/// ----------------------------------------------------------------------------- /// <summary> /// ValidateUser runs when the user has been authorized by the data store. It validates for /// things such as an expiring password, valid profile, or missing DNN User Association /// </summary> /// <param name="objUser">The logged in User</param> /// <param name="ignoreExpiring">Ignore the situation where the password is expiring (but not yet expired)</param> /// <history> /// [cnurse] 03/15/2006 /// [cnurse] 07/03/2007 Moved from Sign.ascx.vb /// </history> /// ----------------------------------------------------------------------------- private void ValidateUser(UserInfo objUser, bool ignoreExpiring) { UserValidStatus validStatus = UserValidStatus.VALID; string strMessage = Null.NullString; DateTime expiryDate = Null.NullDate; if (!objUser.IsSuperUser) { validStatus = UserController.ValidateUser(objUser, PortalId, ignoreExpiring); } if (PasswordConfig.PasswordExpiry > 0) { expiryDate = objUser.Membership.LastPasswordChangeDate.AddDays(PasswordConfig.PasswordExpiry); } UserId = objUser.UserID; //Check if the User has valid Password/Profile switch (validStatus) { case UserValidStatus.VALID: //Set the Page Culture(Language) based on the Users Preferred Locale if ((objUser.Profile != null) && (objUser.Profile.PreferredLocale != null)) { Localization.SetLanguage(objUser.Profile.PreferredLocale); } else { Localization.SetLanguage(PortalSettings.DefaultLanguage); } //Set the Authentication Type used AuthenticationController.SetAuthenticationType(AuthenticationType); //Complete Login UserController.UserLogin(PortalId, objUser, PortalSettings.PortalName, AuthenticationLoginBase.GetIPAddress(), chkCookie.Checked); //redirect browser Response.Redirect(RedirectURL, true); break; case UserValidStatus.PASSWORDEXPIRED: strMessage = string.Format(Localization.GetString("PasswordExpired", LocalResourceFile), expiryDate.ToLongDateString()); AddLocalizedModuleMessage(strMessage, ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 2; pnlProceed.Visible = false; break; case UserValidStatus.PASSWORDEXPIRING: strMessage = string.Format(Localization.GetString("PasswordExpiring", LocalResourceFile), expiryDate.ToLongDateString()); AddLocalizedModuleMessage(strMessage, ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 2; pnlProceed.Visible = true; break; case UserValidStatus.UPDATEPASSWORD: AddModuleMessage("PasswordUpdate", ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 2; pnlProceed.Visible = false; break; case UserValidStatus.UPDATEPROFILE: //Admin has forced profile update AddModuleMessage("ProfileUpdate", ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 3; break; } ShowPanel(); }
protected override void OnLoad(EventArgs e) { if (Request.QueryString["noSAML"] != null) { } else { base.OnLoad(e); staticPortalSettings = PortalSettings; string redirectTo = "~/"; try { config = DNNAuthenticationSAMLAuthenticationConfig.GetConfig(PortalId); if (Request.HttpMethod == "POST" && !Request.IsAuthenticated) { //specify the certificate that your SAML provider has given to you string samlCertificate = config.TheirCert; Saml.Response samlResponse = new Saml.Response(samlCertificate); LogToEventLog("Request:", Request.Form["SAMLResponse"].ToString()); samlResponse.LoadXmlFromBase64(Request.Form["SAMLResponse"]); //SAML providers usually POST the data into this var //String xmlExample = ""; //samlResponse.LoadXml(xmlExample); LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", string.Format("samlResponse is: ", samlResponse.ToString())); if (samlResponse.IsValid()) { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "saml valid"); LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", string.Format("samlResponse is: {0}", samlResponse.Xml.ToString())); //WOOHOO!!! user