/// <summary> /// Checks the on external URL. /// </summary> /// <param name="args">The arguments.</param> /// <exception cref="T:Sitecore.Exceptions.SecurityException">Only local URLs are allowed.</exception> private void CheckOnExternalUrl(LoggingInArgs args) { if (WebUtil.IsExternalUrl(args.StartUrl, HttpContext.Current.Request.Url.Host) && !IsAllowedBot(args.StartUrl)) { args.AbortPipeline(); throw new SecurityException("Only local URLs are allowed."); } }
public new void Process(LoggingInArgs args) { Assert.ArgumentNotNull(args, "args"); bool flag = false; NoAccessTo noAccessTo = NoAccessTo.Empty; using (UserSwitcher userSwitcher = new UserSwitcher(args.Username, true)) { switch (args.StartUrl) { case "/sitecore/shell/default.aspx": { Item item = Client.CoreDatabase.Items["/sitecore/content/Applications/Desktop"]; if (!Context.IsAdministrator && (item == null || !item.Access.CanRead())) { noAccessTo = NoAccessTo.Desktop; flag = true; } break; } case "/sitecore/shell/applications/clientusesoswindows.aspx": { Item item1 = Client.CoreDatabase.Items["/sitecore/content/Applications/Content Editor"]; if (item1 == null || !item1.Access.CanRead()) { noAccessTo = NoAccessTo.ContentEditor; flag = true; } break; } case "/sitecore/shell/applications/webedit.aspx": { Item item2 = Client.CoreDatabase.Items["/sitecore/content/Applications/WebEdit"]; if (item2 == null || !item2.Access.CanRead()) { noAccessTo = NoAccessTo.PageEditor; flag = true; } break; } } var membershipUser = Membership.GetUser(Sitecore.Context.User.Name, false); if (IsPasswordExpiredEnabled() && membershipUser != null && HasPasswordExpired(membershipUser)) { noAccessTo = NoAccessTo.PasswordExpired; UserName = args.Username; flag = true; } if (flag) { AuthenticationHelper authenticationHelper = new AuthenticationHelper(AuthenticationManager.Provider); if (!string.IsNullOrEmpty(args.Username) && args.Password != null && authenticationHelper.ValidateUser(args.Username, args.Password)) { args.Success = false; args.AddMessage(GetErrorMessage(noAccessTo)); args.AbortPipeline(); } } } }