Example #1
0
        /// <summary>
        /// Handles the CreatedUser event of the CreateUserWizard1 control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
        protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
        {
            string userName = CreateUserWizard1.UserName;

            MembershipUser user = ITUser.GetUser(userName);

            if (user != null)
            {
                TextBox FirstName = (TextBox)CreateUserWizardStep0.ContentTemplateContainer.FindControl("FirstName");
                TextBox LastName = (TextBox)CreateUserWizardStep0.ContentTemplateContainer.FindControl("LastName");
                TextBox FullName = (TextBox)CreateUserWizardStep0.ContentTemplateContainer.FindControl("FullName");

                WebProfile Profile = new WebProfile().GetProfile(user.UserName);

                Profile.FirstName = FirstName.Text;
                Profile.LastName = LastName.Text;
                Profile.DisplayName = FullName.Text;
                Profile.Save();

                //auto assign user to roles
                List<Role> roles = Role.GetAllRoles();
                foreach (Role r in roles)
                {
                    if (r.AutoAssign)
                        Role.AddUserToRole(user.UserName, r.Id);
                }

                //send notification this user was created
                ITUser.SendUserRegisteredNotification(user.UserName);
            }
        }
Example #2
0
        /// <summary>
        /// Installs the bug NET.
        /// </summary>
        /// <returns></returns>
        private bool InstallBugNET()
        {
            try
            {
                string providerPath = DataProviderManager.Provider.GetProviderPath();

                if (!providerPath.StartsWith("ERROR"))
                {
                    WriteMessage(string.Format("Installing Version: {0}<br/>", Upgrade.GetCurrentVersion()), 0, true);
                    WriteMessage("Installing Membership Provider:<br/>", 0, true);
                    ExecuteSqlInFile(string.Format("{0}InstallCommon.sql",providerPath));
                    ExecuteSqlInFile(string.Format("{0}InstallMembership.sql",providerPath));
                    ExecuteSqlInFile(string.Format("{0}InstallProfile.sql",providerPath));
                    ExecuteSqlInFile(string.Format("{0}InstallRoles.sql",providerPath));
                    WriteMessage("Installing BugNET Database:<br/>", 0, true);
                    ExecuteSqlInFile(string.Format("{0}BugNET.Schema.SqlDataProvider.sql",providerPath));
                    WriteMessage("Installing BugNET Default Data:<br/>", 0, true);
                    ExecuteSqlInFile(string.Format("{0}BugNET.Data.SqlDataProvider.sql",providerPath));
                    WriteMessage("Creating Administrator Account", 0, true);
                    //create admin user
                    MembershipCreateStatus status = MembershipCreateStatus.Success;
                    MembershipUser NewUser = Membership.CreateUser("Admin", "password", "*****@*****.**", "no question", "no answer", true, out status);
                    if (NewUser != null)
                    {
                        //add the admin user to the Super Users role.
                        Role.AddUserToRole("Admin", 1);
                        //add user profile information
                        WebProfile Profile = new WebProfile().GetProfile("Admin");
                        Profile.FirstName = "Admin";
                        Profile.LastName = "Admin";
                        Profile.DisplayName = "Administrator";
                        Profile.Save();
                    }
                    WriteScriptSuccessError(true);
                    Upgrade.UpdateDatabaseVersion(Upgrade.GetCurrentVersion());
                }
                else
                {
                    //upgrade error
                    Response.Write("<h2>Upgrade Error: " + providerPath + "</h2>");
                    return false;
                }
            }
            catch (Exception e)
            {
                WriteErrorMessage(e.Message);
                return false;
            }
            return true;
        }
        /// <summary>
        /// Handles the AuthenticateRequest event of the context control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="T:System.EventArgs"/> instance containing the event data.</param>
        void context_AuthenticateRequest(object sender, EventArgs e)
        {
            //check if we are upgrading/installing

            // TODO: Potential security hole
            // You might be able to spoof the path and bypass later checks which are
            // expecting to be given an exception if there is a problem.
            //
            // However this is a nice solution.
            if (HttpContext.Current.Request.Url.LocalPath.ToLower().EndsWith("install.aspx"))
                return;