is logged in //YAY! //Obtain optional items string username = "", email = "", firstname = "", lastname = "", displayname = ""; var rolesList = new List <string>(); var requiredRolesList = new List <string>(); try { username = samlResponse.GetNameID(); if (username == null) { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "USER IS NULL"); } else { if (username == "") { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "USER IS EMPTY"); } } LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", string.Format("Username is: {0} ", username)); email = samlResponse.GetUserProperty(config.usrEmail); if (email == null) { email = samlResponse.GetUserProperty("email"); } firstname = samlResponse.GetUserProperty(config.usrFirstName); if (firstname == null) { firstname = samlResponse.GetUserProperty("firstName"); } lastname = samlResponse.GetUserProperty(config.usrLastName); if (lastname == null) { lastname = samlResponse.GetUserProperty("lastName"); } displayname = samlResponse.GetUserProperty(config.usrDisplayName); if (displayname == null) { displayname = samlResponse.GetUserProperty("displayName"); } var roles = samlResponse.GetUserProperty(config.RoleAttribute); if (!string.IsNullOrWhiteSpace(roles)) { rolesList = roles.Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries).ToList(); } var requiredRoles = samlResponse.GetUserProperty(config.RequiredRoles); if (!string.IsNullOrWhiteSpace(requiredRoles)) { requiredRolesList = requiredRoles.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).ToList(); } } catch (Exception ex) { //insert error handling code //no, really, please do LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", string.Format("Exception:......{0}", ex.InnerException.Message)); } UserInfo userInfo = UserController.GetUserByName(PortalSettings.PortalId, username); if (userInfo == null) { //user does not exists, it needs to be created. userInfo = new UserInfo(); try { if (username != null && email != null && firstname != null && lastname != null) { if (displayname == null) { userInfo.DisplayName = firstname + " " + lastname; } else { userInfo.DisplayName = displayname; } userInfo.FirstName = firstname; userInfo.LastName = lastname; userInfo.Username = username; userInfo.Email = email; userInfo.PortalID = PortalSettings.PortalId; userInfo.IsSuperUser = false; userInfo.Membership.Password = UserController.GeneratePassword(); var usrCreateStatus = new UserCreateStatus(); usrCreateStatus = UserController.CreateUser(ref userInfo); if (usrCreateStatus == UserCreateStatus.Success) { UserInfo usrInfo = UserController.GetUserByName(PortalSettings.PortalId, username); SetProfileProperties(samlResponse, usrInfo); //Add roles if needed, since a new user no need to remove roles or process that condition if (rolesList.Any()) { AssignRolesFromList(usrInfo, rolesList); } } else { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "Error creating new user..." + usrCreateStatus.ToString()); } } } catch (Exception ex) { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "Error creating new user...exception: " + ex.InnerException.Message); } } else { //User already exists //Wen unlock it if necessary if (userInfo.Membership.LockedOut) { UserController.UnLockUser(userInfo); } LogToEventLog("DNN.Authentication.SAML.OnLoad(post !auth)", String.Format("FoundUser userInfo.Username: {0}", userInfo.Username)); try { //We update the user's info userInfo.DisplayName = displayname; userInfo.FirstName = firstname; userInfo.LastName = lastname; userInfo.Email = email; UserController.UpdateUser(PortalSettings.PortalId, userInfo); //We update the user's properties SetProfileProperties(samlResponse, userInfo); //Ensure roles if neeeded if (rolesList.Any()) { AssignRolesFromList(userInfo, rolesList); } //If we have a