/// <summary> /// create an enterprise session from a one time url /// </summary> private void CreateEnterpriseSessionFromUrl() { try { // create enterprise session from querystring params _enterpriseSession = new EnterpriseSession { IsAdmin = false, // simple host connection only (no hosts management) SessionID = Request["SI"], SessionKey = Request["SK"], SingleUseConnection = true }; // bind the enterprise session to the current http session Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession; // session fixation protection if (_cookielessSession) { // generate a new http session id HttpSessionHelper.RegenerateSessionId(); } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to create enterprise session from url ({0})", exc); } }
/// <summary> /// logout the enterprise session /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void LogoutButtonClick( object sender, EventArgs e) { if (!_authorizedRequest) { return; } if (_enterpriseSession == null) { return; } try { // logout the enterprise session _enterpriseClient.Logout(_enterpriseSession.SessionID); Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = null; _enterpriseSession = null; // redirect to the login screen Response.Redirect("~/", true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to logout the enterprise session {0} ({1})", _enterpriseSession.SessionID, exc); } }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { try { if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null) { throw new NullReferenceException(); } _enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; try { if (!_enterpriseSession.IsAdmin) { Response.Redirect("~/", true); } // retrieve the host if (Request["hostId"] != null) { long hostId; if (!long.TryParse(Request["hostId"], out hostId)) { hostId = 0; } if (hostId != 0) { _hostId = hostId; try { var host = _enterpriseClient.GetHost(_hostId, _enterpriseSession.SessionID); if (host != null) { hostName.InnerText = host.HostName; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc); } } } } catch (ThreadAbortException) { // occurs because the response is ended after redirect } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc); } }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { // retrieve the active enterprise session, if any if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null) { try { _enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc); } } if (_enterpriseSession == null || !_enterpriseSession.IsAdmin) { Response.Redirect("~/", true); } // retrieve the host if (Request["hostId"] != null) { long lResult = 0; if (long.TryParse(Request["hostId"], out lResult)) { _hostId = lResult; } if (!IsPostBack && Request["edit"] == null) { try { var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID); if (host != null) { hostName.Value = host.HostName; hostAddress.Value = host.HostAddress; groupsAccess.Value = host.DirectoryGroups; securityProtocol.SelectedIndex = (int)host.Protocol; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc); } } createSessionUrl.Attributes["onclick"] = string.Format("parent.openPopup('editHostSessionPopup', 'EditHostSession.aspx?hostId={0}');", _hostId); } else { createSessionUrl.Disabled = true; deleteHost.Disabled = true; } }
/// <summary> /// authenticate the user against the enterprise active directory and list the servers available to the user /// </summary> private void CreateEnterpriseSessionFromLogin() { try { // authenticate the user _enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value); if (_enterpriseSession == null || _enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE) { if (_enterpriseSession == null) { connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(EnterpriseAuthenticationErrorCode.UNKNOWN_ERROR); } else if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED) { ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), "window.onload = function() { " + string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userName={0}" + (_localAdmin ? "&mode=admin" : string.Empty) + "');", user.Value) + " }", true); } else { connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(_enterpriseSession.AuthenticationErrorCode); } UpdateControls(); return; } // bind the enterprise session to the current http session Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession; // session fixation protection if (_httpSessionUseUri) { // generate a new http session id HttpSessionHelper.RegenerateSessionId(); } // redirect to the hosts list Response.Redirect("~/", true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc); } }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { // retrieve the active enterprise session, if any if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null) { try { _enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc); } } if (_enterpriseSession == null || !_enterpriseSession.IsAdmin) { Response.Redirect("~/", true); } // retrieve the host if (Request["hostId"] != null) { long lResult = 0; if (long.TryParse(Request["hostId"], out lResult)) { _hostId = lResult; } try { var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID); if (host != null) { hostName.InnerText = host.HostName; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc); } } }
