0].UserId); } } } } MessageLabel.Visible = true; if (importCount > 0) { ((PageBase)Page).ShowNormalMessage(MessageLabel, ((PageBase)Page).GetPageResource("UserImportedMessage")); } else { ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("NoUserImportedMessage")); } ImportUsersTextBox.Text = string.Empty; UserRolesListBox.Items.Clear(); UserSurveysListBox.Items.Clear(); BindSurveyDropDownLists(); }
protected void ImportUsersButton_Click(object sender, EventArgs e) { Regex re = new Regex(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" + @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" + @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"); int importCount = 0; var sec = new LoginSecurity(); if (ImportUserMatrixFile.HasFile) { try { var workPart = SpreadsheetDocument.Open(ImportUserMatrixFile.FileContent, false).WorkbookPart; var sheetData = workPart.WorksheetParts.First().Worksheet.Elements <SheetData>().First(); foreach (var row in sheetData.Elements <Row>()) { if (row.RowIndex > 0) { var cells = row.Descendants <Cell>().ToList(); if (cells.Count >= 5) { string username = ReadExcelCell(cells[0], workPart); if (new Users().GetUserByIdFromUserName(username) == -1) { NSurveyUserData userData = new NSurveyUserData(); NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow(); newUser.UserName = username.Trim(); string password = "******"; newUser.PasswordSalt = sec.CreateSaltKey(5); newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt); string email = ReadExcelCell(cells[1], workPart); newUser.Email = email.Length > 0 && re.IsMatch(email.Trim()) ? email.Trim() : null; if (cells.Count >= 6) { newUser.FirstName = ReadExcelCell(cells[5], workPart); } if (cells.Count >= 7) { newUser.LastName = ReadExcelCell(cells[6], workPart); } userData.Users.Rows.Add(newUser); ((INSurveyUserProvider)_userProvider).AddUser(userData); if (userData.Users[0].UserId > 0) { importCount++; //TODO: add user group AddUserSettings(userData.Users[0].UserId); AddUserRoles(userData.Users[0].UserId); new Survey().AssignUserToSurvey(int.Parse(ReadExcelCell(cells[2], workPart)), userData.Users[0].UserId); } } } } } } catch (Exception ex) { ((PageBase)Page).ShowErrorMessage(MessageLabel, ex.Message); } } string[] users = "".Split('\n'); //ImportUsersTextBox.Text.Split('\n'); //for (int i = 0; i < users.Length; i++) //{ // string[] user = users[i].Split(','); // if (user.Length > 4 && user[0].Trim().Length > 0 && user[1].Trim().Length > 0) // { // // Check if user already exists in the db // if (new Users().GetUserByIdFromUserName(user[0]) == -1) // { // NSurveyUserData userData = new NSurveyUserData(); // NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow(); // newUser.UserName = user[0].Trim(); // string password = user[1].Trim(); // newUser.PasswordSalt =sec.CreateSaltKey(5); // newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt); // newUser.Email = user[4].Length > 0 && re.IsMatch(user[4].Trim()) ? // user[4].Trim() : null; // newUser.FirstName = user[3].Length > 0 ? user[3].Trim() : null; // newUser.LastName = user[2].Length > 0 ? user[2].Trim() : null; // userData.Users.Rows.Add(newUser); // ((INSurveyUserProvider)_userProvider).AddUser(userData); // if (userData.Users[0].UserId > 0) importCount++; // AddUserSettings(userData.Users[0].UserId); // AddUserRoles(userData.Users[0].UserId); // //if (!HasSurveyAccessCheckBox.Checked) // //{ // // AddUserSurveys(userData.Users[0].UserId); // //} // } // } //} MessageLabel.Visible = true; if (importCount > 0) { ((PageBase)Page).ShowNormalMessage(MessageLabel, ((PageBase)Page).GetPageResource("UserImportedMessage")); } else { ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("NoUserImportedMessage")); } BindSurveyDropDownLists(); }
private void ValidateCredentialsButton_Click(object sender, System.EventArgs e) { string enteredPwd = PasswordTextBox.Text.Trim(); string enteredUname = LoginTextBox.Text.Trim(); if (enteredUname.Length > 0 && enteredPwd.Length > 0) { string encryptedPwd; int?id = new Users().GetUserByIdFromUserName(LoginTextBox.Text); if ((id ?? 0) > 0) { var sec = new LoginSecurity(); var user = new Users().GetUserById(id ?? 