private void DoExistingUserLogic(Guid userGuid)
        {
            // user found so login if allowed
            SiteUser user = new SiteUser(siteSettings, userGuid);

            if (
                (siteSettings.UseSecureRegistration)
                && (user.RegisterConfirmGuid != Guid.Empty)
                )
            {
                Notification.SendRegistrationConfirmationLink(
                    SiteUtils.GetSmtpSettings(),
                    ResourceHelper.GetMessageTemplate("RegisterConfirmEmailMessage.config"),
                    siteSettings.DefaultEmailFromAddress,
                    siteSettings.DefaultFromEmailAlias,
                    user.Email,
                    siteSettings.SiteName,
                    WebUtils.GetSiteRoot() + "/ConfirmRegistration.aspx?ticket=" +
                    user.RegisterConfirmGuid.ToString());

                lblError.Text = Resource.LoginUnconfirmedEmailMessage;
                log.Info("User " + user.Name + " tried to login but email address is not confirmed.");

                return;
            }

            if (user.IsLockedOut)
            {
                lblError.Text = Resource.LoginAccountLockedMessage;
                log.Info("User " + user.Name + " tried to login but account is locked.");

                return;
            }

            if (siteSettings.UseEmailForLogin)
            {
                FormsAuthentication.SetAuthCookie(
                    user.Email, true);
            }
            else
            {
                FormsAuthentication.SetAuthCookie(
                    user.LoginName, true);
            }

            if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
            {
                string cookieName = "siteguid" + siteSettings.SiteGuid;
                CookieHelper.SetCookie(cookieName, user.UserGuid.ToString(), true);
            }

            user.UpdateLastLoginTime();

            // track user ip address
            UserLocation userLocation = new UserLocation(user.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            string redirectUrl = GetRedirectPath();
            CookieHelper.ExpireCookie(returnUrlCookieName);

            UserSignInEventArgs u = new UserSignInEventArgs(user);
            OnUserSignIn(u);

            WebUtils.SetupRedirect(this, redirectUrl);
            return;
        }
        private void DoNewUserLogic(OpenIdEventArgs e)
        {
            if (e == null) { return; }

            ClaimsResponse claim = e.Response.GetExtension<ClaimsResponse>();
            if (claim == null) { return; }

            if (IsValidForUserCreation(e, claim))
            {
                if (SiteUser.EmailExistsInDB(siteSettings.SiteId, claim.Email))
                {
                    // show message that user should login and associate
                    // their open id account on their profile page.
                    lblError.Text = Resource.OpenIDRegisterUserEmailExistsMessage;
                    return;
                }
                else
                {
                    // create user automagically since we have all
                    // the needed data
                    SiteUser newUser = new SiteUser(siteSettings);
                    newUser.Email = claim.Email;
                    newUser.Name = claim.FullName;
                    string loginName = newUser.Name.Replace(" ", ".").ToLower();
                    if (loginName.Length > 50) loginName = loginName.Substring(0, 50);

                    if (SiteUser.LoginExistsInDB(
                        siteSettings.SiteId, loginName))
                    {
                        loginName = e.ClaimedIdentifier.ToString().Replace("http://", string.Empty).Replace("https://", string.Empty).Replace("/", string.Empty);
                        if (loginName.Length > 50) loginName = loginName.Substring(0, 50);

                        int i = 1;
                        while (SiteUser.LoginExistsInDB(
                            siteSettings.SiteId, loginName))
                        {
                            loginName += i.ToString();
                            if (loginName.Length > 50) loginName = loginName.Remove(40, 1);
                            i++;

                        }

                    }

                    newUser.LoginName = loginName;
                    newUser.Password = SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars);
                    newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
                    newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
                    newUser.OpenIdUri = e.ClaimedIdentifier.ToString();
                    newUser.Save();
                    if (siteSettings.UseSecureRegistration)
                    {
                        newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
                    }