protected void btnSubmit_Click(object sender, System.EventArgs e) { /* * Log onto BusinessObjects Enterprise. */ EnterpriseSession boEnterpriseSession = (EnterpriseSession)Session["EnterpriseSession"]; if (boEnterpriseSession == null) { try { boEnterpriseSession = (new SessionMgr()).Logon(txtUserName.Text, txtPassword.Text, txtCMSName.Text, lstAuthType.SelectedItem.Value); } catch (Exception ex) { Session["ErrorMessage"] = "Error encountered logging onto BusinessObjects Enterprise: " + ex.Message; Response.Redirect("ErrorPage.aspx"); } } // Store EnterpriseSession object in HTTP Session, to keep the EnterpriseSession alive. Session["EnterpriseSession"] = boEnterpriseSession; /* * Retrieve Web Intelligence document SI_ID and redirect to the viewer page. */ InfoStore boInfoStore = new InfoStore(boEnterpriseSession.GetService("InfoStore")); InfoObjects boInfoObjects = boInfoStore.Query("Select SI_ID From CI_INFOOBJECTS Where SI_KIND='Webi' And SI_NAME='" + txtWebiName.Text + "'"); if (boInfoObjects.Count == 0) { Session["ErrorMessage"] = "Web Intelligence Report '" + txtWebiName.Text + "' not found."; Response.Redirect("ErrorPage.aspx"); } /* * Save Web Intelligence SI_ID in HTTP Session and redirect to the viewer page. */ Session["WebiID"] = boInfoObjects[1].ID; Response.Redirect("ViewWebiXLS.ashx"); }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { // prevent session fixation or stealing SessionFixationHandler(); // retrieve the active enterprise session, if any if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null) { try { _enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc); } } // retrieve the active remote session, if any if (HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()] != null) { try { RemoteSession = (RemoteSession)HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the remote session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc); } } // postback events may redirect after execution; UI is updated from there if (!IsPostBack) { UpdateControls(); } // disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetNoStore(); }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { try { if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null) { throw new NullReferenceException(); } _enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; try { if (Request["hostId"] != null) { if (!long.TryParse(Request["hostId"], out _hostId)) { hostID.Value = _hostId.ToString(); } } if (Request["edit"] != null) { hostID.Value = _hostId.ToString(); } if (!IsPostBack) { promptDomain.Value = _enterpriseSession.Domain; } } catch (ThreadAbortException) { // occurs because the response is ended after redirect } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to load credentials prompt ({0})", exc); } }
/// <summary> /// create an enterprise session from a one time url /// </summary> private void CreateEnterpriseSessionFromUrl() { try { // create enterprise session from querystring params _enterpriseSession = new EnterpriseSession { IsAdmin = false, // simple host connection only (no hosts management) SessionID = Request["SI"], SessionKey = Request["SK"] }; // bind the enterprise session to the current http session HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to create enterprise session from url ({0})", exc); } }
/// <summary> /// authenticate the user against the enterprise active directory and list the servers available to the user /// </summary> private void CreateEnterpriseSessionFromLogin() { try { // authenticate the user against the enterprise active directory _enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value); if (_enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE) { if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED) { Page.ClientScript.RegisterClientScriptBlock(this.GetType(), Guid.NewGuid().ToString(), string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userId={0}');", user.Value), true); } else { connectError.InnerText = EnterpriseAuthenticationErrorHelper .GetErrorDescription(_enterpriseSession.AuthenticationErrorCode); } UpdateControls(); return; } // bind the enterprise session to the current http session HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession; // cancel the current http session HttpContext.Current.Session.Abandon(); // prevent session fixation attack by generating a new session ID upon login // also, using http get method to prevent the browser asking for http post data confirmation if the page is reloaded // https://www.owasp.org/index.php/Session_Fixation Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc); } }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { // client ip protection if (_clientIPTracking) { var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { }); if (Session[HttpSessionStateVariables.ClientIP.ToString()] == null) { Session[HttpSessionStateVariables.ClientIP.ToString()] = clientIP; } else if (!