required role list, remove any of those items that were not in the SAML attribute if (requiredRolesList.Any()) { var toRemove = requiredRolesList.Where(req => !rolesList.Contains(req)) .ToList(); RemoveRolesFromList(userInfo, toRemove); } } catch (Exception ex) { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "Error updating existing user...exception: " + ex.InnerException.Message); } } UserValidStatus validStatus = UserController.ValidateUser(userInfo, PortalId, true); UserLoginStatus loginStatus = validStatus == UserValidStatus.VALID ? UserLoginStatus.LOGIN_SUCCESS : UserLoginStatus.LOGIN_FAILURE; if (loginStatus == UserLoginStatus.LOGIN_SUCCESS) { SetLoginDate(username); //Raise UserAuthenticated Event var eventArgs = new UserAuthenticatedEventArgs(userInfo, userInfo.Email, loginStatus, config.DNNAuthName) //"DNN" is default, "SAML" is this one. How did it get named SAML???? { Authenticated = true, Message = "User authorized", RememberMe = false }; OnUserAuthenticated(eventArgs); } } else { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", "saml not valid"); } } else if (Request.IsAuthenticated) { //Do Nothing if the request is authenticated } else { XmlDocument request = GenerateSAMLRequest(); //X509Certificate2 cert = StaticHelper.GetCert(config.OurCertFriendlyName); //request = StaticHelper.SignSAMLRequest(request, cert); LogToEventLog("DNN.Authentication.SAML.OnLoad()", string.Format("request xml {0}", request.OuterXml)); String convertedRequestXML = StaticHelper.Base64CompressUrlEncode(request); redirectTo = config.IdPURL + (config.IdPURL.Contains("?") ? "&" : "?") + "SAMLRequest=" + convertedRequestXML; if (Request.QueryString.Count > 0) { redirectTo += "&RelayState=" + HttpUtility.UrlEncode(Request.Url.Query.Replace("?", "&")); } Response.Redirect(Page.ResolveUrl(redirectTo), false); } } catch (System.Threading.ThreadAbortException tae) { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", string.Format("Exception is {0}", tae.Message)); //Response.Redirect(Page.ResolveUrl(redirectTo), false); } catch (Exception ex) { LogToEventLog("DNN.Authentication.SAML.OnLoad()", string.Format("Exception {0}", ex.Message)); //redirectTo = "~/"; } //Response.Redirect(Page.ResolveUrl(redirectTo), false); } }
//private static void UpdateProfile(UserInfo objUser, bool update) //{ // bool bUpdateUser = false; // if (ProfileProperties.Count > 0) // { // foreach (string key in ProfileProperties) // { // switch (key) // { // case "FirstName": // if (objUser.FirstName != ProfileProperties[key]) // { // objUser.FirstName = ProfileProperties[key]; // bUpdateUser = true; // } // break; // case "LastName": // if (objUser.LastName != ProfileProperties[key]) // { // objUser.LastName = ProfileProperties[key]; // bUpdateUser = true; // } // break; // case "Email": // if (objUser.Email != ProfileProperties[key]) // { // objUser.Email = ProfileProperties[key]; // bUpdateUser = true; // } // break; // case "DisplayName": // if (objUser.DisplayName != ProfileProperties[key]) // { // objUser.DisplayName = ProfileProperties[key]; // bUpdateUser = true; // } // break; // default: // objUser.Profile.SetProfileProperty(key, ProfileProperties[key]); // break; // } // } // if (update) // { // if (bUpdateUser) // { // UserController.UpdateUser(PortalSettings.Current.PortalId, objUser); // } // ProfileController.UpdateUserProfile(objUser); // } // } //} /// ----------------------------------------------------------------------------- /// <summary> /// ValidateUser runs when the user has been authorized by the data store. It validates for /// things such as an expiring password, valid profile, or missing DNN User Association /// </summary> /// <param name="objUser">The logged in User</param> /// <param name="ignoreExpiring">Ignore the situation where