                    // track user ip address
                    UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
                    userLocation.SiteGuid = siteSettings.SiteGuid;
                    userLocation.Hostname = Page.Request.UserHostName;
                    userLocation.Save();

                    if (
                        (siteSettings.UseSecureRegistration)
                        && (newUser.RegisterConfirmGuid != Guid.Empty)
                        )
                    {
                        Notification.SendRegistrationConfirmationLink(
                            SiteUtils.GetSmtpSettings(),
                            ResourceHelper.GetMessageTemplate("RegisterConfirmEmailMessage.config"),
                            siteSettings.DefaultEmailFromAddress,
                            siteSettings.DefaultFromEmailAlias,
                            newUser.Email,
                            siteSettings.SiteName,
                            WebUtils.GetSiteRoot() + "/ConfirmRegistration.aspx?ticket=" +
                            newUser.RegisterConfirmGuid.ToString());

                        lblError.Text = Resource.LoginUnconfirmedEmailMessage;
                        log.Info("Automatically created User " + newUser.Name + " on login from open id. Tried to login but email address is not confirmed.");

                        return;
                    }

                    if (siteSettings.UseEmailForLogin)
                    {
                        FormsAuthentication.SetAuthCookie(
                            newUser.Email, true);
                    }
                    else
                    {
                        FormsAuthentication.SetAuthCookie(
                            newUser.LoginName, true);
                    }

                    if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
                    {
                        string cookieName = "siteguid" + siteSettings.SiteGuid;
                        CookieHelper.SetCookie(cookieName, newUser.UserGuid.ToString(), true);
                    }

                    newUser.UpdateLastLoginTime();

                    string redirectUrl = GetRedirectPath();
                    CookieHelper.ExpireCookie(returnUrlCookieName);
                    WebUtils.SetupRedirect(this, redirectUrl);
                    return;

                }

            }
            else
            {
                // user not found
                // required fields not available from open id
                // redirect to register page?
                // Or show message with Link to
                // register page
                string registerLinkHref = siteRoot
                    + "/Secure/RegisterWithOpenID.aspx";

                litNotRegisteredYetMessage.Text
                    = string.Format(
                    Resource.OpenIDMustRegisterBeforeLoginMesage,
                    registerLinkHref);

            }
        }
        private void SignInUser(SiteUser user, bool isNewUser)
        {
            if (
                (siteSettings.UseSecureRegistration)
                && (user.RegisterConfirmGuid != Guid.Empty)
                )
            {

                Notification.SendRegistrationConfirmationLink(
                    SiteUtils.GetSmtpSettings(),
                    ResourceHelper.GetMessageTemplate("RegisterConfirmEmailMessage.config"),
                    siteSettings.DefaultEmailFromAddress,
                    siteSettings.DefaultFromEmailAlias,
                    user.Email,
                    siteSettings.SiteName,
                    SiteRoot+ "/ConfirmRegistration.aspx?ticket=" +
                    user.RegisterConfirmGuid.ToString());

                log.Info("User " + user.Name + " tried to login but email address is not confirmed.");

                lblError.Text = Resource.RegistrationRequiresEmailConfirmationMessage;
                litInfoNeededMessage.Visible = false;
                pnlRequiredProfileProperties.Visible = false;
                btnCreateUser.Visible = false;

                return;

            }

            if (user.IsLockedOut)
            {

                log.Info("User " + user.Name + " tried to login but account is locked.");

                lblError.Text = Resource.LoginAccountLockedMessage;

                return;
            }

            if ((siteSettings.RequireApprovalBeforeLogin)&&(!user.ApprovedForLogin))
            {

                log.Info("User " + user.Name + " tried to login but account is not approved yet.");

                lblError.Text = Resource.LoginNotApprovedMessage;

                return;
            }

            if (siteSettings.UseEmailForLogin)
            {
                FormsAuthentication.SetAuthCookie(
                    user.Email, true);
            }
            else
            {
                FormsAuthentication.SetAuthCookie(
                    user.LoginName, true);
            }

            if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
            {
                string cookieName = "siteguid" + siteSettings.SiteGuid;
                CookieHelper.SetCookie(cookieName, user.UserGuid.ToString(), true);
            }

            if (user.UserId > -1 && siteSettings.AllowUserSkins && user.Skin.Length > 0)
            {
                SiteUtils.SetSkinCookie(user);
            }

            user.UpdateLastLoginTime();