            //get host settings
            bool enabled = HostSetting.GetHostSetting("UserAccountSource") == "ActiveDirectory" || HostSetting.GetHostSetting("UserAccountSource") == "WindowsSAM";

            //check if windows authentication is enabled in the host settings
            if (enabled)
            {
                if (System.Web.HttpContext.Current.User != null)
                    MDC.Set("user", System.Web.HttpContext.Current.User.Identity.Name);

                // This was moved from outside "if enabled" to only happen when we need it.
                HttpRequest request = HttpContext.Current.Request;

               // not needed to be removed
               // HttpResponse response = HttpContext.Current.Response;

                if (request.IsAuthenticated)
                {
                    if ((HttpContext.Current.User.Identity.AuthenticationType == "NTLM" || HttpContext.Current.User.Identity.AuthenticationType == "Negotiate"))
                    {
                        //check if the user exists in the database
                        MembershipUser user = ITUser.GetUser(HttpContext.Current.User.Identity.Name);

                        if (user == null)
                        {
                            try
                            {
                                UserProperties userprop = GetUserProperties(HttpContext.Current.User.Identity.Name);
                                MembershipUser mu = null;
                                MembershipCreateStatus createStatus = MembershipCreateStatus.Success;

                                //create a new user with the current identity and a random password.
                                if (Membership.RequiresQuestionAndAnswer)
                                    mu = Membership.CreateUser(HttpContext.Current.User.Identity.Name, Membership.GeneratePassword(7, 2), userprop.Email, "WindowsAuth", "WindowsAuth", true, out createStatus);
                                else
                                    mu = Membership.CreateUser(HttpContext.Current.User.Identity.Name, Membership.GeneratePassword(7, 2), userprop.Email);

                                if (createStatus == MembershipCreateStatus.Success && mu != null)
                                {
                                    WebProfile Profile = new WebProfile().GetProfile(HttpContext.Current.User.Identity.Name);
                                    Profile.DisplayName = String.Format("{0} {1}", userprop.FirstName, userprop.LastName);
                                    Profile.FirstName = userprop.FirstName;
                                    Profile.LastName = userprop.LastName;
                                    Profile.Save();

                                    //auto assign user to roles
                                    List<Role> roles = Role.GetAllRoles().FindAll(r => r.AutoAssign == true);
                                    foreach (Role r in roles)
                                        Role.AddUserToRole(mu.UserName, r.Id);
                                }

                                user = Membership.GetUser(HttpContext.Current.User.Identity.Name);
                            }
                            catch (Exception ex)
                            {
                                if (Log.IsErrorEnabled)
                                    Log.Error(String.Format("Unable to add new user '{0}' to BugNET application. Authentication Type='{1}'.", HttpContext.Current.User.Identity.Name, HttpContext.Current.User.Identity.AuthenticationType), ex);
                            }
                        }
                        else
                        {
                            //update the user's last login date.
                            user.LastLoginDate = DateTime.Now;
                            Membership.UpdateUser(user);
                        }
                    }
                    //else
                    //{
                    //    // Warning:
                    //    // This line may generate too many log entries!!
                    //    // We will have to see in practice.
                    //    if (System.Web.HttpContext.Current.User != null)
                    //        MDC.Set("user", System.Web.HttpContext.Current.User.Identity.Name);

                    //    if (Log.IsErrorEnabled)
                    //        Log.Error(String.Format("Unknown Authentication Type '{0}'.", HttpContext.Current.User.Identity.Name));
                    //}
                }
            }
        }
Example #4
0
 /// <summary>
 /// Handles the Click event of the cmdUpdate control.
 /// </summary>
 /// <param name="sender">The source of the event.</param>
 /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
 protected void cmdUpdate_Click(object sender, EventArgs e)
 {
     try
     {
         MembershipUser user = ITUser.GetUser(UserId);
         if (user != null)
         {
             WebProfile Profile = new WebProfile().GetProfile(user.UserName);
             Profile.DisplayName = DisplayName.Text;
             Profile.FirstName = FirstName.Text;
             Profile.LastName = LastName.Text;
             //Profile.ContactInfo.Fax = Fax.Text;
             //Profile.ContactInfo.Mobile = Mobile.Text;
             //Profile.ContactInfo.Telephone = Telephone.Text;
             Profile.Save();
         }
     }
     catch
     {
         lblError.Text = Logging.GetErrorMessageResource("ProfileUpdateError");
     }
 }
Example #5
0
        /// <summary>
        /// Handles the LoggedIn event of the OpenIdLogin1 control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="DotNetOpenAuth.OpenId.RelyingParty.OpenIdEventArgs"/> instance containing the event data.</param>
        protected void OpenIdLogin1_LoggedIn(object sender, OpenIdEventArgs e)
        {
            try
            {
                // Clear previously remembered OpenID state
                Session["isDoingOpenIDLogin"] = "";

