private void OnSaveClick(object sender, EventArgs e)
{
PortalSecurity ps = new PortalSecurity();
PortalController.UpdatePortalSetting(PortalId, "Store_Username", ps.EncryptString(txtUsername.Text, Config.GetDecryptionkey()));
PortalController.UpdatePortalSetting(PortalId, "Store_Password", ps.EncryptString(txtPassword.Text, Config.GetDecryptionkey()));
Response.Redirect(Globals.NavigateURL());
}
/// <summary>
/// persist profile value from PersonalizationInfo object, using naming container and key to organise
/// function will automatically encrypt the value to plaintext
/// </summary>
/// <param name="personalization">Object containing user personalization info</param>
/// <param name="namingContainer">Container for related set of values</param>
/// <param name="key">Individual profile key</param>
/// <param name="value">Individual profile value</param>
public static void SetSecureProfile(PersonalizationInfo personalization, string namingContainer, string key, object value)
{
if (personalization != null)
{
var ps = new PortalSecurity();
personalization.Profile[namingContainer + ":" + key] = ps.EncryptString(value.ToString(), Config.GetDecryptionkey());
personalization.IsModified = true;
}
}
private string GenerateScriptMarkup(TokenReplace tok, IEnumerable <UserInfo> users)
{
var scriptTemplate = GetLocalizedString("Script.Template", FeatureController.RESOURCEFILE_PERSONA_SWITCH);
var userScriptTemplate = GetLocalizedString("ScriptItem.Template", FeatureController.RESOURCEFILE_PERSONA_SWITCH);
var sbUserScript = new StringBuilder();
var sec = new PortalSecurity();
// create the user avatar listing
foreach (UserInfo user in users)
{
/*
* $('.dpc[User:UserId]')
* .css('background', 'url([Profile:Photo]) no-repeat')
* .css('background-position', 'center center')
* .attr('title', '[User:DisplayName]')
* .click(function(){ window.location = '[DemoPersona:Login]'; })
* .hover(function (){ $(this).css('opacity', '1.0'); }, function (){ $(this).css('opacity', '0.5'); });
*/
if (user.UserID != UserId)
{
var userKeyForCookie = sec.EncryptString(user.UserID.ToString(), PortalSettings.GUID.ToString());
var userKeyForUrl = HttpUtility.UrlEncode(userKeyForCookie);
var newUrl = Globals.NavigateURL(PortalSettings.ActiveTab.TabID,
string.Empty,
string.Concat(FeatureController.QS_LOGINID, "=", userKeyForUrl));
// executing this line of code breaks the JS, removing the BG images
var alteredTemplate = userScriptTemplate.Replace(FeatureController.TOKEN_LOGIN, newUrl);
// work around for a HTTP 301 redirect issue on homepages in DNN 07.01.00
// https://dnntracker.atlassian.net/browse/CONTENT-1561
alteredTemplate = alteredTemplate.Replace(FeatureController.TOKEN_COOKIE_NAME, FeatureController.QS_LOGINID);
alteredTemplate = alteredTemplate.Replace(FeatureController.TOKEN_COOKIE_VALUE, userKeyForCookie);
var userToken = new TokenReplace(Scope.DefaultSettings, user.Profile.PreferredLocale, PortalSettings, user);
alteredTemplate = userToken.ReplaceEnvironmentTokens(alteredTemplate);
sbUserScript.Append(alteredTemplate);
}
}
// insert the persona scripts
scriptTemplate = scriptTemplate.Replace(FeatureController.TOKEN_SCRIPT, sbUserScript.ToString());
// perform core token replace
scriptTemplate = tok.ReplaceEnvironmentTokens(scriptTemplate);
return(scriptTemplate);
}
/// -----------------------------------------------------------------------------
/// <summary>
/// UserLogin attempts to log the user in, and returns the User if successful
/// </summary>
/// <remarks>
/// </remarks>
/// <param name="portalId">The Id of the Portal the user belongs to</param>
/// <param name="username">The user name of the User attempting to log in</param>
/// <param name="password">The password of the User attempting to log in (may not be used by all Auth types)</param>
/// <param name="authType">The type of Authentication Used</param>
/// <param name="verificationCode">The verification code of the User attempting to log in</param>
/// <param name="loginStatus">An enumerated value indicating the login status.</param>
/// <returns>The User as a UserInfo object</returns>
/// -----------------------------------------------------------------------------
public override UserInfo UserLogin(int portalId, string username, string password, string authType,
string verificationCode, ref UserLoginStatus loginStatus)
{
//For now, we are going to ignore the possibility that the User may exist in the
//Global Data Store but not in the Local DataStore ie. A shared Global Data Store
//Initialise Login Status to Failure
loginStatus = UserLoginStatus.LOGIN_FAILURE;
DataCache.ClearUserCache(portalId, username);
DataCache.ClearCache(GetCacheKey(username));
//Get a light-weight (unhydrated) DNN User from the Database, we will hydrate it later if neccessary
UserInfo user = (authType == "DNN")
? GetUserByUserName(portalId, username)