            // track user ip address
            UserLocation userLocation = new UserLocation(user.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Request.UserHostName;
            userLocation.Save();

            UserSignInEventArgs u = new UserSignInEventArgs(user);
            OnUserSignIn(u);

            if (CookieHelper.CookieExists(returnUrlCookieName))
            {
                returnUrl = CookieHelper.GetCookieValue(returnUrlCookieName);
                CookieHelper.ExpireCookie(returnUrlCookieName);
            }
            string requestedReturnUrl = SiteUtils.GetReturnUrlParam(Page, SiteRoot);
            returnUrl = requestedReturnUrl;

            if (isNewUser)
            {

                if (WebConfigSettings.PageToRedirectToAfterRegistration.Length > 0)
                {
                    returnUrl = SiteRoot + WebConfigSettings.PageToRedirectToAfterRegistration;
                }
            }

            if (String.IsNullOrEmpty(returnUrl) ||
                returnUrl.Contains("AccessDenied") ||
                returnUrl.Contains("Login") ||
                returnUrl.Contains("SignIn") ||
                returnUrl.Contains("ConfirmRegistration.aspx") ||
                returnUrl.Contains("OpenIdRpxHandler.aspx") ||
                returnUrl.Contains("RecoverPassword.aspx") ||
                returnUrl.Contains("Register")
                )
            {
                returnUrl = SiteRoot;
            }

            if (returnUrl.Length > 0)
            {
                if (SiteUtils.IsSecureRequest())
                {
                    if (returnUrl.StartsWith("http:"))
                    {
                        returnUrl = returnUrl.Replace("http:", "https:");
                    }
                }

                WebUtils.SetupRedirect(this, returnUrl);
                return;

            }

            if (SiteUtils.IsSecureRequest())
            {
                if (SiteRoot.StartsWith("http:"))
                {
                    WebUtils.SetupRedirect(this, SiteRoot.Replace("http:", "https:"));
                    return;
                }
            }

            WebUtils.SetupRedirect(this, SiteRoot);
            return;
        }
        void application_AuthenticateRequest(object sender, EventArgs e)
        {
            //if (debugLog) log.Debug("AuthHandlerHttpModule Application_AuthenticateRequest");

            if (sender == null) return;

            HttpApplication app = (HttpApplication)sender;
            if (app.Request == null) { return; }
            if (!app.Request.IsAuthenticated) { return; }

            if(WebUtils.IsRequestForStaticFile(app.Request.Path)) { return; }
            if (app.Request.Path.ContainsCaseInsensitive(".ashx")) { return; }
            if (app.Request.Path.ContainsCaseInsensitive(".axd")) { return; }
            if (app.Request.Path.ContainsCaseInsensitive("setup/default.aspx")) { return; }

            //if (debugLog) log.Debug("IsAuthenticated == true");
            SiteSettings siteSettings;
            try
            {
                siteSettings = CacheHelper.GetCurrentSiteSettings();
            }
            catch (System.Data.Common.DbException ex)
            {
                // can happen during upgrades
                log.Error(ex);
                return;
            }
            catch (Exception ex)
            {
                // hate to trap System.Exception but SqlCeException doe snot inherit from DbException as it should
                if (DatabaseHelper.DBPlatform() != "SqlCe") { throw; }
                log.Error(ex);
                return;
            }
            bool useFolderForSiteDetection = WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites;