                // May 30 2010
                // BGN-1356
                //
                // Added by smoss for security.
                // Another user shouldnt be able to use this method
                // if OpenID is off.
                if (!isOpenIDEnabled)
                {
                    throw new UnauthorizedAccessException();
                }

                if (e.Response != null)
                {
                    switch (e.Response.Status)
                    {
                        case AuthenticationStatus.Authenticated:
                            // This is where you would look for any OpenID extension responses included
                            // in the authentication assertion.
                            // var extension = openid.Response.GetExtension<someextensionresponsetype>();

                            // TODO : check for linked account via user profile settings if Desired
                            // May 31 2010

                            // WARNING: There is no logging in this method!
                            string email = string.Empty;
                            string alias = string.Empty;
                            string fullname = string.Empty;

                            ClaimsResponse fetch = e.Response.GetExtension(typeof(ClaimsResponse)) as ClaimsResponse;
                            if (fetch != null)
                            {
                                alias = fetch.Nickname;    // set size limits
                                email = fetch.Email;       // no validation of email
                                fullname = fetch.FullName; // set size limits
                            }

                            if (string.IsNullOrEmpty(alias))
                                alias = e.Response.ClaimedIdentifier;

                            // Warning: Invalid email address
                            if (string.IsNullOrEmpty(email))
                                email = e.Response.ClaimedIdentifier;
                            if (string.IsNullOrEmpty(fullname))
                                fullname = e.Response.ClaimedIdentifier;

                            //Now see if the user already exists, if not create them
                            MembershipUser TestUser = Membership.GetUser(e.Response.ClaimedIdentifier);

                            if (TestUser != null)
                            {
                                // BGN-1867
                                // Banned users are not allowed to login via OpenID
                                // See if this user is allowed on the system. Also dont allow users
                                // who are still logged in to try and login.
                                if ((!TestUser.IsApproved) || (TestUser.IsLockedOut) )
                                {
                                    loginFailedLabel.Text += ": Account not authorized or is locked.";
                                    loginFailedLabel.Visible = true;
                                    e.Cancel = true;
                                    break;
                                }

                                if ((TestUser.IsOnline))
                                {
                                    loginFailedLabel.Text += ": Account is already online.";
                                    loginFailedLabel.Visible = true;
                                    e.Cancel = true;
                                    break;
                                }
                            }
                            else
                            {

                                if (Boolean.Parse(HostSetting.GetHostSetting("DisableUserRegistration")))
                                {
                                    loginFailedLabel.Text += ": User registration has been disabled by the administrator.";
                                    loginFailedLabel.Visible = true;
                                    e.Cancel = true;
                                    break; // unsecure break should be a return
                                }

                                MembershipCreateStatus membershipCreateStatus;

                                MembershipUser user = Membership.CreateUser(e.Response.ClaimedIdentifier, Membership.GeneratePassword(7, 2), email, Membership.GeneratePassword(12, 4), Membership.GeneratePassword(12, 4), true, out membershipCreateStatus);

                                if (membershipCreateStatus != MembershipCreateStatus.Success)
                                {
                                    loginFailedLabel.Text += ": Unsuccessful creation of Account: "
                                        + membershipCreateStatus.ToString();
                                    loginFailedLabel.Visible = true;
                                    e.Cancel = true;
                                    break;// unsecure break should be a return
                                }
                                //save profile info
                                WebProfile Profile = new WebProfile().GetProfile(user.UserName);
                                Profile.DisplayName = fullname;
                                Profile.Save();
                                user.Comment = alias;
                                Membership.UpdateUser(user);