: GetUserByAuthToken(portalId, username, authType);
if (user != null && !user.IsDeleted)
{
//Get AspNet MembershipUser
MembershipUser aspnetUser = GetMembershipUser(user);
//Fill Membership Property from AspNet MembershipUser
FillUserMembership(aspnetUser, user);
//Check if the User is Locked Out (and unlock if AutoUnlock has expired)
if (aspnetUser.IsLockedOut)
{
if (AutoUnlockUser(aspnetUser))
{
//Unlock User
user.Membership.LockedOut = false;
}
else
{
loginStatus = UserLoginStatus.LOGIN_USERLOCKEDOUT;
}
}
//Check in a verified situation whether the user is Approved
if (user.Membership.Approved == false && user.IsSuperUser == false)
{
//Check Verification code
var ps = new PortalSecurity();
if (verificationCode == ps.EncryptString(portalId + "-" + user.UserID, Config.GetDecryptionkey()))
{
UserController.ApproveUser(user);
}
else
{
loginStatus = UserLoginStatus.LOGIN_USERNOTAPPROVED;
}
}
//Verify User Credentials
bool bValid = false;
loginStatus = ValidateLogin(username, authType, user, loginStatus, password, ref bValid, portalId);
if (!bValid)
{
//Clear the user object
user = null;
}
}
else
{
//Clear the user object
user = null;
}
return user;
}
/// <summary>
/// Property access, initially provided for TokenReplace
/// </summary>
/// <param name="propertyName">Name of the Property</param>
/// <param name="format">format string</param>
/// <param name="formatProvider">format provider for numbers, dates, currencies</param>
/// <param name="accessingUser">userinfo of the user, who queries the data (used to determine permissions)</param>
/// <param name="currentScope">requested maximum access level, might be restricted due to user level</param>
/// <param name="propertyNotFound">out: flag, if property could be retrieved.</param>
/// <returns>current value of the property for this userinfo object</returns>
/// <history>
/// 2007-10-20 [sleupold] documented and extended with differenciated access permissions
/// 2007-10-20 [sleupold] role access added (for user himself or admin only).
/// </history>
public string GetProperty(string propertyName, string format, CultureInfo formatProvider, UserInfo accessingUser, Scope currentScope, ref bool propertyNotFound)
{
Scope internScope;
if (UserID == -1 && currentScope > Scope.Configuration)
{
internScope = Scope.Configuration; //anonymous users only get access to displayname
}
else if (UserID != accessingUser.UserID && !isAdminUser(ref accessingUser) && currentScope > Scope.DefaultSettings)
{
internScope = Scope.DefaultSettings; //registerd users can access username and userID as well
}
else
{
internScope = currentScope; //admins and user himself can access all data
}
string outputFormat = format == string.Empty ? "g" : format;
switch (propertyName.ToLower())
{
case "verificationcode":
if (internScope < Scope.SystemMessages)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
var ps = new PortalSecurity();
var code = ps.EncryptString(PortalID + "-" + UserID, Config.GetDecryptionkey());
return(code.Replace("+", ".").Replace("/", "-").Replace("=", "_"));
case "affiliateid":
if (internScope < Scope.SystemMessages)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(AffiliateID.ToString(outputFormat, formatProvider));
case "displayname":
if (internScope < Scope.Configuration)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(DisplayName, format));
case "email":
if (internScope < Scope.DefaultSettings)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(Email, format));
case "firstname": //using profile property is recommended!
if (internScope < Scope.DefaultSettings)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(FirstName, format));
case "issuperuser":
if (internScope < Scope.Debug)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(IsSuperUser.ToString(formatProvider));
case "lastname": //using profile property is recommended!
if (internScope < Scope.DefaultSettings)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(LastName, format));
case "portalid":
if (internScope < Scope.Configuration)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PortalID.ToString(outputFormat, formatProvider));
case "userid":
if (internScope < Scope.DefaultSettings)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(UserID.ToString(outputFormat, formatProvider));
case "username":
if (internScope < Scope.DefaultSettings)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(Username, format));
case "fullname": //fullname is obsolete, it will return DisplayName
if (internScope < Scope.Configuration)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(DisplayName, format));
case "roles":
if (currentScope < Scope.SystemMessages)
{
propertyNotFound = true;
return(PropertyAccess.ContentLocked);
}
return(PropertyAccess.FormatString(string.Join(", ", Roles), format));
}
propertyNotFound = true;
return(string.Empty);
}