internal bool LogAction(String reason, Guid userId) { try { var logger = new BCLoggerMapperService(); if (_logIpAddress) { reason = reason + " (" + Request.UserHostAddress + ")"; } return(logger.AddLog(_portletTemplate.ID.AsGuid, PortalUser.Current.ID.AsGuid, userId, reason, DateTime.Now)); } catch (Exception ex) { if (PortalUser.Current.IsSiteAdmin) { divError.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_ADMIN") + ex; } else { divError.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_USER"); } divError.Visible = true; return(false); } }
internal bool LogAction(String reason, Guid userId) { try { var logger = new BCLoggerMapperService(); if (_logIpAddress) { reason = reason + " (" + Request.UserHostAddress + ")"; } return(logger.AddLog(ParentPortlet.Portlet.PortletTemplate.ID.AsGuid, PortalUser.Current.ID.AsGuid, userId, reason, DateTime.Now)); } catch (Exception ex) { if (PortalUser.Current.IsSiteAdmin) { ParentPortlet.ShowFeedback(FeedbackType.Error, Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_ADMIN") + ex); } else { ParentPortlet.ShowFeedback(FeedbackType.Error, Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_USER")); } return(false); } }
public Check RoleCheck(PortalUser pu, PortletTemplate portletTemplate, PortalUser currentUser = null) { if (currentUser == null) { currentUser = PortalUser.Current; } if (portletTemplate.AccessCheck("DenyAccess", pu)) { return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_DENIED_PERMS"))); } if (pu.IsMemberOf(PortalGroup.Staff)) { if (!portletTemplate.AccessCheck("CanProxyStaff", currentUser)) { return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_STAFF_PERMS"))); } } if (pu.IsMemberOf(PortalGroup.Faculty)) { if (!portletTemplate.AccessCheck("CanProxyFaculty", currentUser)) { return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_FACULTY_PERMS"))); } } if (pu.IsMemberOf(PortalGroup.Students)) { if (!portletTemplate.AccessCheck("CanProxyStudent", currentUser)) { return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_STUDENT_PERMS"))); } } if (pu.IsMemberOf(PortalGroup.FindByStatusCode("CAN"))) // Candidate { if (!portletTemplate.AccessCheck("CanProxyCandidate", currentUser)) { return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_CANDIDATE_PERMS"))); } } if (pu.IsMemberOf(PortalGroup.FindByStatusCode("ALM"))) { if (!portletTemplate.AccessCheck("CanProxyConstituent", currentUser)) { return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_CONSTITUENT_PERMS"))); } } return(pu.IsMemberOf(PortalGroup.Administrators) ? new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_SITE_ADMIN_PERMS")) : new Check(true)); }
protected void BtnLoginClick(object sender, EventArgs e) { if (String.Empty == tbReason.Text.Trim()) { divmessage.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_REQUIRED_REASON"); divmessage.Visible = true; } else if (_requirePassword && !ValidPassword()) { divmessage.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW"); divmessage.Visible = true; if (_logFailures) { var user = getPortalUserByUserName(tbUserName.Text); LogAction(Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW"), user.ID); } } else { PerformLogin(); } }
private void PerformLogin() { var username = tbUserName.Text; var user = getPortalUserByUserName(username); if (user != null) { var roleCheck = new RoleChecker().RoleCheck(user, _portletTemplate); if (roleCheck.Success) { if (LogAction(tbReason.Text, user.ID)) { var currentUser = PortalUser.Current.Username; HttpContext.Current.Session.Clear(); PortalGlobal.Login(user.Username, String.Empty); HttpContext.Current.Session["file_access"] = new StringDictionary(); // UploadFile doesn't check to see if there is a valid StringDictionary here, and does a cast. This causes a unhandled exception that bubbles up to a YSOD HttpContext.Current.Session["ProxyLoginOriginalUser"] = currentUser; HttpContext.Current.Session["ProxyLoginDontRedirect"] = true; } } else { divmessage.InnerHtml = roleCheck.Reason; divmessage.Visible = true; if (_logFailures) { LogAction(roleCheck.Reason, user.ID); } } } else { divmessage.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_USER_NOT_FOUND"); divmessage.Visible = true; } }
