public void ValidateRequestSecurity()
        {
            var useSSL = BehaviorsConfiguration.HTTPSecurity == HTTPSecurity.SSL;

            if (useSSL || ShouldEnforceSecureRequests(AppInfo.GetAppInfo()))
            {
                if (!RuntimePlatformUtils.RequestIsSecure(HttpContext.Current.Request, !useSSL))
                {
                    throw new ExposeRestException("HTTPS connection required.", HttpStatusCode.Forbidden);
                }
            }

            if (BehaviorsConfiguration.InternalAccessOnly)
            {
                if (!RuntimePlatformUtils.InternalAddressIdentification(HttpContext.Current.Request))
                {
                    throw new ExposeRestException("Access Denied.", HttpStatusCode.Forbidden);
                }
            }
        }
        private void Page_Load(object sender, System.EventArgs e)
        {
            // init vars
            AppInfo appInfo = Global.App;

            if (appInfo != null)
            {
                heContext = appInfo.OsContext;
            }
            Response.ContentType = "text/html; charset=" + Response.ContentEncoding.WebName;

            // No session SessionFixationValidation because screen is accessible by anonymous users or uses a readonly session.

            if (appInfo != null)
            {
                heContext = appInfo.OsContext; heContext.RequestTracer.MainEventType = RequestTracerEventType.WebScreenServerExecuted; heContext.RequestTracer.RegisterEndpoint("2dcd742c-96b7-4e62-ae6f-1644bcab95a5", "InvalidPermissions");
            }
            OutSystems.HubEdition.RuntimePlatform.Web.JavaScriptManager.CheckRelativeJavaScriptPrefix(AppUtils.Instance.getImagePath());
            appInfo.IsLoadingScreen = !IsPostBack;
            if (!IsPostBack)
            {
                ArrayList screenParameters          = (ArrayList)Global.App.OsContext.Session["ContactManager._ScreenParameters_InvalidPermissions"];
                bool      screenParametersInSession = false;
                object    screenParametersKey       = heContext.Session["_ScreenParametersKey"];
                if ((screenParametersKey == null || this.Key.Equals(ObjectKey.Parse(Convert.ToString(screenParametersKey)))) && screenParameters != null)
                {
                    try {
                        screenParametersInSession = true;
                    } catch (Exception parametersException) {
                        ErrorLog.LogApplicationError("Failed to load Screen Input Parameters from session.", "ScreenParametersKey = " + screenParametersKey + ", Count = " + screenParameters.Count + "\r\n" + parametersException.StackTrace, heContext, "Global");
                    } finally {
                        Global.App.OsContext.Session["ContactManager._ScreenParameters_InvalidPermissions"] = null;
                        heContext.Session["_ScreenParametersKey"] = null;
                    }
                }
                else if (Request.HttpMethod == "GET")
                {
                }
                else if (Request.HttpMethod == "POST")
                {
                }
            }
            if (!appInfo.IsApplicationEnabled)
            {
                ErrorLog.LogApplicationError(message: "eSpace " + appInfo.eSpaceName + " is disabled", stackTrace: Environment.StackTrace, context: heContext, moduleName: "Global");
                String contact = RuntimePlatformUtils.GetAdministrationEmail();
                try {
                    Context.Items[Constants.AppOfflineCustomHandler.ContactKey]   = contact;
                    Context.Items[Constants.AppOfflineCustomHandler.ErrorCodeKey] = "APPLICATION_OFFLINE";
                    Server.Transfer("/ContactManager/CustomHandlers/app_offline.aspx");
                }
                catch (System.Threading.ThreadAbortException) {}
                catch {
                    Response.Redirect("/ContactManager/CustomHandlers/internalerror.aspx");
                }
            }
            InitializeUrls();
            Actions.ActionOnBeginWebRequest(heContext);
            if (appInfo.IsForcingSecurityForScreens() && !RuntimePlatformUtils.RequestIsSecure(Request))
            {
                Response.Redirect("https://" + Request.Url.Host + "" + AppUtils.Instance.getImagePath() + "InvalidPermissions.aspx" + Request.Url.Query);
                HttpContext.Current.ApplicationInstance.CompleteRequest();
            }
            if (!IsPostBack)
            {
                CheckPermissions(heContext);
                bool bindEditRecords = !IsPostBack;
                Title = "Invalid Permissions"; Page.DataBind();
                if (RuntimePlatformUtils.GetRequestTracer() != null)
                {
                    RuntimePlatformUtils.GetRequestTracer().RegisterSessionSize(); if (heContext.Session != null)
                    {
                        RuntimePlatformUtils.GetRequestTracer().RegisterUserId(heContext.Session.UserId);
                    }
                }
                if (!heContext.AppInfo.SelectiveLoggingEnabled || heContext.AppInfo.Properties.AllowLogging)
                {
                    ScreenLog.StaticWrite(heContext.AppInfo, heContext.Session, heContext.StartInstant, (int)((TimeSpan)(DateTime.Now - heContext.StartInstant)).TotalMilliseconds, "InvalidPermissions", (string)heContext.Session["MSISDN"], "WEB", "Screen", RuntimeEnvironment.MachineName, RuntimePlatformUtils.GetViewstateSize(), RuntimePlatformUtils.GetRetrievedSessionSize(), RuntimePlatformUtils.GetRetrievedSessionRequests());
                }
            }
            else
            {
                if (heContext.AppInfo.IsForcingSecurityForScreens() && !RuntimePlatformUtils.RequestIsSecure(Request))
                {
                    Response.Redirect("https://" + Request.Url.Host + "" + AppUtils.Instance.getImagePath() + "InvalidPermissions.aspx" + Request.Url.Query);
                    HttpContext.Current.ApplicationInstance.CompleteRequest();
                }
                FetchViewState();
            }
        }