            // Added by Haluk Eryuksel - 2006-01-23
            // support for Windows authentication
            if (
                (app.User.Identity.AuthenticationType == "NTLM")
                || (app.User.Identity.AuthenticationType == "Negotiate")
                // || ( Context.User.Identity.AuthenticationType == "Windows" )
                )
            {
                //Added by Benedict Chan - 2008-08-05
                //Added Cookie here so that we don't have to check the users in every page, also to authenticate under NTLM with "useFolderForSiteDetection == true"
                string cookieName = "siteguid" + siteSettings.SiteGuid;
                if (!CookieHelper.CookieExists(cookieName))
                {
                    bool existsInDB;
                    existsInDB = SiteUser.LoginExistsInDB(siteSettings.SiteId, app.Context.User.Identity.Name);

                    if (!existsInDB)
                    {
                        SiteUser u = new SiteUser(siteSettings);
                        u.Name = app.Context.User.Identity.Name;
                        u.LoginName = app.Context.User.Identity.Name;
                        u.Email = GuessEmailAddress(u.Name);
                        u.Password = SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars);

                        mojoMembershipProvider m = Membership.Provider as mojoMembershipProvider;
                        if (m != null)
                        {
                            u.Password = m.EncodePassword(siteSettings, u, u.Password);
                        }

                        u.Save();
                        NewsletterHelper.ClaimExistingSubscriptions(u);

                        UserRegisteredEventArgs args = new UserRegisteredEventArgs(u);
                        OnUserRegistered(args);

                    }

                    SiteUser siteUser = new SiteUser(siteSettings, app.Context.User.Identity.Name);
                    CookieHelper.SetCookie(cookieName, siteUser.UserGuid.ToString(), true);

                    //Copied logic from SiteLogin.cs  Since we will skip them if we use NTLM
                    if (siteUser.UserId > -1 && siteSettings.AllowUserSkins && siteUser.Skin.Length > 0)
                    {
                        SiteUtils.SetSkinCookie(siteUser);
                    }

                    // track user ip address
                    try
                    {
                        UserLocation userLocation = new UserLocation(siteUser.UserGuid, SiteUtils.GetIP4Address());
                        userLocation.SiteGuid = siteSettings.SiteGuid;
                        userLocation.Hostname = app.Request.UserHostName;
                        userLocation.Save();
                        log.Info("Set UserLocation : " + app.Request.UserHostName + ":" + SiteUtils.GetIP4Address());
                    }
                    catch (Exception ex)
                    {
                        log.Error(SiteUtils.GetIP4Address(), ex);
                    }
                }

                //End-Added by Benedict Chan

            }
            // End-Added by Haluk Eryuksel

            if ((useFolderForSiteDetection) && (!WebConfigSettings.UseRelatedSiteMode))
            {
                // replace GenericPrincipal with custom one
                //string roles = string.Empty;
                if (!(app.Context.User is mojoIdentity))
                {
                    app.Context.User = new mojoPrincipal(app.Context.User);
                }
            }
        }
        private void CreateUser(string windowsLiveId)
        {
            SiteUser newUser = new SiteUser(siteSettings);
            newUser.WindowsLiveId = windowsLiveId;
            newUser.Name = SecurityHelper.RemoveMarkup(txtUserName.Text);
            newUser.LoginName = newUser.Name;
            newUser.Email = txtEmail.Text;
            mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
            newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
            //newUser.Password = SiteUser.CreateRandomPassword(7);
            newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
            newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
            newUser.Save();
            if (siteSettings.UseSecureRegistration)
            {
                newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
            }

            mojoProfileConfiguration profileConfig
                = mojoProfileConfiguration.GetConfig();

            // set default values first
            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
            #if!MONO
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
            #endif
                mojoProfilePropertyDefinition.SavePropertyDefault(
                    newUser, propertyDefinition);
            }

            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
            #if!MONO
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
            #endif
                if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
                {
                    mojoProfilePropertyDefinition.SaveProperty(
                        newUser,
                        pnlRequiredProfileProperties,
                        propertyDefinition,
                        timeOffset,
                        timeZone);
                }
            }

            // track user ip address
            UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
            OnUserRegistered(u);

            CacheHelper.ClearMembershipStatisticsCache();

            NewsletterHelper.ClaimExistingSubscriptions(newUser);