((string)Session[HttpSessionStateVariables.ClientIP.ToString()]).Equals(clientIP)) { System.Diagnostics.Trace.TraceWarning("Failed to validate the client ip"); _authorizedRequest = false; UpdateControls(); return; } } // session spoofing protection if (_cookielessSession) { if (Request.Cookies["clientKey"] == null) { if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null) { var cookie = new HttpCookie("clientKey"); cookie.Value = Guid.NewGuid().ToString(); cookie.Path = "/"; Response.Cookies.Add(cookie); } else { System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: missing key"); _authorizedRequest = false; UpdateControls(); return; } } else { var clientKey = Request.Cookies["clientKey"].Value; if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null) { Session[HttpSessionStateVariables.ClientKey.ToString()] = clientKey; } else if (!((string)Session[HttpSessionStateVariables.ClientKey.ToString()]).Equals(clientKey)) { System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: key mismatch"); _authorizedRequest = false; UpdateControls(); return; } } } // retrieve the active enterprise session, if any if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null) { try { _enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc); } } // retrieve the active remote session, if any if (Session[HttpSessionStateVariables.RemoteSession.ToString()] != null) { try { RemoteSession = (RemoteSession)Session[HttpSessionStateVariables.RemoteSession.ToString()]; if (RemoteSession.State == RemoteSessionState.Disconnected) { // handle connection failure ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), string.Format("handleRemoteSessionExit({0});", RemoteSession.ExitCode), true); // cleanup Session[HttpSessionStateVariables.RemoteSession.ToString()] = null; RemoteSession = null; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active remote session ({0})", exc); } } // retrieve a shared remote session from url, if any else if (Request["SSE"] != null) { Session[HttpSessionStateVariables.RemoteSession.ToString()] = GetSharedRemoteSession(Request["SSE"]); try { // remove the shared session guid from url Response.Redirect("~/", true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } } // postback events may redirect after execution; UI is updated from there if (!IsPostBack) { UpdateControls(); } // disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetNoStore(); }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { // client ip protection if (_clientIPTracking) { var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { }); if (Session[HttpSessionStateVariables.ClientIP.ToString()] == null) { Session[HttpSessionStateVariables.ClientIP.ToString()] = clientIP; } else if (!((string)Session[HttpSessionStateVariables.ClientIP.ToString()]).Equals(clientIP)) { System.Diagnostics.Trace.TraceWarning("Failed to validate the client ip"); _authorizedRequest = false; UpdateControls(); return; } } // session spoofing protection if (_httpSessionUseUri) { if (Request.Cookies[HttpRequestCookies.ClientKey.ToString()] == null) { if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null || _allowShareSessionUrl) { var cookie = new HttpCookie(HttpRequestCookies.ClientKey.ToString()); cookie.Value = Guid.NewGuid().ToString(); cookie.Path = "/"; Response.Cookies.Add(cookie); } else { System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: missing key"); _authorizedRequest = false; UpdateControls(); return; } } else { var clientKey = Request.Cookies[HttpRequestCookies.ClientKey.ToString()].Value; if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null) { Session[HttpSessionStateVariables.ClientKey.ToString()] = clientKey; } else if (!((string)Session[HttpSessionStateVariables.ClientKey.ToString()]).Equals(clientKey) && !_allowShareSessionUrl) { System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: key mismatch"); _authorizedRequest = false; UpdateControls(); return; } } } // retrieve the active enterprise session, if any if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null) { try { _enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc); } } // retrieve the active remote session, if any if (Session[HttpSessionStateVariables.RemoteSession.ToString()] != null) { try { RemoteSession = (RemoteSession)Session[HttpSessionStateVariables.RemoteSession.ToString()]; // if using a connection service, send the connection state if (Session.SessionID.Equals(RemoteSession.OwnerSessionID) && RemoteSession.ConnectionService) { _connectionClient.SetConnectionState(RemoteSession.Id, string.IsNullOrEmpty(RemoteSession.VMAddress) ? RemoteSession.ServerAddress : RemoteSession.VMAddress, GuidHelper.ConvertFromString(RemoteSession.VMGuid), RemoteSession.State); } if (RemoteSession.State == RemoteSessionState.Disconnected) { // if connecting from a login page or url, show any connection failure into a dialog box // otherwise, this is delegated to the connection API used and its related UI if (_loginEnabled) { // handle connection failure var script = string.Format("handleRemoteSessionExit({0});", RemoteSession.ExitCode); // redirect to login page if (!string.IsNullOrEmpty(_loginUrl)) { script += string.Format("window.location.href = '{0}';", _loginUrl); } ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), script, true); } // cleanup Session[HttpSessionStateVariables.RemoteSession.ToString()] = null; if (Session[HttpSessionStateVariables.GuestInfo.ToString()] != null) { Session[HttpSessionStateVariables.GuestInfo.ToString()] = null; } RemoteSession = null; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active remote session ({0})", exc); } } // retrieve a shared remote session from url, if any else if (!string.IsNullOrEmpty(Request["gid"])) { var guestId = Guid.Empty; if (Guid.TryParse(Request["gid"], out guestId)) { var sharingInfo = GetSharingInfo(guestId); if (sharingInfo != null) { Session[HttpSessionStateVariables.RemoteSession.ToString()] = sharingInfo.RemoteSession; Session[HttpSessionStateVariables.GuestInfo.ToString()] = sharingInfo.GuestInfo; try { // remove the shared session guid from url Response.Redirect("~/", true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } } } } if (_httpSessionUseUri) { // if running myrtille into an iframe, the iframe url is registered (into a cookie) after the remote session is connected // this is necessary to prevent a new http session from being generated for the iframe if the page is reloaded, due to the missing http session id into the iframe url (!) // multiple iframes (on the same page), like multiple connections/tabs, requires cookieless="UseUri" for sessionState into web.config // problem is, there can be many cases where the cookie is not removed after the remote session is disconnected (network issue, server down, etc?) // if the page is reloaded, the iframe will use it's previously registered http session... which may not exist anymore or have its active remote session disconnected // if that happens, unregister the iframe url (from the cookie) and reload the page; that will provide a new connection identifier to the iframe and reconnect it if (!string.IsNullOrEmpty(Request["fid"]) && RemoteSession == null) { if (Request.Cookies[Request["fid"]] != null) { // remove the cookie for the given iframe Response.Cookies[Request["fid"]].Expires = DateTime.Now.AddDays(-1); // reload the page ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), "parent.location.href = parent.location.href;", true); } } } // local admin if (_enterpriseSession == null && RemoteSession == null && _enterpriseClient.GetMode() == EnterpriseMode.Local && !string.IsNullOrEmpty(Request["mode"]) && Request["mode"].Equals("admin")) { _localAdmin = true; } // postback events may redirect after execution; UI is updated from there if (!IsPostBack) { UpdateControls(); } // disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetNoStore(); }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { try { if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null) { throw new NullReferenceException(); } _enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; try { if (!_enterpriseSession.IsAdmin) { Response.Redirect("~/", true); } if (Request["hostType"] == null || !Enum.TryParse(Request["hostType"], out _hostType)) { _hostType = HostType.RDP; } // retrieve the host, if any (create if empty) if (Request["hostId"] != null) { long hostId; if (!long.TryParse(Request["hostId"], out hostId)) { hostId = 0; } if (hostId != 0) { _hostId = hostId; if (!IsPostBack && Request["edit"] == null) { try { var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID); if (host != null) { _hostType = host.HostType; hostType.Value = _hostType.ToString(); hostName.Value = host.HostName; hostAddress.Value = host.HostAddress; vmGuid.Value = host.VMGuid; vmEnhancedMode.Checked = host.VMEnhancedMode; groupsAccess.Value = host.DirectoryGroups; securityProtocol.SelectedIndex = (int)host.Protocol; promptCredentials.Checked = host.PromptForCredentials; startProgram.Value = host.StartRemoteProgram; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc); } } createSessionUrl.Attributes["onclick"] = string.Format("parent.openPopup('editHostSessionPopup', 'EditHostSession.aspx?hostId={0}');", _hostId); } } else { createSessionUrl.Disabled = true; deleteHost.Disabled = true; } vmGuidInput.Visible = _hostType == HostType.RDP; vmEnhancedModeInput.Visible = _hostType == HostType.RDP; rdpSecurityInput.Visible = _hostType == HostType.RDP; startProgramInput.Visible = _hostType == HostType.RDP; // local admin groupsAccessInput.Visible = !string.IsNullOrEmpty(_enterpriseSession.Domain); if (string.IsNullOrEmpty(_enterpriseSession.Domain)) { promptCredentials.Checked = true; promptCredentials.Disabled = true; } } catch (ThreadAbortException) { // occurs because the response is ended after redirect } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc); } }