0); string pwd = user.Users[0].Password; string salt = user.Users[0].IsPasswordSaltNull() ? null : user.Users[0].PasswordSalt; if (string.IsNullOrEmpty(salt))// Unhashed old style .Create salted password and update { encryptedPwd = new User().EncryptUserPassword(enteredPwd); salt = sec.CreateSaltKey(5); } else { salt = user.Users[0].PasswordSalt; encryptedPwd = sec.CreatePasswordHash(enteredPwd, salt); } if (user.Users[0].Password == encryptedPwd) { var authUser = user; UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId); if (userSettings.UserSettings.Rows.Count > 0) { System.Text.StringBuilder userInfos = new System.Text.StringBuilder(); userInfos.Append(authUser.Users[0].UserName + ","); userInfos.Append(authUser.Users[0].UserId + ","); userInfos.Append(authUser.Users[0].FirstName + ","); userInfos.Append(authUser.Users[0].LastName + ","); userInfos.Append(authUser.Users[0].Email + ","); userInfos.Append(userSettings.UserSettings[0].IsAdmin + ","); userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess); userInfos.Append("|"); int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId); for (int i = 0; i < userRights.Length; i++) { userInfos.Append(userRights[i].ToString()); if (i + 1 < userRights.Length) { userInfos.Append(","); } } if (authUser.Users[0].IsPasswordSaltNull()) { authUser.Users[0].PasswordSalt = salt; authUser.Users[0].Password = sec.CreatePasswordHash(enteredPwd, salt); ((INSurveyUserProvider)_userProvider).UpdateUser(authUser); } FormsAuthentication.SetAuthCookie(userInfos.ToString(), false); var x = UserFactory.Create().CreatePrincipal(new ClaimsIdentity()); // ((Wap)this.Master).isTreeStale = true; ((PageBase)Page).SelectedFolderId = null; // ((Wap)this.Master).RebuildTree(); UINavigator.NavigateToFirstAccess(x, -1); } } } } MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("InvalidLoginPasswordMessage")); }
private void ApplyChangesButton_Click(object sender, System.EventArgs e) { if (ValidateFieldOptions()) { if (new Users().IsAdministrator(UserId) && !IsAdminCheckBox.Checked && new Users().GetAdminCount() == 1) { MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("CannotDeleteLastAdminMessage")); return; } if (_userProvider is INSurveyUserProvider) { NSurveyUserData userData = new NSurveyUserData(); NSurveyUserData.UsersRow updatedUser = userData.Users.NewUsersRow(); updatedUser.UserId = UserId; updatedUser.UserName = UserNameTextBox.Text; // if no password was specified the old one will be kept if (PasswordTextBox.Text.Length > 0) { if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$")) { MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("PasswordRequiredMessage")); return; } else { var sec = new LoginSecurity(); updatedUser.PasswordSalt = sec.CreateSaltKey(5); updatedUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text, updatedUser.PasswordSalt); } } else { updatedUser.Password = null; updatedUser.PasswordSalt = null; } updatedUser.Email = EmailTextBox.Text; updatedUser.FirstName = FirstNameTextBox.Text; updatedUser.LastName = LastNameTextBox.Text; userData.Users.Rows.Add(updatedUser); ((INSurveyUserProvider)_userProvider).UpdateUser(userData); } UserSettingData userSettings = new UserSettingData(); UserSettingData.UserSettingsRow newUserSettings = userSettings.UserSettings.NewUserSettingsRow(); newUserSettings.UserId = UserId; newUserSettings.IsAdmin = IsAdminCheckBox.Checked; newUserSettings.GlobalSurveyAccess = HasSurveyAccessCheckBox.Checked; userSettings.UserSettings.Rows.Add(newUserSettings); new User().UpdateUserSettings(userSettings); // Notifiy containers that data has changed OnOptionChanged(); BindSurveyDropDownLists(); MessageLabel.Visible = true; ((PageBase)Page).ShowNormalMessage(MessageLabel, ((PageBase)Page).GetPageResource("UserUpdatedMessage")); } }
private bool IsUserAuthorizedPage() { string currentPage = Page.Request.AppRelativeCurrentExecutionFilePath; // The following is a list of all the pages that are open to // authenticated users. These users do not need specific permissions // to access the page. string[] openPages = { "~/MainPage.aspx", "~/Security/EditUser.aspx", "~/Test/TestUserControlForTest.aspx", "~/About/VersionInformation.aspx", "~/About/Credits.aspx", "~/Security/ChangePassword.aspx", "~/UserConfiguration/UserConfiguration.aspx", "~/Authentication/UserIsLocked.aspx", "~/Authentication/UserIsUnlocked.aspx", "~/Authentication/UserNotApproved.aspx", "~/Test/TestTooltip.aspx", "~/ResetSystem.aspx", "~/Test/TestAddData.aspx", "~/Test/TestVisitKpi.aspx", "~/HelpManager/Default.aspx", "~/Test/TestDatePicker.aspx", "~/Organization/ListOrganizations.aspx", "~/Organization/EditOrganization.aspx", "~/Organization/OrganizationDetails.aspx", "~/Organization/ShareOrganization.aspx", "~/Project/ProjectForm.aspx", "~/Project/ProjectDetails.aspx", "~/Project/ProjectList.aspx", "~/Project/ShareProject.aspx", "~/Activity/AddActivity.aspx", "~/Activity/ActivityDetails.aspx", "~/Activity/ActivitiesList.aspx", "~/Activity/ShareActivity.aspx", "~/People/SharePerson.aspx", "~/People/PersonDetails.aspx", "~/Personas/ListaPersonas.aspx", "~/Personas/PeopleForm.aspx", "~/Kpi/KpiForm.aspx", "~/Kpis/KpiDetails.aspx", "~/Kpis/KpiDashboard.aspx", "~/Kpi/KpiList.aspx", "~/Kpi/KpiDataEntry.aspx", "~/Kpi/ShareKpi.aspx", "~/Kpi/ImportData.aspx", "~/Trash/TrashList.aspx" }; for (int i = 0; i < openPages.Length; i++) { if (currentPage.Equals(openPages[i])) { return(true); } } // SECURITY pages string[] securityPages = new string[] { "~/Security/AssignRoles.aspx", "~/Security/AssignRolesByUser.aspx", "~/Security/DefinePermissionsByRol.aspx", "~/Security/DefinePermissionsByUser.aspx", "~/Security/NewRole.aspx", "~/Security/UserList.aspx", "~/Security/CreateUser.aspx", "~/Security/UserIsLocked.aspx", "~/Security/UserIsUnlocked.aspx", "~/Bitacora/ListaEventosBitacora.aspx" }; for (int i = 0; i < securityPages.Length; i++) { if (currentPage.Equals(securityPages[i]) && LoginSecurity.IsUserAuthorizedPermission("MANAGE_SECURITY")) { return(true); } } //CATEGORIES pages string[] categoriesPages = new string[] { "~/Category/CategoriesList.aspx", "~/Category/CategoryDetails.aspx" }; for (int i = 0; i < categoriesPages.Length; i++) { if (currentPage.Equals(categoriesPages[i]) && LoginSecurity.IsUserAuthorizedPermission("MANAGE_CATEGORIES")) { return(true); } } // PERSONAS pages string[] personasPages = new string[] { "~/Seguimiento/SeguimientoCampana.aspx" }; for (int i = 0; i < personasPages.Length; i++) { if (currentPage.Equals(personasPages[i]) && LoginSecurity.IsUserAuthorizedPermission("ADMIN_TESTS")) { return(true); } } // Nothing else worked. The user should not be allowed to access the page. return(false); }
protected void Page_Load(object sender, EventArgs e) { log.Debug("############# Master Page starting Page Load #############"); //BuildFeedbackIframeCode(); if (!IsPostBack) { log.Debug("Page is not Postback"); // Verify the integrity of the system Artexacta.App.Utilities.VersionUtilities.VersionUtilities.verifySystemVersionIntegrity(); log.Debug("Application version is ok"); /* * Perform security validations for the page */ int userID = 0; if (LoginSecurity.IsUserAuthenticated()) { try { userID = Artexacta.App.User.BLL.UserBLL.GetUserIdByUsername(HttpContext.Current.User.Identity.Name); } catch (Exception q) { log.Error("Failed to get the ID of the current user", q); } } else { Response.Redirect("~/Authentication/Login.aspx"); } CurrentUserIDHiddenField.Value = userID.ToString(); bool userIsAdministrator = LoginSecurity.IsUserAdministrator(); bool currentPageRoleManagement = IsCurrentPageUserOrRoleManagement(); if (log.IsDebugEnabled) { if (userIsAdministrator) { log.Debug("Current user IS administrator"); } else { log.Debug("Current user IS NOT administrator"); } if (currentPageRoleManagement) { log.Debug("Current page IS Role Management"); } else { log.Debug("Current page IS NOT Role Management"); } } try { User objUser = UserBLL.GetUserById(userID); LoginStatus1.LogoutText = "<i class='zmdi zmdi-run'></i> " + Resources.InitMasterPage.Logout + ", " + objUser.FullName; } catch (Exception ex) { log.Error("Error getting user name information", ex); } if (userIsAdministrator && currentPageRoleManagement) { // If the current page is the Role Management or the User Management pages then // the administrator user is sufficient for access to those pages. // Do nothing. We don't perform any further security checks. log.Debug("Current user is Admin and page is Role Management. No further security checks required"); } else { log.Debug("Determining if user has access to page"); // Verify that the user has sufficient access permissions for the page. if (!IsUserAuthorizedPage()) { // Transfer the user to a page that tells him that he is not authorized to // see that page. Response.Redirect("~/Authentication/NotAuthorized.aspx"); } } // lblUseName.Text = HttpContext.Current.User.Identity.Name; LoadMainMenuScript(); ConstructMenu(); } else { // Verify that the user has been authenticated. LoginSecurity.EnsureUserAuthentication(); } //BuildFeedbackIframeCode(); //LoadCalendarItems(CurrentUserIDHiddenField.Value); log.Debug("############# Master Page ending Page Load #############"); }