            DoUserLogin(newUser);
        }
        private SiteUser CreateUser(
            string openId,
            string email,
            string loginName,
            string name,
            bool emailIsVerified)
        {
            SiteUser newUser = new SiteUser(siteSettings);
            newUser.Email = email;

            if (loginName.Length > 50) loginName = loginName.Substring(0, 50);

            int i = 1;
            while (SiteUser.LoginExistsInDB(
                siteSettings.SiteId, loginName))
            {
                loginName += i.ToString();
                if (loginName.Length > 50) loginName = loginName.Remove(40, 1);
                i++;

            }
            if ((name == null) || (name.Length == 0)) name = loginName;
            newUser.LoginName = loginName;
            newUser.Name = name;
            //newUser.Password = SiteUser.CreateRandomPassword(7);
            mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
            newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
            newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
            newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
            newUser.OpenIdUri = openId;
            newUser.Save();

            //test
            //emailIsVerified = false;

            if (siteSettings.UseSecureRegistration)
            {
                if (!emailIsVerified)
                {
                    newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());

                }
            }

            mojoProfileConfiguration profileConfig
                = mojoProfileConfiguration.GetConfig();

            // set default values first
            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
            #if!MONO
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
            #endif
                mojoProfilePropertyDefinition.SavePropertyDefault(
                    newUser, propertyDefinition);
            }

            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
            #if!MONO
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
            #endif
                if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
                {
                    mojoProfilePropertyDefinition.SaveProperty(
                        newUser,
                        pnlRequiredProfileProperties,
                        propertyDefinition,
                        timeOffset,
                        timeZone);
                }
            }

            // track user ip address
            UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
            OnUserRegistered(u);

            CacheHelper.ClearMembershipStatisticsCache();

            // we'll map them next time they login
            //OpenIdRpxHelper rpxHelper = new OpenIdRpxHelper(rpxApiKey, rpxBaseUrl);
            //rpxHelper.Map(openId, newUser.UserGuid.ToString());

            DoSubscribe(newUser);

            NewsletterHelper.ClaimExistingSubscriptions(newUser);

            return newUser;
        }
Example #7
0
        void RegisterUser_CreatedUser(object sender, EventArgs e)
        {
            TextBox txtEmail = (TextBox)CreateUserWizardStep1.ContentTemplateContainer.FindControl("Email");
            TextBox txtUserName = (TextBox)CreateUserWizardStep1.ContentTemplateContainer.FindControl("UserName");

            if (txtEmail == null) { return; }
            if (txtUserName == null) { return; }

            SiteUser siteUser;

            if (siteSettings.UseEmailForLogin)
            {
                siteUser = new SiteUser(siteSettings, txtEmail.Text);
            }
            else
            {
                siteUser = new SiteUser(siteSettings, txtUserName.Text);
            }

            if (siteUser.UserId == -1) return;

            if (pnlProfile != null)
            {
                mojoProfileConfiguration profileConfig = mojoProfileConfiguration.GetConfig();

                // set default values first
                foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
                {
            #if!MONO
                    // we are using the new TimeZoneInfo list but it doesn't work under Mono
                    // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                    if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
            #endif
                    mojoProfilePropertyDefinition.SavePropertyDefault(siteUser, propertyDefinition);
                }

                foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
                {
            #if!MONO
                    // we are using the new TimeZoneInfo list but it doesn't work under Mono
                    // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                    if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
            #endif
                    if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
                    {
                        mojoProfilePropertyDefinition.SaveProperty(
                            siteUser,
                            pnlProfile,
                            propertyDefinition,
                            timeOffset,
                            timeZone);
                    }
                }

