protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
var authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
SerializationModel serializeModel = serializer.Deserialize <SerializationModel>(authTicket.UserData);
MyPrincipal newUser = new MyPrincipal(authTicket.Name);
newUser.Id = serializeModel.Id;
newUser.FirstName = serializeModel.FirstName;
newUser.LastName = serializeModel.LastName;
newUser.Email = serializeModel.Email;
newUser.RoleId = serializeModel.RoleId;
newUser.BranchId = serializeModel.BranchId;
if (serializeModel.RoleId == 1)
{
newUser.IsAdmin = true;
}
else
{
newUser.IsAdmin = false;
}
HttpContext.Current.User = newUser;
}
}
public static MyPrincipal getUser()
{
var authCookie = HttpContext.Current.Request[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie);
JavaScriptSerializer serializer = new JavaScriptSerializer();
SerializationModel serializeModel = serializer.Deserialize <SerializationModel>(authTicket.UserData);
MyPrincipal newUser = new MyPrincipal(authTicket.Name);
newUser.Id = serializeModel.Id;
newUser.FirstName = serializeModel.FirstName;
newUser.LastName = serializeModel.LastName;
newUser.Email = serializeModel.Email;
newUser.RoleId = serializeModel.RoleId;
newUser.BranchId = serializeModel.BranchId;
if (serializeModel.RoleId == 1)
{
newUser.IsAdmin = true;
}
else
{
newUser.IsAdmin = false;
}
return(newUser);
}
else
{
return(null);
}
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
MyPrincipal principal = operationContext.ServiceSecurityContext.
AuthorizationContext.Properties["Principal"] as MyPrincipal;
return(principal.IsInRole("RegistrujKorisnika"));
}
private static void LogIn(string strOperName, string strPWD, string strL6Name, string strL8Name)
{
if (!Membership.ValidateUser(strOperName, strPWD))
{
throw new BusinessException("登录错误", "操作员或密码输入错误");
}
SecurityManage security = new SecurityManage();
Oper oper = security.GetOperByName(strOperName);
Dept dept = new Dept();
dept.cnnDeptID = 0;
dept.cnnDiscount = 0;
dept.cnvcDeptName = "云南人才中心";
if (oper.cnnDeptID != 0)
{
dept = security.GetDeptById(oper.cnnDeptID);
}
List <string> lFunc = security.GetFuncById(oper.cnnOperID, oper.cnnDeptID, constApp.strCardType, strL6Name, strL8Name);
List <string> lAllFunc = security.GetAllFunc(constApp.strCardType, strL6Name, strL8Name);
MyIdentity myidentity = new MyIdentity(oper, dept, Membership.Provider.Name);
MyPrincipal myprincipal = new MyPrincipal(myidentity, lFunc, lAllFunc);
Thread.CurrentPrincipal = myprincipal;
//AppDomain.CurrentDomain.SetThreadPrincipal(myprincipal);
//return security;
}
public void Run()
{
var obj = new MyPrincipal("abc", 123);
var clone = Serializer.DeepClone(obj);
Assert.Equal("abc", clone.Id);
Assert.Equal(123, clone.MyId);
}
protected static OrgFilter GetActiveOrgFilter()
{
MyPrincipal principal = GetPrincipal();
if (principal.ActiveFilter == null)
{
return(new OrgFilter());
}
return(principal.ActiveFilter);
}
void CreatingPrincipalAndIdentity(WindowsIdentity windowsIdentity) // Noncompliant, IIdentity parameter, see another section with tests
{
IIdentity identity;
identity = new MyIdentity(); // Noncompliant, creation of type that implements IIdentity
// ^^^^^^^^^^^^^^^^
identity = new WindowsIdentity(""); // Noncompliant
IPrincipal principal;
principal = new MyPrincipal(); // Noncompliant, creation of type that implements IPrincipal
principal = new WindowsPrincipal(windowsIdentity); // Noncompliant
}
private static void AuthenticateUser(string credentials)
{
try
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
//int separator = credentials.IndexOf(':');
//string name = credentials.Substring(0, separator);
//string password = credentials.Substring(separator + 1);
bool bValidacao = false;
//if (name == "teste" && password =="psw")
//{
// bValidacao = true;
//}
string credencials_conf = "";
if (ConfigurationManager.AppSettings["TokenTeste"] != null)
{
credencials_conf = ConfigurationManager.AppSettings["TokenTeste"].ToString();
}
else
{
HttpContext.Current.Response.StatusCode = 401;
}
if (credentials == credencials_conf)
{
bValidacao = true;
}
if (bValidacao)
{
MyPrincipal principal = new MyPrincipal(new GenericIdentity("MootIT"), null);
principal.user = "******";
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
else
{
// Invalid username or password.
HttpContext.Current.Response.StatusCode = 401;
}
}
catch (FormatException)
{
// Credentials were not formatted correctly.