the password is expiring (but not yet expired)</param> /// ----------------------------------------------------------------------------- private static ActionResult ValidateUser(UserInfo objUser, bool ignoreExpiring) { ActionResult actionResult = new ActionResult(); UserValidStatus validStatus = UserValidStatus.VALID; string strMessage = Null.NullString; DateTime expiryDate = Null.NullDate; validStatus = UserController.ValidateUser(objUser, PortalSettings.Current.PortalId, ignoreExpiring); if (PasswordConfig.PasswordExpiry > 0) { expiryDate = objUser.Membership.LastPasswordChangeDate.AddDays(PasswordConfig.PasswordExpiry); } //Check if the User has valid Password/Profile switch (validStatus) { case UserValidStatus.VALID: //check if the user is an admin/host and validate their IP if (Host.EnableIPChecking) { bool isAdminUser = objUser.IsSuperUser || objUser.IsInRole(PortalSettings.Current.AdministratorRoleName); if (isAdminUser) { if (IPFilterController.Instance.IsIPBanned(HttpContext.Current.Request.UserHostAddress)) { PortalSecurity.Instance.SignOut(); actionResult.AddError("IPAddressBanned", Localization.GetString("IPAddressBanned", LocalResourceFile)); break; } } } //Set the Page Culture(Language) based on the Users Preferred Locale if ((objUser.Profile != null) && (objUser.Profile.PreferredLocale != null) && LocaleEnabled(objUser.Profile.PreferredLocale)) { Localization.SetLanguage(objUser.Profile.PreferredLocale); } else { Localization.SetLanguage(PortalSettings.Current.DefaultLanguage); } //Set the Authentication Type used AuthenticationController.SetAuthenticationType(AuthenticationType); //Complete Login IUserRequestIPAddressController userRequestIpAddressController = UserRequestIPAddressController.Instance; string ipAddress = userRequestIpAddressController.GetUserRequestIPAddress(new HttpRequestWrapper(HttpContext.Current.Request)); UserController.UserLogin(PortalSettings.Current.PortalId, objUser, PortalSettings.Current.PortalName, ipAddress, RememberMe); //check whether user request comes with IPv6 and log it to make sure admin is aware of that if (string.IsNullOrWhiteSpace(ipAddress)) { string ipAddressV6 = userRequestIpAddressController.GetUserRequestIPAddress(new HttpRequestWrapper(HttpContext.Current.Request), IPAddressFamily.IPv6); if (!string.IsNullOrWhiteSpace(ipAddressV6)) { AddEventLog(objUser.UserID, objUser.Username, PortalSettings.Current.PortalId, "IPv6", ipAddressV6); } } //redirect browser //var redirectUrl = RedirectURL; //Clear the cookie HttpContext.Current.Response.Cookies.Set(new HttpCookie("returnurl", "") { Expires = DateTime.Now.AddDays(-1), Path = (!string.IsNullOrEmpty(Globals.ApplicationPath) ? Globals.ApplicationPath : "/") }); actionResult.RedirectURL = GetRedirectUrl(); break; case UserValidStatus.PASSWORDEXPIRED: //strMessage = string.Format(Localization.GetString("PasswordExpired", LocalResourceFile), expiryDate.ToLongDateString()); //AddLocalizedModuleMessage(strMessage, ModuleMessage.ModuleMessageType.YellowWarning, true); actionResult.AddError("PASSWORDEXPIRED", string.Format(Localization.GetString("PasswordExpired", LocalResourceFile), expiryDate.ToLongDateString())); break; case UserValidStatus.PASSWORDEXPIRING: //strMessage = string.Format(Localization.GetString("PasswordExpiring", LocalResourceFile), expiryDate.ToLongDateString()); //AddLocalizedModuleMessage(strMessage, ModuleMessage.ModuleMessageType.YellowWarning, true); actionResult.AddError("PASSWORDEXPIRING", string.Format(Localization.GetString("PasswordExpiring", LocalResourceFile), expiryDate.ToLongDateString())); break; case UserValidStatus.UPDATEPASSWORD: string portalAlias = Globals.AddHTTP(PortalSettings.Current.PortalAlias.HTTPAlias); if (MembershipProviderConfig.PasswordRetrievalEnabled || MembershipProviderConfig.PasswordResetEnabled) { UserController.ResetPasswordToken(objUser); objUser = UserController.GetUserById(objUser.PortalID, objUser.UserID); } string redirTo = string.Format("{0}/default.aspx?ctl=PasswordReset&resetToken={1}&forced=true", portalAlias, objUser.PasswordResetToken); //Response.Redirect(redirTo); break; case UserValidStatus.UPDATEPROFILE: //Save UserID in ViewState so that can update profile later //When the user need update its profile to complete login, we need clear the login status because if the logrin is from //3rd party login provider, it may call UserController.UserLogin because they doesn't check this situation. actionResult.Data = new { UserExtensionURL = ServiceProvider.NavigationManager.NavigateURL("", "mid=0", "icp=true", "guid=fa7ca744-1677-40ef-86b2-ca409c5c6ed3#/updateprofile?uid=" + objUser.UserID) }; PortalSecurity.Instance.SignOut(); //Admin has forced profile update actionResult.AddError("ProfileUpdate", Localization.GetString("ProfileUpdate", LocalResourceFile)); break; case UserValidStatus.MUSTAGREETOTERMS: if (PortalSettings.Current.DataConsentConsentRedirect == -1) { //AddModuleMessage("MustConsent", ModuleMessage.ModuleMessageType.YellowWarning, true); actionResult.AddError("MUSTAGREETOTERMS", string.Format(Localization.GetString("MustConsent", LocalResourceFile), expiryDate.ToLongDateString())); } else { // Use the reset password token to identify the user during the redirect UserController.ResetPasswordToken(objUser); objUser = UserController.GetUserById(objUser.PortalID, objUser.UserID); actionResult.RedirectURL = ServiceProvider.NavigationManager.NavigateURL(PortalSettings.Current.DataConsentConsentRedirect, "", string.Format("token={0}", objUser.PasswordResetToken)); } break; } return(actionResult); }
/// ----------------------------------------------------------------------------- /// <summary> /// ValidateUser runs when the user has been authorized by the data store. It validates for /// things such as an expiring password, valid profile, or missing DNN User Association /// </summary> /// <param name="objUser">The logged in User</param> /// <param name="ignoreExpiring">Ignore the situation where the password is expiring (but not yet expired)</param> /// ----------------------------------------------------------------------------- private void ValidateUser(UserInfo objUser, bool ignoreExpiring) { UserValidStatus validStatus = UserValidStatus.VALID; string strMessage = Null.NullString; DateTime expiryDate = Null.NullDate; validStatus = UserController.ValidateUser(objUser, PortalId, ignoreExpiring); if (PasswordConfig.PasswordExpiry > 0) { expiryDate = objUser.Membership.LastPasswordChangeDate.AddDays(PasswordConfig.PasswordExpiry); } UserId = objUser.UserID; //Check if the User has valid Password/Profile switch (validStatus) { case UserValidStatus.VALID: //Set the Page Culture(Language) based on the Users Preferred Locale if ((objUser.Profile != null) && (objUser.Profile.PreferredLocale != null)) { Localization.SetLanguage(objUser.Profile.PreferredLocale); } else { Localization.SetLanguage(PortalSettings.DefaultLanguage); } //Set the Authentication Type used AuthenticationController.SetAuthenticationType(AuthenticationType); //Complete Login UserController.UserLogin(PortalId, objUser, PortalSettings.PortalName, AuthenticationLoginBase.GetIPAddress(), RememberMe); //redirect browser var redirectUrl = RedirectURL; //Clear the cookie HttpContext.Current.Response.Cookies.Set(new HttpCookie("returnurl", "") { Expires = DateTime.Now.AddDays(-1) }); Response.Redirect(redirectUrl, true); break; case UserValidStatus.PASSWORDEXPIRED: strMessage = string.Format(Localization.GetString("PasswordExpired", LocalResourceFile), expiryDate.ToLongDateString()); AddLocalizedModuleMessage(strMessage, ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 2; pnlProceed.Visible = false; break; case UserValidStatus.PASSWORDEXPIRING: strMessage = string.Format(Localization.GetString("PasswordExpiring", LocalResourceFile), expiryDate.ToLongDateString()); AddLocalizedModuleMessage(strMessage, ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 2; pnlProceed.Visible = true; break; case UserValidStatus.UPDATEPASSWORD: AddModuleMessage("PasswordUpdate", ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 2; pnlProceed.Visible = false; break; case UserValidStatus.UPDATEPROFILE: //When the user need update its profile to complete login, we need clear the login status because if the logrin is from //3rd party login provider, it may call UserController.UserLogin because they doesn't check this situation. new PortalSecurity().SignOut(); //Admin has forced profile update AddModuleMessage("ProfileUpdate", ModuleMessage.ModuleMessageType.YellowWarning, true); PageNo = 3; break; } ShowPanel(); }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); staticPortalSettings = PortalSettings; string redirectTo = "~/"; try { config = DNNAuthenticationSAMLAuthenticationConfig.GetConfig(PortalId); if (Request.HttpMethod == "POST" && !Request.IsAuthenticated) { if (Request.Form["RelayState"] != null) { string relayState = HttpUtility.UrlDecode(Request.Form["RelayState"]); LogToEventLog("DNN.Authentication.SAML.OnLoad(post !auth)", string.Format("relayState : {0}", relayState)); var relayStateSplit = relayState.Split(new char[] { '&' }, StringSplitOptions.RemoveEmptyEntries); foreach (string s in relayStateSplit) { if (s.ToLower().StartsWith("returnurl")) { redirectTo = "~" + s.Replace("returnurl=", ""); break; } } } X509Certificate2 myCert = StaticHelper.GetCert(config.OurCertFriendlyName); System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding(); string responseXML = enc.GetString(Convert.FromBase64String(Request.Form["SAMLResponse"])); ResponseHandler responseHandler = new ResponseHandler(responseXML, myCert, config.TheirCert ); LogToEventLog("DNN.Authentication.SAML.OnLoad(post !auth)", "responseXML : " + responseHandler.ResponseString()); string emailFromSAMLResponse = responseHandler.GetNameID(); UserInfo userInfo = UserController.GetUserByName(PortalSettings.PortalId, emailFromSAMLResponse); if (userInfo == null) { userInfo = new UserInfo(); userInfo.Username = emailFromSAMLResponse; userInfo.PortalID = base.PortalId; userInfo.DisplayName = emailFromSAMLResponse; userInfo.Email = emailFromSAMLResponse; userInfo.FirstName = emailFromSAMLResponse; userInfo.LastName = emailFromSAMLResponse; userInfo.Membership.Password = UserController.GeneratePassword(12).ToString(); UserCreateStatus rc = UserController.CreateUser(ref userInfo); if (rc == UserCreateStatus.Success) { addRoleToUser(userInfo, "Subscribers", DateTime.MaxValue); } } else { LogToEventLog("DNN.Authentication.SAML.OnLoad(post !auth)", String.Format("FoundUser userInfo.Username: {0}", userInfo.Username)); } string sessionIndexFromSAMLResponse = responseHandler.GetSessionIndex(); Session["sessionIndexFromSAMLResponse"] = sessionIndexFromSAMLResponse; UserValidStatus validStatus = UserController.ValidateUser(userInfo, PortalId, true); UserLoginStatus loginStatus = validStatus == UserValidStatus.VALID ? UserLoginStatus.LOGIN_SUCCESS : UserLoginStatus.LOGIN_FAILURE; if (loginStatus == UserLoginStatus.LOGIN_SUCCESS) { //Raise UserAuthenticated Event var eventArgs = new UserAuthenticatedEventArgs(userInfo, userInfo.Email, loginStatus, config.DNNAuthName) //"DNN" is default, "SAML" is this one. How did it get named SAML???? { Authenticated = true, Message = "User authorized", RememberMe = false }; OnUserAuthenticated(eventArgs); } } else if (Request.IsAuthenticated) { //if (!Response.IsRequestBeingRedirected) // Response.Redirect(Page.ResolveUrl("~/"), false); } else { XmlDocument request = GenerateSAMLRequest(); X509Certificate2 cert = StaticHelper.GetCert(config.OurCertFriendlyName); request = StaticHelper.SignSAMLRequest(request, cert); LogToEventLog("DNN.Authentication.SAML.OnLoad()", string.Format("request xml {0}", request.OuterXml)); String convertedRequestXML = StaticHelper.Base64CompressUrlEncode(request); redirectTo = config.IdPURL + (config.IdPURL.Contains("?") ? "&" : "?") + "SAMLRequest=" + convertedRequestXML; if (Request.QueryString.Count > 0) { redirectTo += "&RelayState=" + HttpUtility.UrlEncode(Request.Url.Query.Replace("?", "&")); } } } catch (System.Threading.ThreadAbortException tae) { LogToEventLog("DNN.Authentication.SAML.OnLoad(tae)", string.Format("Redirecting to {0}", redirectTo)); Response.Redirect(Page.ResolveUrl(redirectTo), false); } catch (Exception ex) { LogToEventLog("DNN.Authentication.SAML.OnLoad()", string.Format("Exception {0}", ex.Message)); redirectTo = "~/"; } Response.Redirect(Page.ResolveUrl(redirectTo), false); }
public dynamic Index(Entities.ResetPassword PasswordReset) { dynamic actionResult = new ExpandoObject(); try { PasswordReset.ResetToken = HttpContext.Current.Request.UrlReferrer.AbsoluteUri.Split('/')[HttpContext.Current.Request.UrlReferrer.AbsoluteUri.Split('/').Length - 1]; UserInfo UserInfo = UserController.GetUserByPasswordResetToken(PortalSettings.Current.PortalId, PasswordReset.ResetToken); _ipAddress = UserRequestIPAddressController.Instance.GetUserRequestIPAddress(new HttpRequestWrapper(HttpContext.Current.Request)); string username = PasswordReset.Username; if (PasswordReset.Password != PasswordReset.ConfirmPassword) { string failed = Localization.GetString("PasswordMismatch"); LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } string newPassword = PasswordReset.Password.Trim(); if (UserController.ValidatePassword(newPassword) == false) { string failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } MembershipPasswordSettings settings = new MembershipPasswordSettings(PortalSettings.Current.PortalId); if (settings.EnableBannedList) { MembershipPasswordController m = new MembershipPasswordController(); if (m.FoundBannedPassword(newPassword) || username == newPassword) { string failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } } if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalSettings.Current.PortalId, false)) { UserInfo testUser = UserController.GetUserByEmail(PortalSettings.Current.PortalId, username); // one additonal call to db to see if an account with that email actually exists if (testUser != null) { username = testUser.Username; //we need the username of the account in order to change the password in the next step } } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, newPassword, null, PasswordReset.ResetToken, out string errorMessage) == false) { string failed = errorMessage; LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } else { //check user has a valid profile UserInfo user = UserController.GetUserByName(PortalSettings.PortalId, username); UserValidStatus validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false); if (validStatus == UserValidStatus.UPDATEPROFILE) { LogSuccess(UserInfo); } else { //Log user in to site LogSuccess(UserInfo); UserLoginStatus loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, username, PasswordReset.Password, "", "", "", ref loginStatus, false); actionResult.Message = Localization.GetString("ChangeSuccessful", LocalResourceFile); } } actionResult.IsSuccess = true; actionResult.IsRedirect = true; actionResult.RedirectURL = Managers.ResetPasswordManager.RedirectAfterLogin(); } catch (Exception ex) { actionResult.IsSuccess = false; actionResult.Message = ex.Message; } return(actionResult); }