            }

            // track user ip address
            UserLocation userLocation = new UserLocation(siteUser.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            CacheHelper.ClearMembershipStatisticsCache();

            if (
                (!siteSettings.UseSecureRegistration)
                &&(
                    (!siteSettings.RequireApprovalBeforeLogin)
                    ||(siteUser.ApprovedForLogin)
                  )
                )
            {
                if (siteSettings.UseEmailForLogin)
                {
                    FormsAuthentication.SetAuthCookie(siteUser.Email, false);
                }
                else
                {
                    FormsAuthentication.SetAuthCookie(siteUser.LoginName, false);
                }

                if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
                {
                    string cookieName = "siteguid" + siteSettings.SiteGuid;
                    CookieHelper.SetCookie(cookieName, siteUser.UserGuid.ToString(), false);
                }

                siteUser.UpdateLastLoginTime();

            }

            DoSubscribe(siteUser);

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(siteUser);
            OnUserRegistered(u);
        }
        private void CreateUser(
            string openId,
            string email,
            string loginName,
            string name)
        {
            SiteUser newUser = new SiteUser(siteSettings);
            newUser.Email = email;

            if (loginName.Length > 50) loginName = loginName.Substring(0, 50);

            int i = 1;
            while (SiteUser.LoginExistsInDB(
                siteSettings.SiteId, loginName))
            {
                loginName += i.ToString();
                if (loginName.Length > 50) loginName = loginName.Remove(40, 1);
                i++;

            }
            if ((name == null) || (name.Length == 0)) name = loginName;
            newUser.LoginName = loginName;
            newUser.Name = name;
            //newUser.Password = SiteUser.CreateRandomPassword(7);
            mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
            newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
            newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
            newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
            newUser.OpenIdUri = openId;
            newUser.Save();
            if (siteSettings.UseSecureRegistration)
            {
                newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
            }

            mojoProfileConfiguration profileConfig
                = mojoProfileConfiguration.GetConfig();

            // set default values first
            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
                mojoProfilePropertyDefinition.SavePropertyDefault(
                    newUser, propertyDefinition);
            }

            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
                if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
                {
                    mojoProfilePropertyDefinition.SaveProperty(
                        newUser,
                        pnlRequiredProfileProperties,
                        propertyDefinition,
                        timeOffset,
                        timeZone);
                }
            }

            // track user ip address
            UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
            OnUserRegistered(u);

            CacheHelper.ClearMembershipStatisticsCache();

            NewsletterHelper.ClaimExistingSubscriptions(newUser);

            DoUserLogin(newUser);
        }
Example #9
0
        protected void SiteLogin_LoggedIn(object sender, EventArgs e)
        {
            if (siteSettings == null) return;

            SiteUser siteUser = new SiteUser(siteSettings, this.UserName);

            if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
            {
                string cookieName = "siteguid" + siteSettings.SiteGuid;
                CookieHelper.SetCookie(cookieName, siteUser.UserGuid.ToString(), this.RememberMeSet);
            }

            if (siteUser.UserId > -1 && siteSettings.AllowUserSkins && siteUser.Skin.Length > 0)
            {
                SiteUtils.SetSkinCookie(siteUser);
            }

            if (siteUser.UserGuid == Guid.Empty) return;

            // track user ip address
            try
            {
                UserLocation userLocation = new UserLocation(siteUser.UserGuid, SiteUtils.GetIP4Address());
                userLocation.SiteGuid = siteSettings.SiteGuid;
                userLocation.Hostname = Page.Request.UserHostName;
                userLocation.Save();
            }
            catch (Exception ex)
            {
                log.Error(SiteUtils.GetIP4Address(), ex);
            }

            UserSignInEventArgs u = new UserSignInEventArgs(siteUser);
            OnUserSignIn(u);
        }
        private void DoExistingUserLogic(Guid userGuid)
        {
            // user found so login if allowed
            SiteUser user = new SiteUser(siteSettings, userGuid);

            bool canLogin = true;

            if (
                (siteSettings.UseSecureRegistration)
                && (user.RegisterConfirmGuid != Guid.Empty)
                )
            {
                Notification.SendRegistrationConfirmationLink(
                    SiteUtils.GetSmtpSettings(),
                    ResourceHelper.GetMessageTemplate("RegisterConfirmEmailMessage.config"),
                    siteSettings.DefaultEmailFromAddress,
                    siteSettings.DefaultFromEmailAlias,
                    user.Email,
                    siteSettings.SiteName,
                    WebUtils.GetSiteRoot() + "/ConfirmRegistration.aspx?ticket=" +
                    user.RegisterConfirmGuid.ToString());