HttpContext.Current.Response.StatusCode = 401;
}
}
/// <summary>
/// /Bu kodu ben yazdım
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie httpCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (httpCookie != null)
{
FormsAuthenticationTicket formsAuthenticationTicket = FormsAuthentication.Decrypt(httpCookie.Value);
Account account = JsonConvert.DeserializeObject <Account>(formsAuthenticationTicket.UserData);
MyPrincipal myPrincipal = new MyPrincipal(account.username);
myPrincipal.Account = account;
HttpContext.Current.User = myPrincipal;
}
}
void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authoCookies = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authoCookies != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authoCookies.Value);
JavaScriptSerializer js = new JavaScriptSerializer();
tblUser user = js.Deserialize <tblUser>(ticket.UserData);
MyIdentity myIdentity = new MyIdentity(user);
MyPrincipal myPrincipal = new MyPrincipal(myIdentity);
HttpContext.Current.User = myPrincipal;
}
}
protected void Application_PostAuthenticateRequest()
{
HttpCookie authoCookies = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authoCookies != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authoCookies.Value);
JavaScriptSerializer js = new JavaScriptSerializer();
Registered_Person user = js.Deserialize <Registered_Person>(ticket.UserData);
MyIdentity myIdentity = new MyIdentity(user);
MyPrincipal myPrincipal = new MyPrincipal(myIdentity);
HttpContext.Current.User = myPrincipal;
}
}
protected void Application_PostAuthenticateRequest()
{
var cockie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (cockie != null)
{
var ticket = FormsAuthentication.Decrypt(cockie.Value);
var js = new JavaScriptSerializer();
var user = js.Deserialize <MyUser>(ticket.UserData);
var identity = new MyIdentity(user);
var principal = new MyPrincipal(identity);
HttpContext.Current.User = principal;
}
}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
var cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
var authTicket = FormsAuthentication.Decrypt(cookie.Value);
var ma = JsonConvert.DeserializeObject <MyAccount>(authTicket.UserData);
var mp = new MyPrincipal(ma.Username)
{
Ma = ma
};
HttpContext.Current.User = mp;
}
}
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
UserDTO serializeModel = serializer.Deserialize <UserDTO>(authTicket.UserData);
MyPrincipal newUser = new MyPrincipal(authTicket.Name, serializeModel);
HttpContext.Current.User = newUser;
}
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
//if (authCookie != null)
//{
// // Get the forms authentication ticket.
// FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
// var identity = new GenericIdentity(authTicket.Name, "Forms");
// var principal = new MyPrincipal(identity);
// // Get the custom user data encrypted in the ticket.
// try
// {
// var idn = Context.User.Identity;
// }
// catch (Exception ex)
// {
// throw;
// }
// string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;
// // Deserialize the json data and set it on the custom principal.
// var serializer = new JavaScriptSerializer();
// principal.User = (UserLoginData)serializer.Deserialize(userData, typeof(UserLoginData));
// // Set the context user.
// Context.User = principal;
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
// Get the forms authentication ticket.
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var identity = new GenericIdentity(authTicket.Name, "Forms");
var principal = new MyPrincipal(identity);
// Get the custom user data encrypted in the ticket.
string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;
// Deserialize the json data and set it on the custom principal.
var serializer = new JavaScriptSerializer();
principal.User = (UserLoginData)serializer.Deserialize(userData, typeof(UserLoginData));
// Set the context user.
Context.User = principal;
}
}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
// Get the forms authentication ticket.
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var identity = new GenericIdentity(authTicket.Name, "Forms");
var principal = new MyPrincipal(identity);
// Get the custom user data encrypted in the ticket.
string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;
// Deserialize the json data and set it on the custom principal.
var serializer = new JavaScriptSerializer();
principal.User = (UserDetails)serializer.Deserialize(userData, typeof(UserDetails));
// Set the context user.
Context.User = principal;
}
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
// Get the forms authentication ticket.
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var identity = new GenericIdentity(authTicket.Name, "Forms");
var principal = new MyPrincipal(identity);
// Get the custom user data encrypted in the ticket.
string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;
// Deserialize the json data and set it on the custom principal.
var serializer = new JavaScriptSerializer();
principal.User = (UserModel)serializer.Deserialize(userData, typeof(UserModel));
// Set the context user.