                                //auto assign user to roles
                                List<Role> roles = Role.GetAllRoles();
                                foreach (Role r in roles)
                                {
                                    if (r.AutoAssign)
                                        Role.AddUserToRole(user.UserName, r.Id);
                                }

                                //send notification this user was created
                                ITUser.SendUserRegisteredNotification(user.UserName);
                            }

                            // NB NB Only do the redirect when e.Cancel != true
                            // There is a very very slim chance this code will be reached with
                            // e.Cancel == true
                            if (e.Cancel == false)
                            {
                                // Use FormsAuthentication to tell ASP.NET that the user is now logged in,
                                // with the OpenID Claimed Identifier as their username.
                                FormsAuthentication.RedirectFromLoginPage(e.Response.ClaimedIdentifier, false);
                            }
                            break;
                        case AuthenticationStatus.Canceled:
                            loginCanceledLabel.Visible = true;
                            e.Cancel = true;
                            break; // unsecure break should be a return

                        // extra enums detected and force a default case
                        // They all mean failures
                        case AuthenticationStatus.Failed:
                        case AuthenticationStatus.ExtensionsOnly:
                        case AuthenticationStatus.SetupRequired:
                        default:
                            loginFailedLabel.Visible = true;
                            e.Cancel = true;
                            break; // unsecure break should be a return
                    }

                }
                else
                {
                    // response is null
                }

            }
            finally
            {
                // This finally block covers all the code
                if (e.Cancel)
                {
                    // make sure we stay focused on the openid control
                    Session["isDoingOpenIDLogin"] = "******";
                }
            }
        }
Example #6
0
        /// <summary>
        /// Handles the Click event of the AddNewUser control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
        protected void AddNewUser_Click(object sender, EventArgs e)
        {
            string password;

            if (!Page.IsValid)
            {
                return;
            }

            if (chkRandomPassword.Checked)
            {
                cvPassword.Enabled = false;
                rvConfirmPassword.Enabled = false;
                rvPassword.Enabled = false;
                password = Membership.GeneratePassword(7, 0);
            }
            else
            {
                rvConfirmPassword.Enabled = true;
                rvPassword.Enabled = true;
                password = Password.Text;
            }

            lblMessage.Visible = false;

            MembershipCreateStatus createStatus = MembershipCreateStatus.Success;
            string resultMsg = "";

            string userIDText = UserName.Text;
            string emailText = Email.Text;
            bool isActive = ActiveUser.Checked;

            string question = "";
            string answer = "";
            if (Membership.RequiresQuestionAndAnswer)
            {
                question = SecretQuestion.Text;
                answer = SecretAnswer.Text;
            }

            try
            {
                MembershipUser mu = null;

                if (Membership.RequiresQuestionAndAnswer)
                {
                    mu = Membership.CreateUser(userIDText, password, emailText, question, answer, isActive, out createStatus);
                }
                else
                {
                    mu = Membership.CreateUser(userIDText, password, emailText);
                }

                if (createStatus == MembershipCreateStatus.Success && mu != null)
                {
                    WebProfile Profile = new WebProfile().GetProfile(mu.UserName);
                    Profile.DisplayName = DisplayName.Text;
                    Profile.FirstName = FirstName.Text;
                    Profile.LastName = LastName.Text;
                    Profile.Save();

                    //auto assign user to roles
                    List<Role> roles = Role.GetAllRoles();
                    foreach (Role r in roles)
                    {
                        if (r.AutoAssign)
                            Role.AddUserToRole(mu.UserName, r.Id);
                    }
                }

                ImageButton2.Enabled = false;
                LinkButton2.Enabled = false;

                resultMsg = GetLocalResourceObject("UserCreated").ToString();
                Message1.IconType = BugNET.UserControls.Message.MessageType.Information;

            }
            catch (Exception ex)
            {
                resultMsg = GetLocalResourceObject("UserCreatedError").ToString() + "<br/>" + ex.Message;
                Message1.IconType = BugNET.UserControls.Message.MessageType.Error;
            }

            Message1.Text = resultMsg;
            Message1.Visible = true;
        }