private void PerformLogin() { var username = tbUserName.Text; var user = getPortalUserByUserName(username); if (user != null) { var roleCheck = new RoleChecker().RoleCheck(user, ParentPortlet.Portlet.PortletTemplate); if (roleCheck.Success) { if (LogAction(tbReason.Text, user.ID)) { var currentUser = PortalUser.Current.Username; HttpContext.Current.Session.Clear(); HttpContext.Current.Session["file_access"] = new StringDictionary();// UploadFile doesn't check to see if there is a valid StringDictionary here, and does a cast. This causes a unhandled exception that bubbles up to a YSOD PortalGlobal.Login(user.Username, String.Empty); HttpContext.Current.Session["ProxyLoginOriginalUser"] = currentUser; BCProxyLogin.RedirectUrl(Response); } } else { ParentPortlet.ShowFeedback(FeedbackType.Message, roleCheck.Reason); if (_logFailures) { LogAction(roleCheck.Reason, user.ID); } } } else { ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_USER_NOT_FOUND")); } }
protected void BtnLoginClick(object sender, EventArgs e) { if (String.Empty == tbReason.Text.Trim()) { ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_REQUIRED_REASON")); } else if (_requirePassword && !ValidPassword()) { ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW")); if (_logFailures) { var user = getPortalUserByUserName(tbUserName.Text); LogAction(Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW"), user.ID); } } else if (HttpContext.Current.Session["ProxyLoginOriginalUser"] != null) { ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_ALREADY_PROXIED")); } else { PerformLogin(); } }
protected void Page_Load(object sender, EventArgs e) { if (!IsFirstLoad) { return; } lblReason.Text = Globalizer.GetGlobalizedString("CUS_BC_PL_REASON_LABEL_TEXT"); lblUserName.Text = Globalizer.GetGlobalizedString("CUS_BC_PL_USERNAME_LABEL_TEXT"); lblPassword.Text = Globalizer.GetGlobalizedString("CUS_BC_PL_PASSWORD_LABEL_TEXT"); if (_requirePassword) { pnlPassword.Visible = true; } if (Session["reloginCommand"] != null) { var args = Session["reloginCommand"].ToString().Split('|'); tbUserName.Text = args[0]; tbReason.Text = args[1]; Session.Remove("reloginCommand"); } }
public ActionResult CheckCredentials(User currentUser, string username, string password, string reason) { var returnContent = Globalizer.GetGlobalizedString("MSG_LOGINPORTLET_INVALID"); if (currentUser.Username == "Guest") { return(Content("User Not Loged In")); } var currentPortalUser = _portalUserFacade.FindByUsername(currentUser.Username); if (Request.IsAjaxRequest()) { try { if (_loginService.IsLoginValid(currentUser.Username, password) || !_requirePassword) { if (System.Web.HttpContext.Current.Session["ProxyLoginOriginalUser"] != null) { return(Content(Globalizer.GetGlobalizedString("CUS_BC_PL_ALREADY_PROXIED"))); } var user = _portalUserFacade.FindByUsername(username); if (user != null) { var roleCheck = new RoleChecker().RoleCheck(user, _portletTemplateFacade.FindByName("[CUS] BCProxyLogin"), currentPortalUser); if (roleCheck.Success) { LogAction(reason, user.ID, currentPortalUser.ID); System.Web.HttpContext.Current.Session.Clear(); System.Web.HttpContext.Current.Session["file_access"] = new StringDictionary();// UploadFile doesn't check to see if there is a valid StringDictionary here, and does a cast. This causes a unhandled exception that bubbles up to a YSOD _formsAuthenticationService.SignIn(username, false); System.Web.HttpContext.Current.Session["ProxyLoginOriginalUser"] = currentUser; returnContent = "OK"; } else { if (_logFailures) { LogAction(roleCheck.Reason, user.ID, currentPortalUser.ID); } returnContent = roleCheck.Reason; } } else { returnContent = Globalizer.GetGlobalizedString("CUS_BC_PL_USER_NOT_FOUND"); } } } catch (Exception ex) { returnContent = ex.GetBaseException().Message; } } return(Content(returnContent)); }