public EnterpriseSession Authenticate(string username, string password, string adminGroup, string domain, string netbiosDomain) { EnterpriseSession enterpriseSession = null; try { var config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None); var localAdminUser = ((AppSettingsSection)config.GetSection("localAdmin")).Settings["LocalAdminUser"].Value; var localAdminPassword = ((AppSettingsSection)config.GetSection("localAdmin")).Settings["localAdminPassword"].Value; if (!username.Equals(localAdminUser)) { enterpriseSession = new EnterpriseSession { AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.USER_NOT_FOUND }; } else { if (!localAdminPassword.Equals("admin")) { localAdminPassword = CryptoHelper.AES_Decrypt(localAdminPassword, localAdminUser); } if (!password.Equals(localAdminPassword)) { enterpriseSession = new EnterpriseSession { AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.INVALID_LOGIN_CREDENTIALS }; } else { if (password.Equals("admin")) { enterpriseSession = new EnterpriseSession { AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED }; } else { using (var db = new MyrtilleEnterpriseDBContext()) { var session = db.Session.FirstOrDefault(m => m.Username == username); if (session != null) { db.Session.Remove(session); db.SaveChanges(); } string sessionID = Guid.NewGuid().ToString(); string sessionKey = Guid.NewGuid().ToString("n"); session = new Session { Domain = netbiosDomain, Username = username, Password = CryptoHelper.AES_Encrypt(CryptoHelper.RDP_Encrypt(password), sessionKey), SessionID = sessionID, IsAdmin = true }; db.Session.Add(session); db.SaveChanges(); enterpriseSession = new EnterpriseSession { Domain = netbiosDomain, UserName = username, SessionID = sessionID, SessionKey = sessionKey, IsAdmin = true, SingleUseConnection = false }; } } } } } catch (Exception) { enterpriseSession = new EnterpriseSession { AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.UNKNOWN_ERROR }; } return(enterpriseSession); }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { try { if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null) { throw new NullReferenceException(); } _enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; try { if (!_enterpriseSession.IsAdmin) { Response.Redirect("~/", true); } // retrieve the host, if any (create if empty) if (Request["hostId"] != null) { long hostId; if (!long.TryParse(Request["hostId"], out hostId)) { hostId = 0; } if (hostId != 0) { _hostId = hostId; if (!IsPostBack && Request["edit"] == null) { try { var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID); if (host != null) { hostName.Value = host.HostName; hostAddress.Value = host.HostAddress; groupsAccess.Value = host.DirectoryGroups; securityProtocol.SelectedIndex = (int)host.Protocol; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc); } } createSessionUrl.Attributes["onclick"] = string.Format("parent.openPopup('editHostSessionPopup', 'EditHostSession.aspx?hostId={0}');", _hostId); } } else { createSessionUrl.Disabled = true; deleteHost.Disabled = true; } } catch (ThreadAbortException) { // occurs because the response is ended after redirect } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc); } }
/// <summary> /// page load (postback data is now available) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load( object sender, EventArgs e) { // prevent session fixation or stealing SessionFixationHandler(); // retrieve the active enterprise session, if any if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null) { try { _enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()]; var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { }); if (!_enterpriseSession.ClientRemoteIP.Equals(clientIP)) { HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = null; _enterpriseSession = null; } } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc); } } //Retrieve remote session information from session url if (Request.QueryString["SSE"] != null) { RemoteSession = GetSharedRemoteSession(Request.QueryString["SSE"]); if (RemoteSession == null) { Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true); } } else // retrieve the active remote session, if any if (HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()] != null) { try { RemoteSession = (RemoteSession)HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()]; } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to retrieve the remote session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc); } } // postback events may redirect after execution; UI is updated from there if (!IsPostBack) { UpdateControls(); } // disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetNoStore(); }