//*********************************************************************
//
// Register.aspx
//
// This page enables users to register when Forms authentication is
// enabled.
//
//*********************************************************************
protected void SaveUser(Object s, EventArgs e)
{
if (Page.IsValid)
{
ITUser objUser = new ITUser();
objUser.Username = txtUsername.Text;
objUser.RoleName = Globals.DefaultRoleForNewUser;
objUser.Email = txtEmail.Text;
objUser.Password = txtPassword.Text;
if (!objUser.Save())
{
lblError.Text = "Could not save user";
}
else
{
FormsAuthentication.SetAuthCookie(txtUsername.Text, false);
Response.Redirect("~/Issues/IssueList.aspx");
}
}
}
protected void SaveUser(Object s, EventArgs e)
{
bool isCurrentUser = false;
if (Page.IsValid)
{
ITUser objUser = new ITUser();
if (UserId != 0)
{
objUser = ITUser.GetUserById(UserId);
}
objUser.Username = txtUsername.Text;
objUser.RoleName = dropRoles.SelectedItem.Text;
objUser.Email = txtEmail.Text;
if (txtPassword.Text != String.Empty)
{
objUser.Password = txtPassword.Text;
}
if (!objUser.Save())
{
lblError.Text = "Could not save user";
}
else
{
if (IsCurrentUser)
{
FormsAuthentication.SignOut();
}
Response.Redirect("UserList.aspx");
}
}
}
//*********************************************************************
//
// Application_AuthenticateRequest Event
//
// If the client is authenticated with the application, then determine
// which security roles he/she belongs to and replace the "User" intrinsic
// with a custom IPrincipal security object that permits "User.IsInRole"
// role checks within the application
//
// Roles are cached in the browser in an in-memory encrypted cookie. If the
// cookie doesn't exist yet for this session, create it.
//
//*********************************************************************
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
string userInformation = String.Empty;
if (Request.IsAuthenticated == true)
{
// Create the roles cookie if it doesn't exist yet for this session.
if ((Request.Cookies[Globals.UserRoles] == null) || (Request.Cookies[Globals.UserRoles].Value == ""))
{
// Retrieve the user's role and ID information and add it to
// the cookie
ITUser user = ITUser.GetUserByUsername(Context.User.Identity.Name);
if (user == null)
{
// The user was not found in the Issue Tracker database so add them using
// the default role. Specifying a UserID of 0 will result in the user being
// inserted into the database.
ITUser newUser = new ITUser(DefaultValues.GetUserIdMinValue(), Context.User.Identity.Name, Globals.DefaultRoleForNewUser);
newUser.Save();
user = newUser;
}
// Create a string to persist the role and user id
userInformation = user.Id + ";" + user.RoleName + ";" + user.Username;
// Create a cookie authentication ticket.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // version
User.Identity.Name, // user name
DateTime.Now, // issue time
DateTime.Now.AddHours(1), // expires every hour
false, // don't persist cookie
userInformation
);
// Encrypt the ticket
String cookieStr = FormsAuthentication.Encrypt(ticket);
// Send the cookie to the client
Response.Cookies[Globals.UserRoles].Value = cookieStr;
Response.Cookies[Globals.UserRoles].Path = "/";
Response.Cookies[Globals.UserRoles].Expires = DateTime.Now.AddMinutes(1);
// Add our own custom principal to the request containing the user's identity, the user id, and
// the user's role
Context.User = new CustomPrincipal(User.Identity, user.Id, user.RoleName, user.Username);
}
else
{
// Get roles from roles cookie
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Context.Request.Cookies[Globals.UserRoles].Value);
userInformation = ticket.UserData;
// Add our own custom principal to the request containing the user's identity, the user id, and
// the user's role from the auth ticket
string [] info = userInformation.Split(new char[] { ';' });
Context.User = new CustomPrincipal(
User.Identity,
Convert.ToInt32(info[0].ToString()),
info[1].ToString(),
info[2].ToString());
}
}
}
