public void UpdateUserRole(int portalId, int userId, int roleId, RoleStatus status, bool isOwner, bool cancel) { UserInfo user = UserController.GetUserById(portalId, userId); UserRoleInfo userRole = GetUserRole(portalId, userId, roleId); var eventLogController = new EventLogController(); if (cancel) { if (userRole != null && userRole.ServiceFee > 0.0 && userRole.IsTrialUsed) { //Expire Role so we retain trial used data userRole.ExpiryDate = DateTime.Now.AddDays(-1); userRole.Status = status; userRole.IsOwner = isOwner; provider.UpdateUserRole(userRole); eventLogController.AddLog(userRole, PortalController.GetCurrentPortalSettings(), UserController.GetCurrentUserInfo().UserID, "", EventLogController.EventLogType.USER_ROLE_UPDATED); } else { //Delete Role DeleteUserRoleInternal(portalId, userId, roleId); eventLogController.AddLog("UserId", userId.ToString(CultureInfo.InvariantCulture), PortalController.GetCurrentPortalSettings(), UserController.GetCurrentUserInfo().UserID, EventLogController.EventLogType.USER_ROLE_DELETED); } } else { int UserRoleId = -1; DateTime ExpiryDate = DateTime.Now; DateTime EffectiveDate = Null.NullDate; bool IsTrialUsed = false; int Period = 0; string Frequency = ""; if (userRole != null) { UserRoleId = userRole.UserRoleID; EffectiveDate = userRole.EffectiveDate; ExpiryDate = userRole.ExpiryDate; IsTrialUsed = userRole.IsTrialUsed; } RoleInfo role = TestableRoleController.Instance.GetRole(portalId, r => r.RoleID == roleId); if (role != null) { if (IsTrialUsed == false && role.TrialFrequency != "N") { Period = role.TrialPeriod; Frequency = role.TrialFrequency; } else { Period = role.BillingPeriod; Frequency = role.BillingFrequency; } } if (EffectiveDate < DateTime.Now) { EffectiveDate = Null.NullDate; } if (ExpiryDate < DateTime.Now) { ExpiryDate = DateTime.Now; } if (Period == Null.NullInteger) { ExpiryDate = Null.NullDate; } else { switch (Frequency) { case "N": ExpiryDate = Null.NullDate; break; case "O": ExpiryDate = new DateTime(9999, 12, 31); break; case "D": ExpiryDate = ExpiryDate.AddDays(Period); break; case "W": ExpiryDate = ExpiryDate.AddDays(Period * 7); break; case "M": ExpiryDate = ExpiryDate.AddMonths(Period); break; case "Y": ExpiryDate = ExpiryDate.AddYears(Period); break; } } if (UserRoleId != -1 && userRole != null) { userRole.ExpiryDate = ExpiryDate; userRole.Status = status; userRole.IsOwner = isOwner; provider.UpdateUserRole(userRole); eventLogController.AddLog(userRole, PortalController.GetCurrentPortalSettings(), UserController.GetCurrentUserInfo().UserID, "", EventLogController.EventLogType.USER_ROLE_UPDATED); } else { AddUserRole(portalId, userId, roleId, status, isOwner, EffectiveDate, ExpiryDate); } } //Remove the UserInfo from the Cache, as it has been modified DataCache.ClearUserCache(portalId, user.Username); DataCache.RemoveCache(String.Format(DataCache.RolesCacheKey, portalId)); }
/// <summary> /// Authenticates the request. /// </summary> /// <param name="context">The context.</param> /// <param name="allowUnknownExtensions">if set to <c>true</c> to allow unknown extensinons.</param> public static void AuthenticateRequest(HttpContextBase context, bool allowUnknownExtensions) { HttpRequestBase request = context.Request; HttpResponseBase response = context.Response; //First check if we are upgrading/installing if (!Initialize.ProcessHttpModule(context.ApplicationInstance.Request, allowUnknownExtensions, false)) { return; } //Obtain PortalSettings from Current Context PortalSettings portalSettings = PortalController.Instance.GetCurrentPortalSettings(); bool isActiveDirectoryAuthHeaderPresent = false; var auth = request.Headers.Get("Authorization"); if (!string.IsNullOrEmpty(auth)) { if (auth.StartsWith("Negotiate")) { isActiveDirectoryAuthHeaderPresent = true; } } if (request.IsAuthenticated && !isActiveDirectoryAuthHeaderPresent && portalSettings != null) { var user = UserController.GetCachedUser(portalSettings.PortalId, context.User.Identity.Name); //if current login is from windows authentication, the ignore the process if (user == null && context.User is WindowsPrincipal) { return; } //authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set ) if (RequireLogout(context, user)) { var portalSecurity = PortalSecurity.Instance; portalSecurity.SignOut(); //Remove user from cache if (user != null) { DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name); } //Redirect browser back to home page