Context.User = principal;
}
}
public void SetCustomPrincipalOnThread()
{
MyPrincipal prpal = new MyPrincipal();
System.Threading.Thread.CurrentPrincipal = prpal;
}
} // Noncompliant
void AcceptPrincipal(MyPrincipal principal)
{
} // Noncompliant
public HttpResponseMessage DoLogin(string username, string password)
{
LoginModel loginModel = new LoginModel();
try
{
string user = username.Trim().ToUpper();
string pw = password.Trim();
MyPrincipal upro = null;
bool found = false;
MyIdentity identity = null;
if ((HttpContext.Current.Cache[user] != null))
{
upro = (MyPrincipal)HttpContext.Current.Cache.Get(user);
identity = (MyIdentity)upro.Identity;
HttpContext.Current.User = upro;
found = true;
}
if (!found)
{
try
{
upro = MySecurityProvider.BuildNewIdentity(user, "", pw, "Form").Result;
}
catch (System.Exception ex)
{
ErrorLogInfo error = new ErrorLogInfo();
error.freeTextDetails = ex.Message;
error.logCode = "ERR111";
error.loggingAppCode = "SCA";
error.loggingTime = System.DateTime.Now;
error.uniqueLogID = System.DateTime.Now.Ticks.ToString();
_log.Error(error);
loginModel.Error = ex.Message;
loginModel.success = "false";
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.InternalServerError, loginModel));
}
}
//se l'utente ha fornito username e password corretta
if (upro != null && (((MyIdentity)upro.Identity).checkIdentity(user, pw)))
{
//se l'utente non era in cache carico il profilo utente
if (!found)
{
//upro = MySecurityProvider.BuildPrincipal(identity, "0");
HttpContext.Current.Cache.Add(user, upro, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(CACHEEXPIRATION), System.Web.Caching.CacheItemPriority.AboveNormal, null);
}
//a questo punto ho riunito le due strade
//controllo se l'utente è già loggato
//if (upro.isLoggedIn) errorlabel.Text = "Accesso impossibile.<br /><br /><b>ATTENZIONE: Account già in uso!!</b>";
if (false)
{
}
else
{
MailLogInfo logInfo = new MailLogInfo();
logInfo.logCode = "LON";
logInfo.loggingAppCode = "MAIL";
logInfo.loggingTime = System.DateTime.Now;
logInfo.uniqueLogID = System.DateTime.Now.Ticks.ToString();
logInfo.userID = user;
logInfo.freeTextDetails = string.Empty;
_log.Info(logInfo);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(user, false, 15);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
HttpContext.Current.Response.Cookies.Add(cookie);
//Response.Cookies.Add(cookie);
// upro.isLoggedIn = true;
HttpContext.Current.User = upro;
HttpContext.Current.Cache.Insert(user, upro, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(CACHEEXPIRATION), System.Web.Caching.CacheItemPriority.AboveNormal, null);
loginModel.success = "true";
loginModel.ResponseUrl = "pages/Common/Default.aspx";
}
}
// hanno provato ad inserie uno username giusto ma una password sbagliata(grave)
else
{
loginModel.success = "false";
loginModel.Error = "Attenzione! Credenziali di accesso errate";
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.BadRequest, loginModel));
}
}
catch (System.Exception e0)
{
loginModel.Error = e0.Message;
loginModel.success = "false";
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.InternalServerError, loginModel));
}
return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.OK, loginModel));
}
public string GetAuthenticationFullName()
{
MyPrincipal my = System.Threading.Thread.CurrentPrincipal as MyPrincipal;
return(my != null ? my.FullName : null);
}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
try
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
MyPrincipalSerializeModel serializeModel = JsonConvert.DeserializeObject <MyPrincipalSerializeModel>(authTicket.UserData);
MyPrincipal newUser = new MyPrincipal(authTicket.Name);
newUser.id = serializeModel.id;
newUser.username = serializeModel.username;
newUser.password = serializeModel.password;
newUser.firstname = serializeModel.firstname;
newUser.lastname = serializeModel.lastname;
newUser.path_foto = serializeModel.path_foto;
newUser.menus = new List <PrincipalMenu>();
newUser.RoleUser = new List <string>();
tms_mka_v2.Context.ContextModel dbcontext = new tms_mka_v2.Context.ContextModel();
tms_mka_v2.Context.User dbuser = dbcontext.User.Where(u => u.Id == newUser.id).FirstOrDefault();
foreach (var _menu in dbuser.UserMenus)
{
PrincipalMenu _menuUser = new PrincipalMenu();
_menuUser.MenuName = _menu.Menu.MenuName;
_menuUser.Action = new List <string>();
if (_menu.IsCreate)
{
_menuUser.Action.Add("create");
}
if (_menu.IsRead)
{
_menuUser.Action.Add("read");
}
if (_menu.IsUpdate)
{
_menuUser.Action.Add("update");
}
if (_menu.IsDelete)
{
_menuUser.Action.Add("delete");
}
if (_menu.IsPrint)
{
_menuUser.Action.Add("print");
}
if (_menu.IsProses)
{
_menuUser.Action.Add("proses");
}
newUser.menus.Add(_menuUser);
}
foreach (var _role in dbuser.UserRole)
{
newUser.RoleUser.Add(_role.Role.RoleName);
}
HttpContext.Current.User = newUser;
}
catch (Exception)
{
//SignOut();
//return;
}
}
}
public void Run()
{
var obj = new MyPrincipal("abc", 123);
var clone = Serializer.DeepClone(obj);
}