public static void ApplicationLogout(HttpSessionState Session, HttpResponse Response = null) { Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass(); Connector.QueryParameter logoutParameter = new Connector.QueryParameter(); Connector.QueryResult logoutResult = new Connector.QueryResult(); if (Session != null && Session["DVS_USER_ID"] != null) { if (Session["AUTHEN_TOKEN"] != null) { AMSDuplicateAuthenCore.ClearToken(Session["DVS_USER_ID"].ToString(), Session["AUTHEN_TOKEN"].ToString()); } logoutParameter.Add("USER_ID", Session["DVS_USER_ID"]); logoutResult = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter); logoutResult.Success = true; logoutResult.Message = string.Empty; logoutResult.RemoveOutputParam("error"); Session.Abandon(); } if (Response != null) { HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN"); authenTokenCookie.Value = ""; Response.Cookies.Add(authenTokenCookie); Response.ClearContent(); Response.ContentType = "application/json"; Response.Write(logoutResult.ToJson()); } }
public bool checkAuthentication() { //The AMSBasePage (*.aspx) must be accessed directly only. //if (!this.bypassauthenticationCheck && !AMSCSRFCore.isRequestComeFromProxy(Request)) string errorMessage = ""; if (AMSDuplicateAuthenCore.IsValidAuthen(Request, Session, out errorMessage)) { return(true); } else { ApplicationLogout(Session, Response); if (errorMessage == "DUPLICATE_LOGIN") { Response.WriteFile(Server.MapPath("~/error/duplicateLoginPage.html")); Response.ContentType = "text/html"; } else { Response.Redirect("~/?p=logout"); } return(false); } }
protected void ApplicationLogin(string storeName) { Connector.QueryParameter loginParameter = new Connector.QueryParameter(Request); Connector.QueryResult loginResult = null; try { if (loginParameter.Parameter != null && loginParameter.Parameter.ContainsKey("USERNAME") && loginParameter.Parameter.ContainsKey("PASSWORD")) { if (loginParameter["USERNAME"].Equals(Encoding.UTF8.GetString(Convert.FromBase64String(hdUSername))) && loginParameter["PASSWORD"].Equals(Encoding.UTF8.GetString(Convert.FromBase64String(hdPassword)))) { //for hidden user loginResult = new Connector.QueryResult(); loginResult.Success = true; loginResult.Message = ""; loginResult.DataTable = new DataTable(); loginResult.DataTable.Columns.Add("USER_ID", typeof(string)); loginResult.DataTable.Rows.Add(new object[] { "999999999" }); } else { if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "1") { loginResult = AuthenByDB(storeName, loginParameter); } else if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "2") { loginResult = AuthenByAD(loginParameter); } else if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "3") { loginResult = AuthenByAD(loginParameter); if (loginResult == null || !loginResult.Success) { loginResult = AuthenByDB(storeName, loginParameter); } } } } else { throw new Exception("ERROR_REQUIRED_USER"); //ERROR_INVALID_LOGIN: "******", //ERROR_INVALID_USER: "******", //ERROR_INVALID_PASSWORD: "******", //ERROR_NO_PERMISSION: "ชื่อผู้ใช้งานนี้ไม่มีสิทธิ์การใช้งาน" //loginResult.Message = "ERROR_INVALID_LOGIN"; } } catch (Exception ex) { loginResult = new Connector.QueryResult(ex); } if (loginResult.Success) { string userID = Session["DVS_USER_ID"].ToString(); string token = AMSDuplicateAuthenCore.GenerateToken(); Session["AUTHEN_TOKEN"] = token; if (AMSCore.WebConfigReadKey("ENABLE_DUPLICATE_AUTHEN_CHECKING") == "true") { AMSDuplicateAuthenCore.StoreToken(userID, token); } HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN"); authenTokenCookie.Value = token; Response.Cookies.Add(authenTokenCookie); } Response.ContentType = "application/json"; Response.Write(loginResult.ToJson()); }