response.Redirect(request.RawUrl, true); return; } if (!user.IsSuperUser && user.IsInRole("Unverified Users") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage)) { HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("UnverifiedUser", Localization.SharedResourceFile, CurrentCulture)); } if (!user.IsSuperUser && HttpContext.Current.Request.QueryString.AllKeys.Contains("VerificationSuccess") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage)) { HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("VerificationSuccess", Localization.SharedResourceFile, CurrentCulture)); HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessageType, ModuleMessage.ModuleMessageType.GreenSuccess); } //if users LastActivityDate is outside of the UsersOnlineTimeWindow then record user activity if (DateTime.Compare(user.Membership.LastActivityDate.AddMinutes(Host.UsersOnlineTimeWindow), DateTime.Now) < 0) { //update LastActivityDate and IP Address for user user.Membership.LastActivityDate = DateTime.Now; user.LastIPAddress = UserRequestIPAddressController.Instance.GetUserRequestIPAddress(request); UserController.UpdateUser(portalSettings.PortalId, user, false, false); } //check for RSVP code if (request.QueryString["rsvp"] != null && !string.IsNullOrEmpty(request.QueryString["rsvp"])) { foreach (var role in RoleController.Instance.GetRoles(portalSettings.PortalId, r => (r.SecurityMode != SecurityMode.SocialGroup || r.IsPublic) && r.Status == RoleStatus.Approved)) { if (role.RSVPCode == request.QueryString["rsvp"]) { RoleController.Instance.UpdateUserRole(portalSettings.PortalId, user.UserID, role.RoleID, RoleStatus.Approved, false, false); } } } //save userinfo object in context if (context.Items["UserInfo"] != null) { context.Items["UserInfo"] = user; } else { context.Items.Add("UserInfo", user); } //Localization.SetLanguage also updates the user profile, so this needs to go after the profile is loaded if (request.RawUrl != null && !ServicesModule.ServiceApi.IsMatch(request.RawUrl)) { Localization.SetLanguage(user.Profile.PreferredLocale); } } if (context.Items["UserInfo"] == null) { context.Items.Add("UserInfo", new UserInfo()); } }
protected void cmdUpdate_Click(object sender, EventArgs e) { if (this.userForm.IsValid && (this.User != null)) { if (this.User.UserID == this.PortalSettings.AdministratorId) { // Clear the Portal Cache DataCache.ClearPortalCache(this.UserPortalID, true); } else { DataCache.ClearUserCache(this.PortalId, this.User.Username); } try { // Update DisplayName to conform to Format this.UpdateDisplayName(); // DNN-5874 Check if unique display name is required if (this.PortalSettings.Registration.RequireUniqueDisplayName) { var usersWithSameDisplayName = (List <UserInfo>)MembershipProvider.Instance().GetUsersBasicSearch(this.PortalId, 0, 2, "DisplayName", true, "DisplayName", this.User.DisplayName); if (usersWithSameDisplayName.Any(user => user.UserID != this.User.UserID)) { throw new Exception("Display Name must be unique"); } } var prevUserEmail = UserController.Instance.GetUserById(this.PortalId, this.UserId)?.Email; if (!string.IsNullOrWhiteSpace(prevUserEmail) && !prevUserEmail.Equals(this.User.Email, StringComparison.OrdinalIgnoreCase)) { // on email address change need to invalidate existing 'reset password' link this.User.PasswordResetExpiration = Null.NullDate; } UserController.UpdateUser(this.UserPortalID, this.User); // make sure username matches possibly changed email address if (this.PortalSettings.Registration.UseEmailAsUserName) { if (this.User.Username.ToLower() != this.User.Email.ToLower()) { UserController.ChangeUsername(this.User.UserID, this.User.Email); // after username changed, should redirect to login page to let user authenticate again. var loginUrl = Globals.LoginURL(HttpUtility.UrlEncode(this.Request.RawUrl), false); var spliter = loginUrl.Contains("?") ? "&" : "?"; loginUrl = $"{loginUrl}{spliter}username={this.User.Email}&usernameChanged=true"; this.Response.Redirect(loginUrl, true); } } this.Response.Redirect(this.Request.RawUrl); } catch (Exception exc) { Logger.Error(exc); if (exc.Message == "Display Name must be unique") { this.AddModuleMessage("DisplayNameNotUnique", ModuleMessage.ModuleMessageType.RedError, true); } else { this.AddModuleMessage("UserUpdatedError", ModuleMessage.ModuleMessageType.RedError, true); } } } }