                log.Info("User " + user.Name + " tried to login but email address is not confirmed.");

                canLogin = false;
            }

            if (user.IsLockedOut)
            {

                log.Info("User " + user.Name + " tried to login but account is locked.");

                canLogin = false;
            }

            if ((siteSettings.RequireApprovalBeforeLogin) && (!user.ApprovedForLogin))
            {
                log.Info("User " + user.Name + " tried to login but account is not approved yet.");
                canLogin = false;
            }

            if (canLogin)
            {
                if (siteSettings.UseEmailForLogin)
                {
                    FormsAuthentication.SetAuthCookie(
                        user.Email, persistCookie);

                }
                else
                {
                    FormsAuthentication.SetAuthCookie(
                        user.LoginName, persistCookie);

                }

                if (user.LiveMessengerDelegationToken.Length > 0)
                {
                    WindowsLiveMessenger m = new WindowsLiveMessenger(windowsLive);
                    ConsentToken token = m.DecodeToken(user.LiveMessengerDelegationToken);
                    token = m.RefreshConsent(token);
                    if (token != null)
                    {
                        CookieHelper.SetCookie(consentTokenCookie, token.Token);
                        CookieHelper.SetCookie(delegationTokenCookie, token.DelegationToken);
                    }

                }

                if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
                {
                    string cookieName = "siteguid" + siteSettings.SiteGuid;
                    CookieHelper.SetCookie(cookieName, user.UserGuid.ToString(), persistCookie);
                }

                if (user.UserId > -1 && siteSettings.AllowUserSkins && user.Skin.Length > 0)
                {
                    SiteUtils.SetSkinCookie(user);
                }

                user.UpdateLastLoginTime();

                // track user ip address
                UserLocation userLocation = new UserLocation(user.UserGuid, SiteUtils.GetIP4Address());
                userLocation.SiteGuid = siteSettings.SiteGuid;
                userLocation.Hostname = Page.Request.UserHostName;
                userLocation.Save();

                string redirectUrl = GetRedirectPath();
                CookieHelper.ExpireCookie(returnUrlCookieName);

                UserSignInEventArgs u = new UserSignInEventArgs(user);
                OnUserSignIn(u);

                //WebUtils.SetupRedirect(this, redirectUrl);
                Response.Redirect(redirectUrl);
                return;

            }
            else
            {
                // redirect to login
                // need to make login page show
                // reason for failure
                //WebUtils.SetupRedirect(this, LoginPage);
                Response.Redirect(LoginPage);
            }
        }
Example #11
0
        public static void TrackUserActivity()
        {
            if (HttpContext.Current == null) { return; }
            if (HttpContext.Current.Request == null) { return; }
            if (!HttpContext.Current.User.Identity.IsAuthenticated) { return; }
            if (!WebConfigSettings.TrackAuthenticatedRequests) { return; }

            bool bypassAuthCheck = false;
            SiteUser siteUser = GetCurrentSiteUser(bypassAuthCheck);
            //SiteUser siteUser = new SiteUser(siteSettings, HttpContext.Current.User.Identity.Name);
            if ((siteUser != null) && (siteUser.UserId > -1))
            {
                siteUser.UpdateLastActivityTime();
                if (debugLog) { log.Debug("Tracked user activity for request " + HttpContext.Current.Request.RawUrl); }

                if (WebConfigSettings.TrackIPForAuthenticatedRequests)
                {
                    SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
                    if (siteSettings == null) return;

                    // track user ip address
                    UserLocation userLocation = new UserLocation(
                        siteUser.UserGuid,
                        GetIP4Address());

                    userLocation.SiteGuid = siteSettings.SiteGuid;
                    userLocation.Hostname = HttpContext.Current.Request.UserHostName;
                    userLocation.Save();

                }
            }
        }