/// <summary>
/// VerificaLasciapassare checks if login happened.
/// </summary>
/// <param name="Session"></param>
/// <returns></returns>
public static bool CanLogOn(
System.Web.SessionState.HttpSessionState Session,
string UserHostAddress
)
{
bool result = false;
object lasciapassare = Session["lasciapassare"];
Entity.BusinessEntities.Permesso.Patente actualLasciapassare =
default(Entity.BusinessEntities.Permesso.Patente);
if (
null == lasciapassare
)
{
return(false);//cannot enter.
}// else continue.
//
try
{
actualLasciapassare = (Entity.BusinessEntities.Permesso.Patente)lasciapassare;// here throws, if cast fails.
string username = actualLasciapassare.username;
int id_user = actualLasciapassare.id_username;
if (
"utente not found" == username ||
0 == id_user
)
{
throw new System.Exception("Allarme: avvenuto ingresso di utente NON riconosciuto. ");
}// else can enter.
Session["errore"] = null;
result = true;
}
catch (System.Exception ex)
{
LoggingToolsContainerNamespace.LoggingToolsContainer.LogBothSinks_DbFs(
"VerificaLasciapassare: rilevato tentativo di violazione dell'area riservata. " +
" IP client=" + UserHostAddress +
" SessionId=" + Session.SessionID +
" Ex = " + ex.Message,
5
);
Session["errore"] = "Credenziali non riconosciute.";
result = false;
}
// ready
return(result);
} //
}// end Page_Load
protected void itnLogin_Click(object sender, ImageClickEventArgs e)
{
LogSinkFs.Wrappers.LogWrappers.SectionOpen("LoginSquareClient", 5);
LogSinkDb.Wrappers.LogWrappers.SectionOpen("LoginSquareClient", 5);
//---filter username----NB. no filtering on pwd----------
string filtered_username = Process.utente.utente_login.filterUsername(this.txtUser.Text);
//
int loginResult =
Process.utente.utente_login.canLogOn(
filtered_username,
this.txtPwd.Text //--NB. no filtering on pwd----------
);
// cache data to be used it in permission-management, iff 0==loginresult.
Entity.BusinessEntities.Permesso.Patente patente = null;
if (0 == loginResult)
{
patente =
Process.permesso.permesso_loadSingle.GetPatente(
filtered_username
);
}// else "patente" stays null.
//
if (
0 == loginResult &&
null != patente
)
{//--ok
this.Session["lasciapassare"] = patente;
this.Session["errore"] = null;
//
LogSinkFs.Wrappers.LogWrappers.SectionContent(
"Login valido per l'utente " + ((Entity.BusinessEntities.Permesso.Patente)(this.Session["lasciapassare"])).username +
" IP client=" + this.Request.UserHostAddress +
" SessionId=" + this.Session.SessionID,
5);
LogSinkDb.Wrappers.LogWrappers.SectionContent(
"Login valido per l'utente " + ((Entity.BusinessEntities.Permesso.Patente)(this.Session["lasciapassare"])).username +
" IP client=" + this.Request.UserHostAddress +
" SessionId=" + this.Session.SessionID,
5);
//
LogSinkFs.Wrappers.LogWrappers.SectionClose();
LogSinkDb.Wrappers.LogWrappers.SectionClose();
this.Response.Redirect("~/zonaRiservata/candidatoLoad.aspx");
}
else// if 0<loginResult -> get error msg.
{//--out
this.Session["lasciapassare"] = null;
this.Session["errore"] = Process.utente.utente_login.loginMessages[loginResult];
//
LogSinkFs.Wrappers.LogWrappers.SectionContent(
"Login fallito per l'utente " + this.txtUser.Text + " tradotto in " + filtered_username +
" IP client=" + this.Request.UserHostAddress +
" SessionId=" + this.Session.SessionID,
5);
LogSinkDb.Wrappers.LogWrappers.SectionContent(
"Login fallito per l'utente " + this.txtUser.Text + " tradotto in " + filtered_username +
" IP client=" + this.Request.UserHostAddress +
" SessionId=" + this.Session.SessionID,
5);
//
LogSinkFs.Wrappers.LogWrappers.SectionClose();
LogSinkDb.Wrappers.LogWrappers.SectionClose();
this.Response.Redirect("~/errore.aspx");
}
} // end itnLogin_Click()
}// end TryRoleChecker
/// <summary>
/// 0 unlogged
/// 1 admin
/// 2 writer
/// 3 reader
/// </summary>
/// <returns></returns>
public static int RoleCheckerQuery(
System.Web.SessionState.HttpSessionState Session,
string UserHostAddress
)
{
int res = default(int);
object lasciapassare = Session["lasciapassare"];
Entity.BusinessEntities.Permesso.Patente actualLasciapassare =
default(Entity.BusinessEntities.Permesso.Patente);
LoggingToolsContainerNamespace.LoggingToolsContainer.LogBothSinks_DbFs(
"RoleCheckerQuery for host " + UserHostAddress, 0);
//
if (
null == lasciapassare
)
{
return(0);//cannot enter.
}// else continue.
string username = default(string);
int id_user = default(int);
//
try
{
actualLasciapassare = (Entity.BusinessEntities.Permesso.Patente)lasciapassare;// here throws, if cast fails.
username = actualLasciapassare.username;
id_user = actualLasciapassare.id_username;
if (
"utente not found" == username ||
0 == id_user
)
{
throw new System.Exception("Allarme: avvenuto ingresso di utente NON riconosciuto. ");
}// else can enter.
Session["errore"] = null;
// still don't know WHO is logged, so nothing about "res" yet.
}
catch (System.Exception ex)
{
LoggingToolsContainerNamespace.LoggingToolsContainer.LogBothSinks_DbFs(
"VerificaLasciapassare: rilevato tentativo di violazione dell'area riservata. " +
" IP client=" + UserHostAddress +
" SessionId=" + Session.SessionID +
" Ex = " + ex.Message,
0
);
Session["errore"] = "Credenziali non riconosciute.";
res = -1;// unlogged
return(res);
}
//
//
if (// Administrator: enables LogViewing, more than writing.
"admin" == username
)
{
res = 1;
}
else if (// writer
"Sandro Francesconi" == username ||
"Thomas Albarello" == username ||
"Daniela Pichierri" == username
)
{
res = 2;
}
else
{// reader
res = 3;
}
Session["RoleChecker"] = res;//----NB.--------------
// ready
//
return(res);
} //