public HttpResponseMessage RevertImpersonation() { var apiResponse = new DTO.ApiResponse <bool>(); CookieHeaderValue cookie = null; var impersonationToken = string.Empty; try { var objPortalSecurity = new DotNetNuke.Security.PortalSecurity(); var impersonationCookie = Common.GetUserImpersonationCookie().Split(':'); var Id = 0; var currentId = 0; int.TryParse(impersonationCookie.First(), out Id); int.TryParse(impersonationCookie.Last(), out currentId); if (currentId == 0 && UserInfo.UserID == -1) { currentId = -1; } if (Id == 0 || UserInfo.UserID != currentId) { objPortalSecurity.SignOut(); } else { var targetUserInfo = DotNetNuke.Entities.Users.UserController.GetUserById(PortalSettings.PortalId, Id); if (targetUserInfo != null) { DataCache.ClearUserCache(PortalSettings.PortalId, PortalSettings.UserInfo.Username); objPortalSecurity.SignOut(); DotNetNuke.Entities.Users.UserController.UserLogin(PortalSettings.PortalId, targetUserInfo, PortalSettings.PortalName, HttpContext.Current.Request.UserHostAddress, false); } } apiResponse.Success = true; } catch (Exception err) { apiResponse.Success = false; apiResponse.Message = err.Message; Exceptions.LogException(err); } var actualResponse = Request.CreateResponse <DTO.ApiResponse <bool> >(HttpStatusCode.OK, apiResponse); var newcookie = new HttpCookie(Common.impersonationCookieKey, impersonationToken); newcookie.Expires = DateTime.Now.AddMinutes(-60); newcookie.Domain = Request.RequestUri.Host; newcookie.Path = "/"; HttpContext.Current.Response.SetCookie(newcookie); return(actualResponse); }
public static void AuthenticateRequest(HttpContextBase context, bool allowUnknownExtensinons) { HttpRequestBase request = context.Request; HttpResponseBase response = context.Response; //First check if we are upgrading/installing if (request == null || request.Url == null || request.Url.LocalPath.ToLower().EndsWith("install.aspx") || request.Url.LocalPath.ToLower().EndsWith("upgradewizard.aspx") || request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx")) { return; } //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (allowUnknownExtensinons == false && request.Url.LocalPath.ToLower().EndsWith(".aspx") == false && request.Url.LocalPath.ToLower().EndsWith(".asmx") == false && request.Url.LocalPath.ToLower().EndsWith(".ashx") == false) { return; } //Obtain PortalSettings from Current Context PortalSettings portalSettings = PortalController.GetCurrentPortalSettings(); if (request.IsAuthenticated && portalSettings != null) { var roleController = new RoleController(); UserInfo user = UserController.GetCachedUser(portalSettings.PortalId, context.User.Identity.Name); //authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set ) if (user == null || user.IsDeleted || user.Membership.LockedOut || (!user.Membership.Approved && !user.IsInRole("Unverified Users")) || user.Username.ToLower() != context.User.Identity.Name.ToLower()) { var portalSecurity = new PortalSecurity(); portalSecurity.SignOut(); //Remove user from cache if (user != null) { DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name); } //Redirect browser back to home page response.Redirect(request.RawUrl, true); return; } if (!user.IsSuperUser && user.IsInRole("Unverified Users") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage)) { HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("UnverifiedUser")); } //if users LastActivityDate is outside of the UsersOnlineTimeWindow then record user activity if (DateTime.Compare(user.Membership.LastActivityDate.AddMinutes(Host.UsersOnlineTimeWindow), DateTime.Now) < 0) { //update LastActivityDate and IP Address for user user.Membership.LastActivityDate = DateTime.Now; user.LastIPAddress = request.UserHostAddress; UserController.UpdateUser(portalSettings.PortalId, user, false); } //check for RSVP code if (request.QueryString["rsvp"] != null && !string.IsNullOrEmpty(request.QueryString["rsvp"])) { foreach (var role in TestableRoleController.Instance.GetRoles(portalSettings.PortalId, r => r.SecurityMode != SecurityMode.SocialGroup && r.Status == RoleStatus.Approved)) { if (role.RSVPCode == request.QueryString["rsvp"]) { roleController.UpdateUserRole(portalSettings.PortalId, user.UserID, role.RoleID); } } } //save userinfo object in context context.Items.Add("UserInfo", user); //Localization.SetLanguage also updates the user profile, so this needs to go after the profile is loaded Localization.SetLanguage(user.Profile.PreferredLocale); } if (context.Items["UserInfo"] == null) { context.Items.Add("UserInfo", new UserInfo()); } }